Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(377)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/sync/core_impl/sync_encryption_handler_impl_unittest.cc

Issue 2130453004: [Sync] Move //sync to //components/sync. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/sync/core_impl/sync_encryption_handler_impl.cc ('k') | components/sync/core_impl/sync_manager_impl.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2012 The Chromium Authors. All rights reserved. 1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "sync/internal_api/sync_encryption_handler_impl.h" 5 #include "components/sync/core_impl/sync_encryption_handler_impl.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include <memory> 9 #include <memory>
10 #include <string> 10 #include <string>
11 11
12 #include "base/base64.h" 12 #include "base/base64.h"
13 #include "base/json/json_string_value_serializer.h" 13 #include "base/json/json_string_value_serializer.h"
14 #include "base/run_loop.h" 14 #include "base/run_loop.h"
15 #include "base/tracked_objects.h" 15 #include "base/tracked_objects.h"
16 #include "sync/internal_api/public/base/model_type_test_util.h" 16 #include "components/sync/base/cryptographer.h"
17 #include "sync/internal_api/public/read_node.h" 17 #include "components/sync/base/model_type_test_util.h"
18 #include "sync/internal_api/public/read_transaction.h" 18 #include "components/sync/core/read_node.h"
19 #include "sync/internal_api/public/test/test_user_share.h" 19 #include "components/sync/core/read_transaction.h"
20 #include "sync/internal_api/public/write_node.h" 20 #include "components/sync/core/test/test_user_share.h"
21 #include "sync/internal_api/public/write_transaction.h" 21 #include "components/sync/core/write_node.h"
22 #include "sync/protocol/nigori_specifics.pb.h" 22 #include "components/sync/core/write_transaction.h"
23 #include "sync/protocol/sync.pb.h" 23 #include "components/sync/protocol/nigori_specifics.pb.h"
24 #include "sync/syncable/entry.h" 24 #include "components/sync/protocol/sync.pb.h"
25 #include "sync/syncable/mutable_entry.h" 25 #include "components/sync/syncable/entry.h"
26 #include "sync/syncable/syncable_write_transaction.h" 26 #include "components/sync/syncable/mutable_entry.h"
27 #include "sync/test/engine/test_id_factory.h" 27 #include "components/sync/syncable/syncable_write_transaction.h"
28 #include "sync/test/fake_encryptor.h" 28 #include "components/sync/test/engine/test_id_factory.h"
29 #include "sync/util/cryptographer.h" 29 #include "components/sync/test/fake_encryptor.h"
30 #include "testing/gmock/include/gmock/gmock.h" 30 #include "testing/gmock/include/gmock/gmock.h"
31 #include "testing/gtest/include/gtest/gtest.h" 31 #include "testing/gtest/include/gtest/gtest.h"
32 32
33 namespace syncer { 33 namespace syncer {
34 34
35 namespace { 35 namespace {
36 36
37 using ::testing::_; 37 using ::testing::_;
38 using ::testing::AnyNumber; 38 using ::testing::AnyNumber;
39 using ::testing::AtLeast; 39 using ::testing::AtLeast;
40 using ::testing::Mock; 40 using ::testing::Mock;
41 using ::testing::SaveArg; 41 using ::testing::SaveArg;
42 using ::testing::StrictMock; 42 using ::testing::StrictMock;
43 43
44 // The raw keystore key the server sends. 44 // The raw keystore key the server sends.
45 static const char kRawKeystoreKey[] = "keystore_key"; 45 static const char kRawKeystoreKey[] = "keystore_key";
46 // Base64 encoded version of |kRawKeystoreKey|. 46 // Base64 encoded version of |kRawKeystoreKey|.
47 static const char kKeystoreKey[] = "a2V5c3RvcmVfa2V5"; 47 static const char kKeystoreKey[] = "a2V5c3RvcmVfa2V5";
48 48
49 class SyncEncryptionHandlerObserverMock 49 class SyncEncryptionHandlerObserverMock
50 : public SyncEncryptionHandler::Observer { 50 : public SyncEncryptionHandler::Observer {
51 public: 51 public:
52 MOCK_METHOD2(OnPassphraseRequired, 52 MOCK_METHOD2(OnPassphraseRequired,
53 void(PassphraseRequiredReason, 53 void(PassphraseRequiredReason,
54 const sync_pb::EncryptedData&)); // NOLINT 54 const sync_pb::EncryptedData&)); // NOLINT
55 MOCK_METHOD0(OnPassphraseAccepted, void()); // NOLINT 55 MOCK_METHOD0(OnPassphraseAccepted, void()); // NOLINT
56 MOCK_METHOD2(OnBootstrapTokenUpdated, 56 MOCK_METHOD2(OnBootstrapTokenUpdated,
57 void(const std::string&, BootstrapTokenType type)); // NOLINT 57 void(const std::string&, BootstrapTokenType type)); // NOLINT
58 MOCK_METHOD2(OnEncryptedTypesChanged, 58 MOCK_METHOD2(OnEncryptedTypesChanged, void(ModelTypeSet, bool)); // NOLINT
59 void(ModelTypeSet, bool)); // NOLINT 59 MOCK_METHOD0(OnEncryptionComplete, void()); // NOLINT
60 MOCK_METHOD0(OnEncryptionComplete, void()); // NOLINT
61 MOCK_METHOD1(OnCryptographerStateChanged, void(Cryptographer*)); // NOLINT 60 MOCK_METHOD1(OnCryptographerStateChanged, void(Cryptographer*)); // NOLINT
62 MOCK_METHOD2(OnPassphraseTypeChanged, void(PassphraseType, 61 MOCK_METHOD2(OnPassphraseTypeChanged,
63 base::Time)); // NOLINT 62 void(PassphraseType,
63 base::Time)); // NOLINT
64 MOCK_METHOD1(OnLocalSetPassphraseEncryption, 64 MOCK_METHOD1(OnLocalSetPassphraseEncryption,
65 void(const SyncEncryptionHandler::NigoriState&)); // NOLINT 65 void(const SyncEncryptionHandler::NigoriState&)); // NOLINT
66 }; 66 };
67 67
68 google::protobuf::RepeatedPtrField<google::protobuf::string> 68 google::protobuf::RepeatedPtrField<google::protobuf::string>
69 BuildEncryptionKeyProto(const std::string& encryption_key) { 69 BuildEncryptionKeyProto(const std::string& encryption_key) {
70 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; 70 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
71 keys.Add()->assign(encryption_key); 71 keys.Add()->assign(encryption_key);
72 return keys; 72 return keys;
73 } 73 }
(...skipping 28 matching lines...) Expand all
102 std::string() /* keystore key for bootstrapping */)); 102 std::string() /* keystore key for bootstrapping */));
103 encryption_handler_->AddObserver(&observer_); 103 encryption_handler_->AddObserver(&observer_);
104 } 104 }
105 105
106 void CreateRootForType(ModelType model_type) { 106 void CreateRootForType(ModelType model_type) {
107 syncer::syncable::Directory* directory = user_share()->directory.get(); 107 syncer::syncable::Directory* directory = user_share()->directory.get();
108 108
109 std::string tag_name = ModelTypeToRootTag(model_type); 109 std::string tag_name = ModelTypeToRootTag(model_type);
110 110
111 syncable::WriteTransaction wtrans(FROM_HERE, syncable::UNITTEST, directory); 111 syncable::WriteTransaction wtrans(FROM_HERE, syncable::UNITTEST, directory);
112 syncable::MutableEntry node(&wtrans, 112 syncable::MutableEntry node(&wtrans, syncable::CREATE, model_type,
113 syncable::CREATE, 113 wtrans.root_id(), tag_name);
114 model_type,
115 wtrans.root_id(),
116 tag_name);
117 node.PutUniqueServerTag(tag_name); 114 node.PutUniqueServerTag(tag_name);
118 node.PutIsDir(true); 115 node.PutIsDir(true);
119 node.PutServerIsDir(false); 116 node.PutServerIsDir(false);
120 node.PutIsUnsynced(false); 117 node.PutIsUnsynced(false);
121 node.PutIsUnappliedUpdate(false); 118 node.PutIsUnappliedUpdate(false);
122 node.PutServerVersion(20); 119 node.PutServerVersion(20);
123 node.PutBaseVersion(20); 120 node.PutBaseVersion(20);
124 node.PutIsDel(false); 121 node.PutIsDel(false);
125 node.PutId(ids_.MakeServer(tag_name)); 122 node.PutId(ids_.MakeServer(tag_name));
126 sync_pb::EntitySpecifics specifics; 123 sync_pb::EntitySpecifics specifics;
127 syncer::AddDefaultFieldValue(model_type, &specifics); 124 syncer::AddDefaultFieldValue(model_type, &specifics);
128 node.PutSpecifics(specifics); 125 node.PutSpecifics(specifics);
129 } 126 }
130 127
131 void PumpLoop() { 128 void PumpLoop() { base::RunLoop().RunUntilIdle(); }
132 base::RunLoop().RunUntilIdle();
133 }
134 129
135 // Getters for tests. 130 // Getters for tests.
136 UserShare* user_share() { return test_user_share_.user_share(); } 131 UserShare* user_share() { return test_user_share_.user_share(); }
137 SyncEncryptionHandlerImpl* encryption_handler() { 132 SyncEncryptionHandlerImpl* encryption_handler() {
138 return encryption_handler_.get(); 133 return encryption_handler_.get();
139 } 134 }
140 SyncEncryptionHandlerObserverMock* observer() { return &observer_; } 135 SyncEncryptionHandlerObserverMock* observer() { return &observer_; }
141 Cryptographer* GetCryptographer() { 136 Cryptographer* GetCryptographer() {
142 return encryption_handler_->GetCryptographerUnsafe(); 137 return encryption_handler_->GetCryptographerUnsafe();
143 } 138 }
144 139
145 void VerifyMigratedNigori(PassphraseType passphrase_type, 140 void VerifyMigratedNigori(PassphraseType passphrase_type,
146 const std::string& passphrase) { 141 const std::string& passphrase) {
147 VerifyMigratedNigoriWithTimestamp(0, passphrase_type, passphrase); 142 VerifyMigratedNigoriWithTimestamp(0, passphrase_type, passphrase);
148 } 143 }
(...skipping 11 matching lines...) Expand all
160 EXPECT_TRUE(nigori.has_keystore_migration_time()); 155 EXPECT_TRUE(nigori.has_keystore_migration_time());
161 EXPECT_TRUE(nigori.keybag_is_frozen()); 156 EXPECT_TRUE(nigori.keybag_is_frozen());
162 if (passphrase_type == CUSTOM_PASSPHRASE || 157 if (passphrase_type == CUSTOM_PASSPHRASE ||
163 passphrase_type == FROZEN_IMPLICIT_PASSPHRASE) { 158 passphrase_type == FROZEN_IMPLICIT_PASSPHRASE) {
164 EXPECT_TRUE(nigori.encrypt_everything()); 159 EXPECT_TRUE(nigori.encrypt_everything());
165 EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty()); 160 EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty());
166 if (passphrase_type == CUSTOM_PASSPHRASE) { 161 if (passphrase_type == CUSTOM_PASSPHRASE) {
167 EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE, 162 EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE,
168 nigori.passphrase_type()); 163 nigori.passphrase_type());
169 if (!encryption_handler()->custom_passphrase_time().is_null()) { 164 if (!encryption_handler()->custom_passphrase_time().is_null()) {
170 EXPECT_EQ(nigori.custom_passphrase_time(), 165 EXPECT_EQ(
171 TimeToProtoTime( 166 nigori.custom_passphrase_time(),
172 encryption_handler()->custom_passphrase_time())); 167 TimeToProtoTime(encryption_handler()->custom_passphrase_time()));
173 } 168 }
174 } else { 169 } else {
175 EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE, 170 EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE,
176 nigori.passphrase_type()); 171 nigori.passphrase_type());
177 } 172 }
178 } else { 173 } else {
179 EXPECT_FALSE(nigori.encrypt_everything()); 174 EXPECT_FALSE(nigori.encrypt_everything());
180 EXPECT_FALSE(nigori.keystore_decryptor_token().blob().empty()); 175 EXPECT_FALSE(nigori.keystore_decryptor_token().blob().empty());
181 EXPECT_EQ(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE, 176 EXPECT_EQ(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE,
182 nigori.passphrase_type()); 177 nigori.passphrase_type());
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
214 EXPECT_TRUE(other_cryptographer.is_ready()); 209 EXPECT_TRUE(other_cryptographer.is_ready());
215 210
216 sync_pb::NigoriSpecifics nigori; 211 sync_pb::NigoriSpecifics nigori;
217 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 212 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
218 nigori.set_keybag_is_frozen(true); 213 nigori.set_keybag_is_frozen(true);
219 nigori.set_keystore_migration_time(migration_time); 214 nigori.set_keystore_migration_time(migration_time);
220 215
221 if (passphrase_type == KEYSTORE_PASSPHRASE) { 216 if (passphrase_type == KEYSTORE_PASSPHRASE) {
222 sync_pb::EncryptedData keystore_decryptor_token; 217 sync_pb::EncryptedData keystore_decryptor_token;
223 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 218 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
224 other_cryptographer, 219 other_cryptographer, keystore_key, &keystore_decryptor_token));
225 keystore_key,
226 &keystore_decryptor_token));
227 nigori.mutable_keystore_decryptor_token()->CopyFrom( 220 nigori.mutable_keystore_decryptor_token()->CopyFrom(
228 keystore_decryptor_token); 221 keystore_decryptor_token);
229 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 222 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
230 } else { 223 } else {
231 nigori.set_encrypt_everything(true); 224 nigori.set_encrypt_everything(true);
232 nigori.set_passphrase_type( 225 nigori.set_passphrase_type(
233 passphrase_type == CUSTOM_PASSPHRASE ? 226 passphrase_type == CUSTOM_PASSPHRASE
234 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE : 227 ? sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE
235 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); 228 : sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
236 } 229 }
237 return nigori; 230 return nigori;
238 } 231 }
239 232
240 // Build a migrated nigori node with the specified default passphrase 233 // Build a migrated nigori node with the specified default passphrase
241 // and keystore key and initialize the encryption handler with it. 234 // and keystore key and initialize the encryption handler with it.
242 void InitKeystoreMigratedNigori(int64_t migration_time, 235 void InitKeystoreMigratedNigori(int64_t migration_time,
243 const std::string& default_passphrase, 236 const std::string& default_passphrase,
244 const std::string& keystore_key) { 237 const std::string& keystore_key) {
245 { 238 {
246 WriteTransaction trans(FROM_HERE, user_share()); 239 WriteTransaction trans(FROM_HERE, user_share());
247 WriteNode nigori_node(&trans); 240 WriteNode nigori_node(&trans);
248 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 241 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
249 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( 242 sync_pb::NigoriSpecifics nigori =
250 KEYSTORE_PASSPHRASE, 243 BuildMigratedNigori(KEYSTORE_PASSPHRASE, migration_time,
251 migration_time, 244 default_passphrase, keystore_key);
252 default_passphrase,
253 keystore_key);
254 nigori_node.SetNigoriSpecifics(nigori); 245 nigori_node.SetNigoriSpecifics(nigori);
255 } 246 }
256 247
257 EXPECT_CALL(*observer(), 248 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
258 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
259 EXPECT_CALL(*observer(), 249 EXPECT_CALL(*observer(),
260 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 250 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
261 EXPECT_CALL(*observer(), 251 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1));
262 OnCryptographerStateChanged(_)).Times(AtLeast(1)); 252 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
263 EXPECT_CALL(*observer(), 253 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1));
264 OnEncryptedTypesChanged(_, false));
265 EXPECT_CALL(*observer(),
266 OnEncryptionComplete()).Times(AtLeast(1));
267 encryption_handler()->Init(); 254 encryption_handler()->Init();
268 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 255 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
269 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 256 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
270 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 257 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
271 Mock::VerifyAndClearExpectations(observer()); 258 Mock::VerifyAndClearExpectations(observer());
272 } 259 }
273 260
274 // Build a migrated nigori node with the specified default passphrase 261 // Build a migrated nigori node with the specified default passphrase
275 // as a custom passphrase. 262 // as a custom passphrase.
276 void InitCustomPassMigratedNigori(int64_t migration_time, 263 void InitCustomPassMigratedNigori(int64_t migration_time,
277 const std::string& default_passphrase) { 264 const std::string& default_passphrase) {
278 { 265 {
279 WriteTransaction trans(FROM_HERE, user_share()); 266 WriteTransaction trans(FROM_HERE, user_share());
280 WriteNode nigori_node(&trans); 267 WriteNode nigori_node(&trans);
281 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 268 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
282 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( 269 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
283 CUSTOM_PASSPHRASE, 270 CUSTOM_PASSPHRASE, migration_time, default_passphrase, kKeystoreKey);
284 migration_time,
285 default_passphrase,
286 kKeystoreKey);
287 nigori_node.SetNigoriSpecifics(nigori); 271 nigori_node.SetNigoriSpecifics(nigori);
288 } 272 }
289 273
290 EXPECT_CALL(*observer(), 274 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
291 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); 275 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1));
292 EXPECT_CALL(*observer(), 276 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true))
293 OnCryptographerStateChanged(_)).Times(AtLeast(1)); 277 .Times(AtLeast(1));
294 EXPECT_CALL(*observer(), 278 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1));
295 OnEncryptedTypesChanged(_, true)).Times(AtLeast(1));
296 EXPECT_CALL(*observer(),
297 OnEncryptionComplete()).Times(AtLeast(1));
298 encryption_handler()->Init(); 279 encryption_handler()->Init();
299 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 280 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
300 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); 281 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
301 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 282 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
302 Mock::VerifyAndClearExpectations(observer()); 283 Mock::VerifyAndClearExpectations(observer());
303 } 284 }
304 285
305 // Build an unmigrated nigori node with the specified passphrase and type and 286 // Build an unmigrated nigori node with the specified passphrase and type and
306 // initialize the encryption handler with it. 287 // initialize the encryption handler with it.
307 void InitUnmigratedNigori(const std::string& default_passphrase, 288 void InitUnmigratedNigori(const std::string& default_passphrase,
308 PassphraseType passphrase_type) { 289 PassphraseType passphrase_type) {
309 DCHECK_NE(passphrase_type, FROZEN_IMPLICIT_PASSPHRASE); 290 DCHECK_NE(passphrase_type, FROZEN_IMPLICIT_PASSPHRASE);
310 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 291 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
311 KeyParams default_key = {"localhost", "dummy", default_passphrase}; 292 KeyParams default_key = {"localhost", "dummy", default_passphrase};
312 other_cryptographer.AddKey(default_key); 293 other_cryptographer.AddKey(default_key);
313 EXPECT_TRUE(other_cryptographer.is_ready()); 294 EXPECT_TRUE(other_cryptographer.is_ready());
314 295
315 { 296 {
316 WriteTransaction trans(FROM_HERE, user_share()); 297 WriteTransaction trans(FROM_HERE, user_share());
317 WriteNode nigori_node(&trans); 298 WriteNode nigori_node(&trans);
318 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 299 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
319 sync_pb::NigoriSpecifics nigori; 300 sync_pb::NigoriSpecifics nigori;
320 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 301 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
321 nigori.set_keybag_is_frozen(passphrase_type == CUSTOM_PASSPHRASE); 302 nigori.set_keybag_is_frozen(passphrase_type == CUSTOM_PASSPHRASE);
322 nigori_node.SetNigoriSpecifics(nigori); 303 nigori_node.SetNigoriSpecifics(nigori);
323 } 304 }
324 305
325 if (passphrase_type != IMPLICIT_PASSPHRASE) { 306 if (passphrase_type != IMPLICIT_PASSPHRASE) {
326 EXPECT_CALL(*observer(), 307 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(passphrase_type, _));
327 OnPassphraseTypeChanged(passphrase_type, _));
328 } 308 }
329 EXPECT_CALL(*observer(), 309 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AtLeast(1));
330 OnCryptographerStateChanged(_)).Times(AtLeast(1)); 310 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
331 EXPECT_CALL(*observer(),
332 OnEncryptedTypesChanged(_, false));
333 encryption_handler()->Init(); 311 encryption_handler()->Init();
334 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 312 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
335 EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type); 313 EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type);
336 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 314 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
337 Mock::VerifyAndClearExpectations(observer()); 315 Mock::VerifyAndClearExpectations(observer());
338 } 316 }
339 317
340 // Verify we can restore the SyncEncryptionHandler state using a saved 318 // Verify we can restore the SyncEncryptionHandler state using a saved
341 // |bootstrap_token| and |nigori_state|. 319 // |bootstrap_token| and |nigori_state|.
342 // 320 //
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
380 358
381 StrictMock<SyncEncryptionHandlerObserverMock> observer2; 359 StrictMock<SyncEncryptionHandlerObserverMock> observer2;
382 SyncEncryptionHandlerImpl handler2(user_share(), &encryptor_, std::string(), 360 SyncEncryptionHandlerImpl handler2(user_share(), &encryptor_, std::string(),
383 std::string() /* bootstrap tokens */); 361 std::string() /* bootstrap tokens */);
384 handler2.AddObserver(&observer2); 362 handler2.AddObserver(&observer2);
385 363
386 // Just set the sensitive types (shouldn't trigger any notifications). 364 // Just set the sensitive types (shouldn't trigger any notifications).
387 ModelTypeSet encrypted_types(SyncEncryptionHandler::SensitiveTypes()); 365 ModelTypeSet encrypted_types(SyncEncryptionHandler::SensitiveTypes());
388 { 366 {
389 WriteTransaction trans(FROM_HERE, user_share()); 367 WriteTransaction trans(FROM_HERE, user_share());
390 encryption_handler()->MergeEncryptedTypes( 368 encryption_handler()->MergeEncryptedTypes(encrypted_types,
391 encrypted_types, 369 trans.GetWrappedTrans());
392 trans.GetWrappedTrans());
393 encryption_handler()->UpdateNigoriFromEncryptedTypes( 370 encryption_handler()->UpdateNigoriFromEncryptedTypes(
394 &nigori, 371 &nigori, trans.GetWrappedTrans());
395 trans.GetWrappedTrans());
396 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); 372 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
397 } 373 }
398 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); 374 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe());
399 EXPECT_EQ(encrypted_types, handler2.GetEncryptedTypesUnsafe()); 375 EXPECT_EQ(encrypted_types, handler2.GetEncryptedTypesUnsafe());
400 376
401 Mock::VerifyAndClearExpectations(observer()); 377 Mock::VerifyAndClearExpectations(observer());
402 Mock::VerifyAndClearExpectations(&observer2); 378 Mock::VerifyAndClearExpectations(&observer2);
403 379
404 ModelTypeSet encrypted_user_types = EncryptableUserTypes(); 380 ModelTypeSet encrypted_user_types = EncryptableUserTypes();
405 381
406 EXPECT_CALL(*observer(), 382 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(
407 OnEncryptedTypesChanged( 383 HasModelTypes(encrypted_user_types), false));
408 HasModelTypes(encrypted_user_types), false)); 384 EXPECT_CALL(observer2, OnEncryptedTypesChanged(
409 EXPECT_CALL(observer2, 385 HasModelTypes(encrypted_user_types), false));
410 OnEncryptedTypesChanged(
411 HasModelTypes(encrypted_user_types), false));
412 386
413 // Set all encrypted types 387 // Set all encrypted types
414 encrypted_types = EncryptableUserTypes(); 388 encrypted_types = EncryptableUserTypes();
415 { 389 {
416 WriteTransaction trans(FROM_HERE, user_share()); 390 WriteTransaction trans(FROM_HERE, user_share());
417 encryption_handler()->MergeEncryptedTypes( 391 encryption_handler()->MergeEncryptedTypes(encrypted_types,
418 encrypted_types, 392 trans.GetWrappedTrans());
419 trans.GetWrappedTrans());
420 encryption_handler()->UpdateNigoriFromEncryptedTypes( 393 encryption_handler()->UpdateNigoriFromEncryptedTypes(
421 &nigori, 394 &nigori, trans.GetWrappedTrans());
422 trans.GetWrappedTrans());
423 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); 395 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
424 } 396 }
425 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); 397 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe());
426 EXPECT_EQ(encrypted_types, handler2.GetEncryptedTypesUnsafe()); 398 EXPECT_EQ(encrypted_types, handler2.GetEncryptedTypesUnsafe());
427 399
428 // Receiving an empty nigori should not reset any encrypted types or trigger 400 // Receiving an empty nigori should not reset any encrypted types or trigger
429 // an observer notification. 401 // an observer notification.
430 Mock::VerifyAndClearExpectations(observer()); 402 Mock::VerifyAndClearExpectations(observer());
431 Mock::VerifyAndClearExpectations(&observer2); 403 Mock::VerifyAndClearExpectations(&observer2);
432 nigori = sync_pb::NigoriSpecifics(); 404 nigori = sync_pb::NigoriSpecifics();
433 { 405 {
434 WriteTransaction trans(FROM_HERE, user_share()); 406 WriteTransaction trans(FROM_HERE, user_share());
435 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans()); 407 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
436 } 408 }
437 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe()); 409 EXPECT_EQ(encrypted_types, encryption_handler()->GetEncryptedTypesUnsafe());
438 } 410 }
439 411
440 // Verify the encryption handler processes the encrypt everything field 412 // Verify the encryption handler processes the encrypt everything field
441 // properly. 413 // properly.
442 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingExplicit) { 414 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingExplicit) {
443 sync_pb::NigoriSpecifics nigori; 415 sync_pb::NigoriSpecifics nigori;
444 nigori.set_encrypt_everything(true); 416 nigori.set_encrypt_everything(true);
445 417
446 EXPECT_CALL(*observer(), 418 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(
447 OnEncryptedTypesChanged( 419 HasModelTypes(EncryptableUserTypes()), true));
448 HasModelTypes(EncryptableUserTypes()), true));
449 420
450 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 421 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
451 ModelTypeSet encrypted_types = 422 ModelTypeSet encrypted_types =
452 encryption_handler()->GetEncryptedTypesUnsafe(); 423 encryption_handler()->GetEncryptedTypesUnsafe();
453 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); 424 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types);
454 425
455 { 426 {
456 WriteTransaction trans(FROM_HERE, user_share()); 427 WriteTransaction trans(FROM_HERE, user_share());
457 encryption_handler()->UpdateEncryptedTypesFromNigori( 428 encryption_handler()->UpdateEncryptedTypesFromNigori(
458 nigori, 429 nigori, trans.GetWrappedTrans());
459 trans.GetWrappedTrans());
460 } 430 }
461 431
462 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 432 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
463 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); 433 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
464 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes())); 434 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes()));
465 435
466 // Receiving the nigori node again shouldn't trigger another notification. 436 // Receiving the nigori node again shouldn't trigger another notification.
467 Mock::VerifyAndClearExpectations(observer()); 437 Mock::VerifyAndClearExpectations(observer());
468 { 438 {
469 WriteTransaction trans(FROM_HERE, user_share()); 439 WriteTransaction trans(FROM_HERE, user_share());
470 encryption_handler()->UpdateEncryptedTypesFromNigori( 440 encryption_handler()->UpdateEncryptedTypesFromNigori(
471 nigori, 441 nigori, trans.GetWrappedTrans());
472 trans.GetWrappedTrans());
473 } 442 }
474 } 443 }
475 444
476 // Verify the encryption handler can detect an implicit encrypt everything state 445 // Verify the encryption handler can detect an implicit encrypt everything state
477 // (from clients that failed to write the encrypt everything field). 446 // (from clients that failed to write the encrypt everything field).
478 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingImplicit) { 447 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingImplicit) {
479 sync_pb::NigoriSpecifics nigori; 448 sync_pb::NigoriSpecifics nigori;
480 nigori.set_encrypt_bookmarks(true); // Non-passwords = encrypt everything 449 nigori.set_encrypt_bookmarks(true); // Non-passwords = encrypt everything
481 450
482 EXPECT_CALL(*observer(), 451 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(
483 OnEncryptedTypesChanged( 452 HasModelTypes(EncryptableUserTypes()), true));
484 HasModelTypes(EncryptableUserTypes()), true));
485 453
486 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 454 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
487 ModelTypeSet encrypted_types = 455 ModelTypeSet encrypted_types =
488 encryption_handler()->GetEncryptedTypesUnsafe(); 456 encryption_handler()->GetEncryptedTypesUnsafe();
489 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); 457 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types);
490 458
491 { 459 {
492 WriteTransaction trans(FROM_HERE, user_share()); 460 WriteTransaction trans(FROM_HERE, user_share());
493 encryption_handler()->UpdateEncryptedTypesFromNigori( 461 encryption_handler()->UpdateEncryptedTypesFromNigori(
494 nigori, 462 nigori, trans.GetWrappedTrans());
495 trans.GetWrappedTrans());
496 } 463 }
497 464
498 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 465 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
499 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); 466 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
500 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes())); 467 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes()));
501 468
502 // Receiving a nigori node with encrypt everything explicitly set shouldn't 469 // Receiving a nigori node with encrypt everything explicitly set shouldn't
503 // trigger another notification. 470 // trigger another notification.
504 Mock::VerifyAndClearExpectations(observer()); 471 Mock::VerifyAndClearExpectations(observer());
505 nigori.set_encrypt_everything(true); 472 nigori.set_encrypt_everything(true);
506 { 473 {
507 WriteTransaction trans(FROM_HERE, user_share()); 474 WriteTransaction trans(FROM_HERE, user_share());
508 encryption_handler()->UpdateEncryptedTypesFromNigori( 475 encryption_handler()->UpdateEncryptedTypesFromNigori(
509 nigori, 476 nigori, trans.GetWrappedTrans());
510 trans.GetWrappedTrans());
511 } 477 }
512 } 478 }
513 479
514 // Verify the encryption handler can deal with new versions treating new types 480 // Verify the encryption handler can deal with new versions treating new types
515 // as Sensitive, and that it does not consider this an implicit encrypt 481 // as Sensitive, and that it does not consider this an implicit encrypt
516 // everything case. 482 // everything case.
517 TEST_F(SyncEncryptionHandlerImplTest, UnknownSensitiveTypes) { 483 TEST_F(SyncEncryptionHandlerImplTest, UnknownSensitiveTypes) {
518 sync_pb::NigoriSpecifics nigori; 484 sync_pb::NigoriSpecifics nigori;
519 nigori.set_encrypt_everything(false); 485 nigori.set_encrypt_everything(false);
520 nigori.set_encrypt_bookmarks(true); 486 nigori.set_encrypt_bookmarks(true);
521 487
522 ModelTypeSet expected_encrypted_types = 488 ModelTypeSet expected_encrypted_types =
523 SyncEncryptionHandler::SensitiveTypes(); 489 SyncEncryptionHandler::SensitiveTypes();
524 expected_encrypted_types.Put(BOOKMARKS); 490 expected_encrypted_types.Put(BOOKMARKS);
525 491
526 EXPECT_CALL(*observer(), 492 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(
527 OnEncryptedTypesChanged( 493 HasModelTypes(expected_encrypted_types), false));
528 HasModelTypes(expected_encrypted_types), false));
529 494
530 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 495 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
531 ModelTypeSet encrypted_types = 496 ModelTypeSet encrypted_types =
532 encryption_handler()->GetEncryptedTypesUnsafe(); 497 encryption_handler()->GetEncryptedTypesUnsafe();
533 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types); 498 EXPECT_EQ(ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS), encrypted_types);
534 499
535 { 500 {
536 WriteTransaction trans(FROM_HERE, user_share()); 501 WriteTransaction trans(FROM_HERE, user_share());
537 encryption_handler()->UpdateEncryptedTypesFromNigori( 502 encryption_handler()->UpdateEncryptedTypesFromNigori(
538 nigori, 503 nigori, trans.GetWrappedTrans());
539 trans.GetWrappedTrans());
540 } 504 }
541 505
542 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 506 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
543 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe(); 507 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
544 EXPECT_EQ(ModelTypeSet(BOOKMARKS, PASSWORDS, WIFI_CREDENTIALS), 508 EXPECT_EQ(ModelTypeSet(BOOKMARKS, PASSWORDS, WIFI_CREDENTIALS),
545 encrypted_types); 509 encrypted_types);
546 } 510 }
547 511
548 // Receive an old nigori with old encryption keys and encrypted types. We should 512 // Receive an old nigori with old encryption keys and encrypted types. We should
549 // not revert our default key or encrypted types, and should post a task to 513 // not revert our default key or encrypted types, and should post a task to
550 // overwrite the existing nigori with the correct data. 514 // overwrite the existing nigori with the correct data.
551 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldNigori) { 515 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldNigori) {
552 KeyParams old_key = {"localhost", "dummy", "old"}; 516 KeyParams old_key = {"localhost", "dummy", "old"};
553 KeyParams current_key = {"localhost", "dummy", "cur"}; 517 KeyParams current_key = {"localhost", "dummy", "cur"};
554 518
555 // Data for testing encryption/decryption. 519 // Data for testing encryption/decryption.
556 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 520 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
557 other_cryptographer.AddKey(old_key); 521 other_cryptographer.AddKey(old_key);
558 sync_pb::EntitySpecifics other_encrypted_specifics; 522 sync_pb::EntitySpecifics other_encrypted_specifics;
559 other_encrypted_specifics.mutable_bookmark()->set_title("title"); 523 other_encrypted_specifics.mutable_bookmark()->set_title("title");
560 other_cryptographer.Encrypt( 524 other_cryptographer.Encrypt(other_encrypted_specifics,
561 other_encrypted_specifics, 525 other_encrypted_specifics.mutable_encrypted());
562 other_encrypted_specifics.mutable_encrypted());
563 sync_pb::EntitySpecifics our_encrypted_specifics; 526 sync_pb::EntitySpecifics our_encrypted_specifics;
564 our_encrypted_specifics.mutable_bookmark()->set_title("title2"); 527 our_encrypted_specifics.mutable_bookmark()->set_title("title2");
565 ModelTypeSet encrypted_types = EncryptableUserTypes(); 528 ModelTypeSet encrypted_types = EncryptableUserTypes();
566 529
567 // Set up the current encryption state (containing both keys and encrypt 530 // Set up the current encryption state (containing both keys and encrypt
568 // everything). 531 // everything).
569 sync_pb::NigoriSpecifics current_nigori_specifics; 532 sync_pb::NigoriSpecifics current_nigori_specifics;
570 GetCryptographer()->AddKey(old_key); 533 GetCryptographer()->AddKey(old_key);
571 GetCryptographer()->AddKey(current_key); 534 GetCryptographer()->AddKey(current_key);
572 GetCryptographer()->Encrypt( 535 GetCryptographer()->Encrypt(our_encrypted_specifics,
573 our_encrypted_specifics, 536 our_encrypted_specifics.mutable_encrypted());
574 our_encrypted_specifics.mutable_encrypted());
575 GetCryptographer()->GetKeys( 537 GetCryptographer()->GetKeys(
576 current_nigori_specifics.mutable_encryption_keybag()); 538 current_nigori_specifics.mutable_encryption_keybag());
577 current_nigori_specifics.set_encrypt_everything(true); 539 current_nigori_specifics.set_encrypt_everything(true);
578 540
579 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); 541 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
580 EXPECT_CALL(*observer(), OnEncryptedTypesChanged( 542 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(
581 HasModelTypes(EncryptableUserTypes()), true)); 543 HasModelTypes(EncryptableUserTypes()), true));
582 { 544 {
583 // Update the encryption handler. 545 // Update the encryption handler.
584 WriteTransaction trans(FROM_HERE, user_share()); 546 WriteTransaction trans(FROM_HERE, user_share());
585 encryption_handler()->ApplyNigoriUpdate( 547 encryption_handler()->ApplyNigoriUpdate(current_nigori_specifics,
586 current_nigori_specifics, 548 trans.GetWrappedTrans());
587 trans.GetWrappedTrans());
588 } 549 }
589 Mock::VerifyAndClearExpectations(observer()); 550 Mock::VerifyAndClearExpectations(observer());
590 551
591 // Now set up the old nigori specifics and apply it on top. 552 // Now set up the old nigori specifics and apply it on top.
592 // Has an old set of keys, and no encrypted types. 553 // Has an old set of keys, and no encrypted types.
593 sync_pb::NigoriSpecifics old_nigori; 554 sync_pb::NigoriSpecifics old_nigori;
594 other_cryptographer.GetKeys(old_nigori.mutable_encryption_keybag()); 555 other_cryptographer.GetKeys(old_nigori.mutable_encryption_keybag());
595 556
596 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); 557 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
597 { 558 {
598 // Update the encryption handler. 559 // Update the encryption handler.
599 WriteTransaction trans(FROM_HERE, user_share()); 560 WriteTransaction trans(FROM_HERE, user_share());
600 encryption_handler()->ApplyNigoriUpdate( 561 encryption_handler()->ApplyNigoriUpdate(old_nigori,
601 old_nigori, 562 trans.GetWrappedTrans());
602 trans.GetWrappedTrans());
603 } 563 }
604 EXPECT_TRUE(GetCryptographer()->is_ready()); 564 EXPECT_TRUE(GetCryptographer()->is_ready());
605 EXPECT_FALSE(GetCryptographer()->has_pending_keys()); 565 EXPECT_FALSE(GetCryptographer()->has_pending_keys());
606 566
607 // Encryption handler should have posted a task to overwrite the old 567 // Encryption handler should have posted a task to overwrite the old
608 // specifics. 568 // specifics.
609 PumpLoop(); 569 PumpLoop();
610 570
611 { 571 {
612 // The cryptographer should be able to decrypt both sets of keys and still 572 // The cryptographer should be able to decrypt both sets of keys and still
613 // be encrypting with the newest, and the encrypted types should be the 573 // be encrypting with the newest, and the encrypted types should be the
614 // most recent. 574 // most recent.
615 // In addition, the nigori node should match the current encryption state. 575 // In addition, the nigori node should match the current encryption state.
616 ReadTransaction trans(FROM_HERE, user_share()); 576 ReadTransaction trans(FROM_HERE, user_share());
617 ReadNode nigori_node(&trans); 577 ReadNode nigori_node(&trans);
618 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 578 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
619 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics(); 579 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics();
620 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey( 580 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(
621 our_encrypted_specifics.encrypted())); 581 our_encrypted_specifics.encrypted()));
622 EXPECT_TRUE(GetCryptographer()->CanDecrypt( 582 EXPECT_TRUE(
623 other_encrypted_specifics.encrypted())); 583 GetCryptographer()->CanDecrypt(other_encrypted_specifics.encrypted()));
624 EXPECT_TRUE(GetCryptographer()->CanDecrypt(nigori.encryption_keybag())); 584 EXPECT_TRUE(GetCryptographer()->CanDecrypt(nigori.encryption_keybag()));
625 EXPECT_TRUE(nigori.encrypt_everything()); 585 EXPECT_TRUE(nigori.encrypt_everything());
626 EXPECT_TRUE( 586 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(
627 GetCryptographer()->CanDecryptUsingDefaultKey( 587 nigori.encryption_keybag()));
628 nigori.encryption_keybag()));
629 } 588 }
630 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 589 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
631 } 590 }
632 591
633 // Ensure setting the keystore key works, updates the bootstrap token, and 592 // Ensure setting the keystore key works, updates the bootstrap token, and
634 // triggers a non-backwards compatible migration. Then verify that the 593 // triggers a non-backwards compatible migration. Then verify that the
635 // bootstrap token can be correctly parsed by the encryption handler at startup 594 // bootstrap token can be correctly parsed by the encryption handler at startup
636 // time. 595 // time.
637 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreMigratesAndUpdatesBootstrap) { 596 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreMigratesAndUpdatesBootstrap) {
638 // Passing no keys should do nothing. 597 // Passing no keys should do nothing.
(...skipping 17 matching lines...) Expand all
656 keys.Add()->assign(kRawKeystoreKey); 615 keys.Add()->assign(kRawKeystoreKey);
657 616
658 // Pass them to the encryption handler, triggering a migration and bootstrap 617 // Pass them to the encryption handler, triggering a migration and bootstrap
659 // token update. 618 // token update.
660 std::string encoded_key; 619 std::string encoded_key;
661 std::string keystore_bootstrap; 620 std::string keystore_bootstrap;
662 EXPECT_CALL(*observer(), OnEncryptionComplete()); 621 EXPECT_CALL(*observer(), OnEncryptionComplete());
663 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)); 622 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_));
664 EXPECT_CALL(*observer(), OnPassphraseAccepted()); 623 EXPECT_CALL(*observer(), OnPassphraseAccepted());
665 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); 624 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
666 EXPECT_CALL(*observer(), 625 EXPECT_CALL(*observer(), OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN))
667 OnBootstrapTokenUpdated(_, 626 .WillOnce(SaveArg<0>(&keystore_bootstrap));
668 KEYSTORE_BOOTSTRAP_TOKEN)).
669 WillOnce(SaveArg<0>(&keystore_bootstrap));
670 { 627 {
671 WriteTransaction trans(FROM_HERE, user_share()); 628 WriteTransaction trans(FROM_HERE, user_share());
672 EXPECT_TRUE( 629 EXPECT_TRUE(
673 encryption_handler()->SetKeystoreKeys( 630 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans()));
674 keys,
675 trans.GetWrappedTrans()));
676 EXPECT_FALSE( 631 EXPECT_FALSE(
677 encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans())); 632 encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans()));
678 EXPECT_FALSE(GetCryptographer()->is_initialized()); 633 EXPECT_FALSE(GetCryptographer()->is_initialized());
679 } 634 }
680 PumpLoop(); 635 PumpLoop();
681 EXPECT_TRUE(GetCryptographer()->is_initialized()); 636 EXPECT_TRUE(GetCryptographer()->is_initialized());
682 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); 637 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
683 638
684 // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob 639 // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob
685 // of list values containing the keystore keys). 640 // of list values containing the keystore keys).
686 std::string decoded_bootstrap; 641 std::string decoded_bootstrap;
687 ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap)); 642 ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap));
688 std::string decrypted_bootstrap; 643 std::string decrypted_bootstrap;
689 ASSERT_TRUE( 644 ASSERT_TRUE(GetCryptographer()->encryptor()->DecryptString(
690 GetCryptographer()->encryptor()->DecryptString(decoded_bootstrap, 645 decoded_bootstrap, &decrypted_bootstrap));
691 &decrypted_bootstrap));
692 JSONStringValueDeserializer json(decrypted_bootstrap); 646 JSONStringValueDeserializer json(decrypted_bootstrap);
693 std::unique_ptr<base::Value> deserialized_keystore_keys( 647 std::unique_ptr<base::Value> deserialized_keystore_keys(
694 json.Deserialize(NULL, NULL)); 648 json.Deserialize(NULL, NULL));
695 ASSERT_TRUE(deserialized_keystore_keys.get()); 649 ASSERT_TRUE(deserialized_keystore_keys.get());
696 base::ListValue* keystore_list = NULL; 650 base::ListValue* keystore_list = NULL;
697 deserialized_keystore_keys->GetAsList(&keystore_list); 651 deserialized_keystore_keys->GetAsList(&keystore_list);
698 ASSERT_TRUE(keystore_list); 652 ASSERT_TRUE(keystore_list);
699 ASSERT_EQ(2U, keystore_list->GetSize()); 653 ASSERT_EQ(2U, keystore_list->GetSize());
700 std::string test_string; 654 std::string test_string;
701 keystore_list->GetString(0, &test_string); 655 keystore_list->GetString(0, &test_string);
702 ASSERT_EQ(old_keystore_key, test_string); 656 ASSERT_EQ(old_keystore_key, test_string);
703 keystore_list->GetString(1, &test_string); 657 keystore_list->GetString(1, &test_string);
704 ASSERT_EQ(kKeystoreKey, test_string); 658 ASSERT_EQ(kKeystoreKey, test_string);
705 659
706
707 // Now make sure a new encryption handler can correctly parse the bootstrap 660 // Now make sure a new encryption handler can correctly parse the bootstrap
708 // token. 661 // token.
709 SyncEncryptionHandlerImpl handler2(user_share(), &encryptor_, 662 SyncEncryptionHandlerImpl handler2(user_share(), &encryptor_,
710 std::string(), // Cryptographer bootstrap. 663 std::string(), // Cryptographer bootstrap.
711 keystore_bootstrap); 664 keystore_bootstrap);
712 665
713 { 666 {
714 WriteTransaction trans(FROM_HERE, user_share()); 667 WriteTransaction trans(FROM_HERE, user_share());
715 EXPECT_FALSE(handler2.NeedKeystoreKey(trans.GetWrappedTrans())); 668 EXPECT_FALSE(handler2.NeedKeystoreKey(trans.GetWrappedTrans()));
716 } 669 }
717 } 670 }
718 671
719 // Ensure GetKeystoreDecryptor only updates the keystore decryptor token if it 672 // Ensure GetKeystoreDecryptor only updates the keystore decryptor token if it
720 // wasn't already set properly. Otherwise, the decryptor should remain the 673 // wasn't already set properly. Otherwise, the decryptor should remain the
721 // same. 674 // same.
722 TEST_F(SyncEncryptionHandlerImplTest, GetKeystoreDecryptor) { 675 TEST_F(SyncEncryptionHandlerImplTest, GetKeystoreDecryptor) {
723 const char kCurKey[] = "cur"; 676 const char kCurKey[] = "cur";
724 sync_pb::EncryptedData encrypted; 677 sync_pb::EncryptedData encrypted;
725 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 678 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
726 KeyParams cur_key = {"localhost", "dummy", kCurKey}; 679 KeyParams cur_key = {"localhost", "dummy", kCurKey};
727 other_cryptographer.AddKey(cur_key); 680 other_cryptographer.AddKey(cur_key);
728 EXPECT_TRUE(other_cryptographer.is_ready()); 681 EXPECT_TRUE(other_cryptographer.is_ready());
729 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 682 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
730 other_cryptographer, 683 other_cryptographer, kKeystoreKey, &encrypted));
731 kKeystoreKey,
732 &encrypted));
733 std::string serialized = encrypted.SerializeAsString(); 684 std::string serialized = encrypted.SerializeAsString();
734 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 685 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
735 other_cryptographer, 686 other_cryptographer, kKeystoreKey, &encrypted));
736 kKeystoreKey,
737 &encrypted));
738 EXPECT_EQ(serialized, encrypted.SerializeAsString()); 687 EXPECT_EQ(serialized, encrypted.SerializeAsString());
739 } 688 }
740 689
741 // Test that we don't attempt to migrate while an implicit passphrase is pending 690 // Test that we don't attempt to migrate while an implicit passphrase is pending
742 // and that once we do decrypt pending keys we migrate the nigori. Once 691 // and that once we do decrypt pending keys we migrate the nigori. Once
743 // migrated, we should be in keystore passphrase state. 692 // migrated, we should be in keystore passphrase state.
744 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptImplicitPass) { 693 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptImplicitPass) {
745 const char kOtherKey[] = "other"; 694 const char kOtherKey[] = "other";
746 { 695 {
747 EXPECT_CALL(*observer(), 696 EXPECT_CALL(*observer(),
748 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 697 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
749 ReadTransaction trans(FROM_HERE, user_share()); 698 ReadTransaction trans(FROM_HERE, user_share());
750 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 699 encryption_handler()->SetKeystoreKeys(
751 kRawKeystoreKey), 700 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
752 trans.GetWrappedTrans());
753 Mock::VerifyAndClearExpectations(observer()); 701 Mock::VerifyAndClearExpectations(observer());
754 } 702 }
755 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 703 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
756 704
757 { 705 {
758 WriteTransaction trans(FROM_HERE, user_share()); 706 WriteTransaction trans(FROM_HERE, user_share());
759 WriteNode nigori_node(&trans); 707 WriteNode nigori_node(&trans);
760 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 708 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
761 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 709 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
762 KeyParams other_key = {"localhost", "dummy", kOtherKey}; 710 KeyParams other_key = {"localhost", "dummy", kOtherKey};
763 other_cryptographer.AddKey(other_key); 711 other_cryptographer.AddKey(other_key);
764 712
765 sync_pb::NigoriSpecifics nigori; 713 sync_pb::NigoriSpecifics nigori;
766 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 714 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
767 nigori.set_keybag_is_frozen(false); 715 nigori.set_keybag_is_frozen(false);
768 nigori.set_encrypt_everything(false); 716 nigori.set_encrypt_everything(false);
769 EXPECT_CALL(*observer(), 717 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
770 OnCryptographerStateChanged(_)).Times(AnyNumber()); 718 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
771 EXPECT_CALL(*observer(),
772 OnPassphraseRequired(_, _));
773 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); 719 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
774 nigori_node.SetNigoriSpecifics(nigori); 720 nigori_node.SetNigoriSpecifics(nigori);
775 } 721 }
776 // Run any tasks posted via AppplyNigoriUpdate. 722 // Run any tasks posted via AppplyNigoriUpdate.
777 PumpLoop(); 723 PumpLoop();
778 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 724 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
779 Mock::VerifyAndClearExpectations(observer()); 725 Mock::VerifyAndClearExpectations(observer());
780 726
781 EXPECT_CALL(*observer(), 727 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
782 OnCryptographerStateChanged(_)).Times(AnyNumber()); 728 EXPECT_CALL(*observer(), OnPassphraseAccepted());
783 EXPECT_CALL(*observer(), 729 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
784 OnPassphraseAccepted());
785 EXPECT_CALL(*observer(),
786 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
787 EXPECT_CALL(*observer(), 730 EXPECT_CALL(*observer(),
788 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 731 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
789 EXPECT_CALL(*observer(), 732 EXPECT_CALL(*observer(), OnEncryptionComplete());
790 OnEncryptionComplete());
791 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 733 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
792 encryption_handler()->SetDecryptionPassphrase(kOtherKey); 734 encryption_handler()->SetDecryptionPassphrase(kOtherKey);
793 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 735 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
794 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); 736 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
795 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kOtherKey); 737 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kOtherKey);
796 } 738 }
797 739
798 // Test that we don't attempt to migrate while a custom passphrase is pending, 740 // Test that we don't attempt to migrate while a custom passphrase is pending,
799 // and that once we do decrypt pending keys we migrate the nigori. Once 741 // and that once we do decrypt pending keys we migrate the nigori. Once
800 // migrated, we should be in custom passphrase state with encrypt everything. 742 // migrated, we should be in custom passphrase state with encrypt everything.
801 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) { 743 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) {
802 const char kOtherKey[] = "other"; 744 const char kOtherKey[] = "other";
803 { 745 {
804 EXPECT_CALL(*observer(), 746 EXPECT_CALL(*observer(),
805 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 747 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
806 ReadTransaction trans(FROM_HERE, user_share()); 748 ReadTransaction trans(FROM_HERE, user_share());
807 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 749 encryption_handler()->SetKeystoreKeys(
808 kRawKeystoreKey), 750 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
809 trans.GetWrappedTrans());
810 Mock::VerifyAndClearExpectations(observer()); 751 Mock::VerifyAndClearExpectations(observer());
811 } 752 }
812 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 753 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
813 754
814 { 755 {
815 WriteTransaction trans(FROM_HERE, user_share()); 756 WriteTransaction trans(FROM_HERE, user_share());
816 WriteNode nigori_node(&trans); 757 WriteNode nigori_node(&trans);
817 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 758 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
818 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 759 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
819 KeyParams other_key = {"localhost", "dummy", kOtherKey}; 760 KeyParams other_key = {"localhost", "dummy", kOtherKey};
820 other_cryptographer.AddKey(other_key); 761 other_cryptographer.AddKey(other_key);
821 762
822 sync_pb::NigoriSpecifics nigori; 763 sync_pb::NigoriSpecifics nigori;
823 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 764 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
824 nigori.set_keybag_is_frozen(true); 765 nigori.set_keybag_is_frozen(true);
825 nigori.set_encrypt_everything(false); 766 nigori.set_encrypt_everything(false);
826 EXPECT_CALL(*observer(), 767 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
827 OnCryptographerStateChanged(_)).Times(AnyNumber()); 768 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
828 EXPECT_CALL(*observer(), 769 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
829 OnPassphraseRequired(_, _));
830 EXPECT_CALL(*observer(),
831 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
832 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); 770 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
833 nigori_node.SetNigoriSpecifics(nigori); 771 nigori_node.SetNigoriSpecifics(nigori);
834 } 772 }
835 // Run any tasks posted via AppplyNigoriUpdate. 773 // Run any tasks posted via AppplyNigoriUpdate.
836 PumpLoop(); 774 PumpLoop();
837 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 775 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
838 Mock::VerifyAndClearExpectations(observer()); 776 Mock::VerifyAndClearExpectations(observer());
839 777
840 EXPECT_CALL(*observer(), 778 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
841 OnCryptographerStateChanged(_)).Times(AnyNumber()); 779 EXPECT_CALL(*observer(), OnPassphraseAccepted());
842 EXPECT_CALL(*observer(),
843 OnPassphraseAccepted());
844 std::string captured_bootstrap_token; 780 std::string captured_bootstrap_token;
845 EXPECT_CALL(*observer(), 781 EXPECT_CALL(*observer(),
846 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) 782 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
847 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); 783 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
848 EXPECT_CALL(*observer(), 784 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
849 OnEncryptedTypesChanged(_, true));
850 SyncEncryptionHandler::NigoriState captured_nigori_state; 785 SyncEncryptionHandler::NigoriState captured_nigori_state;
851 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 786 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
852 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 787 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
853 EXPECT_CALL(*observer(), 788 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2);
854 OnEncryptionComplete()).Times(2);
855 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 789 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
856 encryption_handler()->SetDecryptionPassphrase(kOtherKey); 790 encryption_handler()->SetDecryptionPassphrase(kOtherKey);
857 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 791 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
858 const base::Time migration_time = encryption_handler()->migration_time(); 792 const base::Time migration_time = encryption_handler()->migration_time();
859 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); 793 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
860 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kOtherKey); 794 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kOtherKey);
861 795
862 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kOtherKey, 796 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kOtherKey,
863 captured_bootstrap_token, 797 captured_bootstrap_token,
864 captured_nigori_state, CUSTOM_PASSPHRASE); 798 captured_nigori_state, CUSTOM_PASSPHRASE);
865 } 799 }
866 800
867 // Test that we trigger a migration when we set the keystore key, had an 801 // Test that we trigger a migration when we set the keystore key, had an
868 // implicit passphrase, and did not have encrypt everything. We should switch 802 // implicit passphrase, and did not have encrypt everything. We should switch
869 // to KEYSTORE_PASSPHRASE. 803 // to KEYSTORE_PASSPHRASE.
870 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) { 804 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) {
871 const char kCurKey[] = "cur"; 805 const char kCurKey[] = "cur";
872 KeyParams current_key = {"localhost", "dummy", kCurKey}; 806 KeyParams current_key = {"localhost", "dummy", kCurKey};
873 GetCryptographer()->AddKey(current_key); 807 GetCryptographer()->AddKey(current_key);
874 EXPECT_CALL(*observer(), 808 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
875 OnCryptographerStateChanged(_)).Times(AnyNumber()); 809 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
876 EXPECT_CALL(*observer(), 810 EXPECT_CALL(*observer(), OnEncryptionComplete());
877 OnEncryptedTypesChanged(_, false));
878 EXPECT_CALL(*observer(),
879 OnEncryptionComplete());
880 encryption_handler()->Init(); 811 encryption_handler()->Init();
881 Mock::VerifyAndClearExpectations(observer()); 812 Mock::VerifyAndClearExpectations(observer());
882 813
883 { 814 {
884 ReadTransaction trans(FROM_HERE, user_share()); 815 ReadTransaction trans(FROM_HERE, user_share());
885 // Once we provide a keystore key, we should perform the migration. 816 // Once we provide a keystore key, we should perform the migration.
886 EXPECT_CALL(*observer(), 817 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
887 OnCryptographerStateChanged(_)).Times(AnyNumber());
888 EXPECT_CALL(*observer(), 818 EXPECT_CALL(*observer(),
889 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 819 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
890 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 820 encryption_handler()->SetKeystoreKeys(
891 kRawKeystoreKey), 821 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
892 trans.GetWrappedTrans());
893 } 822 }
894 EXPECT_CALL(*observer(), 823 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
895 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
896 // The actual migration gets posted, so run all pending tasks. 824 // The actual migration gets posted, so run all pending tasks.
897 PumpLoop(); 825 PumpLoop();
898 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 826 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
899 EXPECT_EQ(KEYSTORE_PASSPHRASE, 827 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
900 encryption_handler()->GetPassphraseType());
901 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 828 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
902 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); 829 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
903 } 830 }
904 831
905 // Test that we trigger a migration when we set the keystore key, had an 832 // Test that we trigger a migration when we set the keystore key, had an
906 // implicit passphrase, and encrypt everything enabled. We should switch to 833 // implicit passphrase, and encrypt everything enabled. We should switch to
907 // FROZEN_IMPLICIT_PASSPHRASE. 834 // FROZEN_IMPLICIT_PASSPHRASE.
908 TEST_F(SyncEncryptionHandlerImplTest, 835 TEST_F(SyncEncryptionHandlerImplTest,
909 MigrateOnKeystoreKeyAvailableFrozenImplicit) { 836 MigrateOnKeystoreKeyAvailableFrozenImplicit) {
910 const char kCurKey[] = "cur"; 837 const char kCurKey[] = "cur";
911 KeyParams current_key = {"localhost", "dummy", kCurKey}; 838 KeyParams current_key = {"localhost", "dummy", kCurKey};
912 GetCryptographer()->AddKey(current_key); 839 GetCryptographer()->AddKey(current_key);
913 EXPECT_CALL(*observer(), 840 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
914 OnCryptographerStateChanged(_)).Times(AnyNumber()); 841 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
915 EXPECT_CALL(*observer(), 842 EXPECT_CALL(*observer(), OnEncryptionComplete());
916 OnEncryptedTypesChanged(_, false));
917 EXPECT_CALL(*observer(),
918 OnEncryptionComplete());
919 encryption_handler()->Init(); 843 encryption_handler()->Init();
920 Mock::VerifyAndClearExpectations(observer()); 844 Mock::VerifyAndClearExpectations(observer());
921 EXPECT_CALL(*observer(), 845 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
922 OnEncryptedTypesChanged(_, true));
923 SyncEncryptionHandler::NigoriState captured_nigori_state; 846 SyncEncryptionHandler::NigoriState captured_nigori_state;
924 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 847 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
925 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 848 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
926 EXPECT_CALL(*observer(), 849 EXPECT_CALL(*observer(), OnEncryptionComplete());
927 OnEncryptionComplete());
928 encryption_handler()->EnableEncryptEverything(); 850 encryption_handler()->EnableEncryptEverything();
929 851
930 { 852 {
931 ReadTransaction trans(FROM_HERE, user_share()); 853 ReadTransaction trans(FROM_HERE, user_share());
932 // Once we provide a keystore key, we should perform the migration. 854 // Once we provide a keystore key, we should perform the migration.
933 EXPECT_CALL(*observer(), 855 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
934 OnCryptographerStateChanged(_)).Times(AnyNumber());
935 EXPECT_CALL(*observer(), 856 EXPECT_CALL(*observer(),
936 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 857 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
937 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 858 encryption_handler()->SetKeystoreKeys(
938 kRawKeystoreKey), 859 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
939 trans.GetWrappedTrans());
940 } 860 }
941 EXPECT_CALL(*observer(), 861 EXPECT_CALL(*observer(),
942 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); 862 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
943 863
944 // The actual migration gets posted, so run all pending tasks. 864 // The actual migration gets posted, so run all pending tasks.
945 PumpLoop(); 865 PumpLoop();
946 Mock::VerifyAndClearExpectations(observer()); 866 Mock::VerifyAndClearExpectations(observer());
947 867
948 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 868 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
949 const base::Time migration_time = encryption_handler()->migration_time(); 869 const base::Time migration_time = encryption_handler()->migration_time();
(...skipping 11 matching lines...) Expand all
961 TimeToProtoTime(migration_time), kCurKey, passphrase_bootstrap_token, 881 TimeToProtoTime(migration_time), kCurKey, passphrase_bootstrap_token,
962 captured_nigori_state, FROZEN_IMPLICIT_PASSPHRASE); 882 captured_nigori_state, FROZEN_IMPLICIT_PASSPHRASE);
963 } 883 }
964 884
965 // Test that we trigger a migration when we set the keystore key, had a 885 // Test that we trigger a migration when we set the keystore key, had a
966 // custom passphrase, and encrypt everything enabled. The passphrase state 886 // custom passphrase, and encrypt everything enabled. The passphrase state
967 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same. 887 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same.
968 TEST_F(SyncEncryptionHandlerImplTest, 888 TEST_F(SyncEncryptionHandlerImplTest,
969 MigrateOnKeystoreKeyAvailableCustomWithEncryption) { 889 MigrateOnKeystoreKeyAvailableCustomWithEncryption) {
970 const char kCurKey[] = "cur"; 890 const char kCurKey[] = "cur";
971 EXPECT_CALL(*observer(), 891 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
972 OnCryptographerStateChanged(_)).Times(AnyNumber()); 892 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
973 EXPECT_CALL(*observer(), 893 EXPECT_CALL(*observer(), OnPassphraseAccepted());
974 OnPassphraseRequired(_, _)); 894 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
975 EXPECT_CALL(*observer(), 895 EXPECT_CALL(*observer(), OnEncryptionComplete());
976 OnPassphraseAccepted()); 896 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
977 EXPECT_CALL(*observer(),
978 OnEncryptedTypesChanged(_, false));
979 EXPECT_CALL(*observer(),
980 OnEncryptionComplete());
981 EXPECT_CALL(*observer(),
982 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
983 std::string captured_bootstrap_token; 897 std::string captured_bootstrap_token;
984 EXPECT_CALL(*observer(), 898 EXPECT_CALL(*observer(),
985 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) 899 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
986 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); 900 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
987 encryption_handler()->Init(); 901 encryption_handler()->Init();
988 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); 902 encryption_handler()->SetEncryptionPassphrase(kCurKey, true);
989 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); 903 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
990 Mock::VerifyAndClearExpectations(observer()); 904 Mock::VerifyAndClearExpectations(observer());
991 905
992 EXPECT_CALL(*observer(), 906 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
993 OnEncryptedTypesChanged(_, true)); 907 EXPECT_CALL(*observer(), OnEncryptionComplete());
994 EXPECT_CALL(*observer(),
995 OnEncryptionComplete());
996 encryption_handler()->EnableEncryptEverything(); 908 encryption_handler()->EnableEncryptEverything();
997 Mock::VerifyAndClearExpectations(observer()); 909 Mock::VerifyAndClearExpectations(observer());
998 910
999 SyncEncryptionHandler::NigoriState captured_nigori_state; 911 SyncEncryptionHandler::NigoriState captured_nigori_state;
1000 { 912 {
1001 ReadTransaction trans(FROM_HERE, user_share()); 913 ReadTransaction trans(FROM_HERE, user_share());
1002 // Once we provide a keystore key, we should perform the migration. 914 // Once we provide a keystore key, we should perform the migration.
1003 EXPECT_CALL(*observer(), 915 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1004 OnCryptographerStateChanged(_)).Times(AnyNumber());
1005 EXPECT_CALL(*observer(), 916 EXPECT_CALL(*observer(),
1006 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 917 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1007 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 918 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
1008 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 919 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
1009 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 920 encryption_handler()->SetKeystoreKeys(
1010 kRawKeystoreKey), 921 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1011 trans.GetWrappedTrans());
1012 } 922 }
1013 923
1014 // The actual migration gets posted, so run all pending tasks. 924 // The actual migration gets posted, so run all pending tasks.
1015 PumpLoop(); 925 PumpLoop();
1016 Mock::VerifyAndClearExpectations(observer()); 926 Mock::VerifyAndClearExpectations(observer());
1017 927
1018 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 928 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1019 const base::Time migration_time = encryption_handler()->migration_time(); 929 const base::Time migration_time = encryption_handler()->migration_time();
1020 EXPECT_EQ(CUSTOM_PASSPHRASE, 930 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
1021 encryption_handler()->GetPassphraseType());
1022 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 931 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
1023 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey); 932 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey);
1024 933
1025 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey, 934 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey,
1026 captured_bootstrap_token, 935 captured_bootstrap_token,
1027 captured_nigori_state, CUSTOM_PASSPHRASE); 936 captured_nigori_state, CUSTOM_PASSPHRASE);
1028 } 937 }
1029 938
1030 // Test that we trigger a migration when we set the keystore key, had a 939 // Test that we trigger a migration when we set the keystore key, had a
1031 // custom passphrase, and did not have encrypt everything. The passphrase state 940 // custom passphrase, and did not have encrypt everything. The passphrase state
1032 // should remain as CUSTOM_PASSPHRASE, and encrypt everything should be enabled. 941 // should remain as CUSTOM_PASSPHRASE, and encrypt everything should be enabled.
1033 TEST_F(SyncEncryptionHandlerImplTest, 942 TEST_F(SyncEncryptionHandlerImplTest,
1034 MigrateOnKeystoreKeyAvailableCustomNoEncryption) { 943 MigrateOnKeystoreKeyAvailableCustomNoEncryption) {
1035 const char kCurKey[] = "cur"; 944 const char kCurKey[] = "cur";
1036 EXPECT_CALL(*observer(), 945 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1037 OnCryptographerStateChanged(_)).Times(AnyNumber()); 946 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
1038 EXPECT_CALL(*observer(), 947 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1039 OnPassphraseRequired(_, _)); 948 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
1040 EXPECT_CALL(*observer(), 949 EXPECT_CALL(*observer(), OnEncryptionComplete());
1041 OnPassphraseAccepted()); 950 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1042 EXPECT_CALL(*observer(),
1043 OnEncryptedTypesChanged(_, false));
1044 EXPECT_CALL(*observer(),
1045 OnEncryptionComplete());
1046 EXPECT_CALL(*observer(),
1047 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1048 std::string captured_bootstrap_token; 951 std::string captured_bootstrap_token;
1049 EXPECT_CALL(*observer(), 952 EXPECT_CALL(*observer(),
1050 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) 953 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
1051 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); 954 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
1052 encryption_handler()->Init(); 955 encryption_handler()->Init();
1053 encryption_handler()->SetEncryptionPassphrase(kCurKey, true); 956 encryption_handler()->SetEncryptionPassphrase(kCurKey, true);
1054 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); 957 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
1055 Mock::VerifyAndClearExpectations(observer()); 958 Mock::VerifyAndClearExpectations(observer());
1056 959
1057 { 960 {
1058 ReadTransaction trans(FROM_HERE, user_share()); 961 ReadTransaction trans(FROM_HERE, user_share());
1059 // Once we provide a keystore key, we should perform the migration. 962 // Once we provide a keystore key, we should perform the migration.
1060 EXPECT_CALL(*observer(), 963 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1061 OnCryptographerStateChanged(_)).Times(AnyNumber());
1062 EXPECT_CALL(*observer(), 964 EXPECT_CALL(*observer(),
1063 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 965 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1064 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 966 encryption_handler()->SetKeystoreKeys(
1065 kRawKeystoreKey), 967 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1066 trans.GetWrappedTrans());
1067 } 968 }
1068 EXPECT_CALL(*observer(), 969 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
1069 OnEncryptedTypesChanged(_, true));
1070 SyncEncryptionHandler::NigoriState captured_nigori_state; 970 SyncEncryptionHandler::NigoriState captured_nigori_state;
1071 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 971 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
1072 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 972 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
1073 EXPECT_CALL(*observer(), 973 EXPECT_CALL(*observer(), OnEncryptionComplete());
1074 OnEncryptionComplete());
1075 // The actual migration gets posted, so run all pending tasks. 974 // The actual migration gets posted, so run all pending tasks.
1076 PumpLoop(); 975 PumpLoop();
1077 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 976 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1078 const base::Time migration_time = encryption_handler()->migration_time(); 977 const base::Time migration_time = encryption_handler()->migration_time();
1079 EXPECT_EQ(CUSTOM_PASSPHRASE, 978 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
1080 encryption_handler()->GetPassphraseType());
1081 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 979 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
1082 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey); 980 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey);
1083 981
1084 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey, 982 VerifyRestoreAfterCustomPassphrase(TimeToProtoTime(migration_time), kCurKey,
1085 captured_bootstrap_token, 983 captured_bootstrap_token,
1086 captured_nigori_state, CUSTOM_PASSPHRASE); 984 captured_nigori_state, CUSTOM_PASSPHRASE);
1087 } 985 }
1088 986
1089 // Test that we can handle receiving a migrated nigori node in the 987 // Test that we can handle receiving a migrated nigori node in the
1090 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the 988 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the
1091 // keybag. 989 // keybag.
1092 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) { 990 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) {
1093 const char kCurKey[] = "cur"; 991 const char kCurKey[] = "cur";
1094 sync_pb::EncryptedData keystore_decryptor_token; 992 sync_pb::EncryptedData keystore_decryptor_token;
1095 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 993 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1096 KeyParams cur_key = {"localhost", "dummy", kCurKey}; 994 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1097 other_cryptographer.AddKey(cur_key); 995 other_cryptographer.AddKey(cur_key);
1098 EXPECT_TRUE(other_cryptographer.is_ready()); 996 EXPECT_TRUE(other_cryptographer.is_ready());
1099 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 997 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1100 other_cryptographer, 998 other_cryptographer, kKeystoreKey, &keystore_decryptor_token));
1101 kKeystoreKey,
1102 &keystore_decryptor_token));
1103 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 999 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1104 EXPECT_FALSE(GetCryptographer()->is_ready()); 1000 EXPECT_FALSE(GetCryptographer()->is_ready());
1105 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1001 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1106 1002
1107 // Now build a nigori node with the generated keystore decryptor token and 1003 // Now build a nigori node with the generated keystore decryptor token and
1108 // initialize the encryption handler with it. The cryptographer should be 1004 // initialize the encryption handler with it. The cryptographer should be
1109 // initialized properly to decrypt both kCurKey and kKeystoreKey. 1005 // initialized properly to decrypt both kCurKey and kKeystoreKey.
1110 { 1006 {
1111 WriteTransaction trans(FROM_HERE, user_share()); 1007 WriteTransaction trans(FROM_HERE, user_share());
1112 WriteNode nigori_node(&trans); 1008 WriteNode nigori_node(&trans);
1113 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1009 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1114 sync_pb::NigoriSpecifics nigori; 1010 sync_pb::NigoriSpecifics nigori;
1115 nigori.mutable_keystore_decryptor_token()->CopyFrom( 1011 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1116 keystore_decryptor_token); 1012 keystore_decryptor_token);
1117 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1013 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1118 nigori.set_keybag_is_frozen(true); 1014 nigori.set_keybag_is_frozen(true);
1119 nigori.set_keystore_migration_time(1); 1015 nigori.set_keystore_migration_time(1);
1120 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 1016 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1121 1017
1122 EXPECT_CALL(*observer(), OnPassphraseAccepted()); 1018 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1123 EXPECT_CALL(*observer(), 1019 EXPECT_CALL(*observer(),
1124 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 1020 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1125 EXPECT_CALL(*observer(), 1021 EXPECT_CALL(*observer(),
1126 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1022 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1127 EXPECT_CALL(*observer(), 1023 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1128 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); 1024 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1129 EXPECT_CALL(*observer(), 1025 encryption_handler()->SetKeystoreKeys(
1130 OnCryptographerStateChanged(_)).Times(AnyNumber()); 1026 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1131 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1132 kRawKeystoreKey),
1133 trans.GetWrappedTrans());
1134 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); 1027 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1135 nigori_node.SetNigoriSpecifics(nigori); 1028 nigori_node.SetNigoriSpecifics(nigori);
1136 } 1029 }
1137 // Run any tasks posted via AppplyNigoriUpdate. 1030 // Run any tasks posted via AppplyNigoriUpdate.
1138 PumpLoop(); 1031 PumpLoop();
1139 Mock::VerifyAndClearExpectations(observer()); 1032 Mock::VerifyAndClearExpectations(observer());
1140 1033
1141 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1034 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1142 EXPECT_TRUE(GetCryptographer()->is_ready()); 1035 EXPECT_TRUE(GetCryptographer()->is_ready());
1143 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1036 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1144 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1037 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1145 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey); 1038 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey);
1146 1039
1147 // Check that the cryptographer still encrypts with the current key. 1040 // Check that the cryptographer still encrypts with the current key.
1148 sync_pb::EncryptedData current_encrypted; 1041 sync_pb::EncryptedData current_encrypted;
1149 other_cryptographer.EncryptString("string", &current_encrypted); 1042 other_cryptographer.EncryptString("string", &current_encrypted);
1150 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); 1043 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1151 1044
1152 // Check that the cryptographer can decrypt keystore key based encryption. 1045 // Check that the cryptographer can decrypt keystore key based encryption.
1153 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); 1046 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1154 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; 1047 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1155 keystore_cryptographer.AddKey(keystore_key); 1048 keystore_cryptographer.AddKey(keystore_key);
1156 sync_pb::EncryptedData keystore_encrypted; 1049 sync_pb::EncryptedData keystore_encrypted;
1157 keystore_cryptographer.EncryptString("string", &keystore_encrypted); 1050 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1158 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); 1051 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1159 } 1052 }
1160 1053
1161 // Test that we handle receiving migrated nigori's with 1054 // Test that we handle receiving migrated nigori's with
1162 // FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending key state until 1055 // FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending key state until
1163 // we supply the pending frozen implicit passphrase key. 1056 // we supply the pending frozen implicit passphrase key.
1164 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) { 1057 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) {
1165 const char kCurKey[] = "cur"; 1058 const char kCurKey[] = "cur";
1166 sync_pb::EncryptedData encrypted; 1059 sync_pb::EncryptedData encrypted;
1167 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1060 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1168 KeyParams cur_key = {"localhost", "dummy", kCurKey}; 1061 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1169 other_cryptographer.AddKey(cur_key); 1062 other_cryptographer.AddKey(cur_key);
1170 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 1063 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1171 1064
1172 { 1065 {
1173 EXPECT_CALL(*observer(), 1066 EXPECT_CALL(*observer(),
1174 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1067 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1175 ReadTransaction trans(FROM_HERE, user_share()); 1068 ReadTransaction trans(FROM_HERE, user_share());
1176 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1069 encryption_handler()->SetKeystoreKeys(
1177 kRawKeystoreKey), 1070 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1178 trans.GetWrappedTrans());
1179 } 1071 }
1180 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 1072 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1181 1073
1182 { 1074 {
1183 EXPECT_CALL(*observer(), 1075 EXPECT_CALL(*observer(),
1184 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); 1076 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
1185 EXPECT_CALL(*observer(), 1077 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
1186 OnPassphraseRequired(_, _)); 1078 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1187 EXPECT_CALL(*observer(), 1079 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
1188 OnCryptographerStateChanged(_)).Times(AnyNumber());
1189 EXPECT_CALL(*observer(),
1190 OnEncryptedTypesChanged(_, true));
1191 WriteTransaction trans(FROM_HERE, user_share()); 1080 WriteTransaction trans(FROM_HERE, user_share());
1192 WriteNode nigori_node(&trans); 1081 WriteNode nigori_node(&trans);
1193 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1082 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1194 sync_pb::NigoriSpecifics nigori; 1083 sync_pb::NigoriSpecifics nigori;
1195 nigori.set_keybag_is_frozen(true); 1084 nigori.set_keybag_is_frozen(true);
1196 nigori.set_passphrase_type( 1085 nigori.set_passphrase_type(
1197 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE); 1086 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
1198 nigori.set_keystore_migration_time(1); 1087 nigori.set_keystore_migration_time(1);
1199 nigori.set_encrypt_everything(true); 1088 nigori.set_encrypt_everything(true);
1200 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1089 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1201 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); 1090 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1202 nigori_node.SetNigoriSpecifics(nigori); 1091 nigori_node.SetNigoriSpecifics(nigori);
1203 } 1092 }
1204 // Run any tasks posted via AppplyNigoriUpdate. 1093 // Run any tasks posted via AppplyNigoriUpdate.
1205 PumpLoop(); 1094 PumpLoop();
1206 Mock::VerifyAndClearExpectations(observer()); 1095 Mock::VerifyAndClearExpectations(observer());
1207 1096
1208 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1097 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1209 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, 1098 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
1210 encryption_handler()->GetPassphraseType()); 1099 encryption_handler()->GetPassphraseType());
1211 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); 1100 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1212 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 1101 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
1213 1102
1214 EXPECT_CALL(*observer(), 1103 EXPECT_CALL(*observer(),
1215 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 1104 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1216 EXPECT_CALL(*observer(), 1105 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1217 OnCryptographerStateChanged(_)).Times(AnyNumber()); 1106 EXPECT_CALL(*observer(), OnEncryptionComplete());
1218 EXPECT_CALL(*observer(), 1107 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1219 OnEncryptionComplete());
1220 EXPECT_CALL(*observer(),
1221 OnPassphraseAccepted());
1222 encryption_handler()->SetDecryptionPassphrase(kCurKey); 1108 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1223 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1109 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1224 EXPECT_TRUE(GetCryptographer()->is_ready()); 1110 EXPECT_TRUE(GetCryptographer()->is_ready());
1225 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey); 1111 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
1226 1112
1227 // Check that the cryptographer still encrypts with the current key. 1113 // Check that the cryptographer still encrypts with the current key.
1228 sync_pb::EncryptedData current_encrypted; 1114 sync_pb::EncryptedData current_encrypted;
1229 other_cryptographer.EncryptString("string", &current_encrypted); 1115 other_cryptographer.EncryptString("string", &current_encrypted);
1230 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); 1116 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1231 1117
1232 // Check that the cryptographer can decrypt keystore key based encryption. 1118 // Check that the cryptographer can decrypt keystore key based encryption.
1233 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); 1119 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1234 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; 1120 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1235 keystore_cryptographer.AddKey(keystore_key); 1121 keystore_cryptographer.AddKey(keystore_key);
1236 sync_pb::EncryptedData keystore_encrypted; 1122 sync_pb::EncryptedData keystore_encrypted;
1237 keystore_cryptographer.EncryptString("string", &keystore_encrypted); 1123 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1238 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); 1124 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1239 } 1125 }
1240 1126
1241 // Test that we handle receiving migrated nigori's with 1127 // Test that we handle receiving migrated nigori's with
1242 // CUSTOM_PASSPHRASE state. We should be in a pending key state until we 1128 // CUSTOM_PASSPHRASE state. We should be in a pending key state until we
1243 // provide the custom passphrase key. 1129 // provide the custom passphrase key.
1244 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) { 1130 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) {
1245 const char kCurKey[] = "cur"; 1131 const char kCurKey[] = "cur";
1246 sync_pb::EncryptedData encrypted; 1132 sync_pb::EncryptedData encrypted;
1247 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1133 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1248 KeyParams cur_key = {"localhost", "dummy", kCurKey}; 1134 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1249 other_cryptographer.AddKey(cur_key); 1135 other_cryptographer.AddKey(cur_key);
1250 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 1136 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1251 1137
1252 { 1138 {
1253 EXPECT_CALL(*observer(), 1139 EXPECT_CALL(*observer(),
1254 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1140 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1255 ReadTransaction trans(FROM_HERE, user_share()); 1141 ReadTransaction trans(FROM_HERE, user_share());
1256 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1142 encryption_handler()->SetKeystoreKeys(
1257 kRawKeystoreKey), 1143 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1258 trans.GetWrappedTrans());
1259 } 1144 }
1260 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 1145 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1261 1146
1262 { 1147 {
1263 EXPECT_CALL(*observer(), 1148 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1264 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); 1149 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
1265 EXPECT_CALL(*observer(), 1150 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1266 OnPassphraseRequired(_, _)); 1151 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
1267 EXPECT_CALL(*observer(),
1268 OnCryptographerStateChanged(_)).Times(AnyNumber());
1269 EXPECT_CALL(*observer(),
1270 OnEncryptedTypesChanged(_, true));
1271 WriteTransaction trans(FROM_HERE, user_share()); 1152 WriteTransaction trans(FROM_HERE, user_share());
1272 WriteNode nigori_node(&trans); 1153 WriteNode nigori_node(&trans);
1273 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1154 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1274 sync_pb::NigoriSpecifics nigori; 1155 sync_pb::NigoriSpecifics nigori;
1275 nigori.set_keybag_is_frozen(true); 1156 nigori.set_keybag_is_frozen(true);
1276 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); 1157 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1277 nigori.set_keystore_migration_time(1); 1158 nigori.set_keystore_migration_time(1);
1278 nigori.set_encrypt_everything(true); 1159 nigori.set_encrypt_everything(true);
1279 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1160 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1280 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); 1161 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1281 nigori_node.SetNigoriSpecifics(nigori); 1162 nigori_node.SetNigoriSpecifics(nigori);
1282 } 1163 }
1283 // Run any tasks posted via AppplyNigoriUpdate. 1164 // Run any tasks posted via AppplyNigoriUpdate.
1284 PumpLoop(); 1165 PumpLoop();
1285 Mock::VerifyAndClearExpectations(observer()); 1166 Mock::VerifyAndClearExpectations(observer());
1286 1167
1287 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1168 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1288 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType()); 1169 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
1289 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); 1170 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1290 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 1171 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
1291 1172
1292 EXPECT_CALL(*observer(), 1173 EXPECT_CALL(*observer(),
1293 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 1174 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1294 EXPECT_CALL(*observer(), 1175 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1295 OnCryptographerStateChanged(_)).Times(AnyNumber()); 1176 EXPECT_CALL(*observer(), OnEncryptionComplete());
1296 EXPECT_CALL(*observer(), 1177 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1297 OnEncryptionComplete());
1298 EXPECT_CALL(*observer(),
1299 OnPassphraseAccepted());
1300 encryption_handler()->SetDecryptionPassphrase(kCurKey); 1178 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1301 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1179 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1302 EXPECT_TRUE(GetCryptographer()->is_ready()); 1180 EXPECT_TRUE(GetCryptographer()->is_ready());
1303 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); 1181 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1304 1182
1305 // Check that the cryptographer still encrypts with the current key. 1183 // Check that the cryptographer still encrypts with the current key.
1306 sync_pb::EncryptedData current_encrypted; 1184 sync_pb::EncryptedData current_encrypted;
1307 other_cryptographer.EncryptString("string", &current_encrypted); 1185 other_cryptographer.EncryptString("string", &current_encrypted);
1308 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); 1186 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1309 1187
1310 // Check that the cryptographer can decrypt keystore key based encryption. 1188 // Check that the cryptographer can decrypt keystore key based encryption.
1311 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); 1189 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1312 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; 1190 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1313 keystore_cryptographer.AddKey(keystore_key); 1191 keystore_cryptographer.AddKey(keystore_key);
1314 sync_pb::EncryptedData keystore_encrypted; 1192 sync_pb::EncryptedData keystore_encrypted;
1315 keystore_cryptographer.EncryptString("string", &keystore_encrypted); 1193 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1316 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); 1194 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1317 } 1195 }
1318 1196
1319 // Test that if we have a migrated nigori with a custom passphrase, then receive 1197 // Test that if we have a migrated nigori with a custom passphrase, then receive
1320 // and old implicit passphrase nigori, we properly overwrite it with the current 1198 // and old implicit passphrase nigori, we properly overwrite it with the current
1321 // state. 1199 // state.
1322 TEST_F(SyncEncryptionHandlerImplTest, ReceiveUnmigratedNigoriAfterMigration) { 1200 TEST_F(SyncEncryptionHandlerImplTest, ReceiveUnmigratedNigoriAfterMigration) {
(...skipping 13 matching lines...) Expand all
1336 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1214 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1337 sync_pb::NigoriSpecifics nigori; 1215 sync_pb::NigoriSpecifics nigori;
1338 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); 1216 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag());
1339 nigori.set_keybag_is_frozen(true); 1217 nigori.set_keybag_is_frozen(true);
1340 nigori.set_keystore_migration_time(1); 1218 nigori.set_keystore_migration_time(1);
1341 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); 1219 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1342 nigori.set_encrypt_everything(true); 1220 nigori.set_encrypt_everything(true);
1343 nigori_node.SetNigoriSpecifics(nigori); 1221 nigori_node.SetNigoriSpecifics(nigori);
1344 } 1222 }
1345 1223
1346 EXPECT_CALL(*observer(), 1224 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1347 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); 1225 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1348 EXPECT_CALL(*observer(), 1226 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2);
1349 OnCryptographerStateChanged(_)).Times(AnyNumber()); 1227 EXPECT_CALL(*observer(), OnEncryptionComplete());
1350 EXPECT_CALL(*observer(),
1351 OnEncryptedTypesChanged(_, true)).Times(2);
1352 EXPECT_CALL(*observer(),
1353 OnEncryptionComplete());
1354 encryption_handler()->Init(); 1228 encryption_handler()->Init();
1355 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1229 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1356 EXPECT_TRUE(GetCryptographer()->is_ready()); 1230 EXPECT_TRUE(GetCryptographer()->is_ready());
1357 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); 1231 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1358 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 1232 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
1359 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kCurKey); 1233 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kCurKey);
1360 1234
1361 { 1235 {
1362 EXPECT_CALL(*observer(), 1236 EXPECT_CALL(*observer(),
1363 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1237 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1364 ReadTransaction trans(FROM_HERE, user_share()); 1238 ReadTransaction trans(FROM_HERE, user_share());
1365 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1239 encryption_handler()->SetKeystoreKeys(
1366 kRawKeystoreKey), 1240 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1367 trans.GetWrappedTrans());
1368 } 1241 }
1369 Mock::VerifyAndClearExpectations(observer()); 1242 Mock::VerifyAndClearExpectations(observer());
1370 1243
1371 // Now build an old unmigrated nigori node with old encrypted types. We should 1244 // Now build an old unmigrated nigori node with old encrypted types. We should
1372 // properly overwrite it with the migrated + encrypt everything state. 1245 // properly overwrite it with the migrated + encrypt everything state.
1373 EXPECT_CALL(*observer(), 1246 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1374 OnCryptographerStateChanged(_)).Times(AnyNumber());
1375 SyncEncryptionHandler::NigoriState captured_nigori_state; 1247 SyncEncryptionHandler::NigoriState captured_nigori_state;
1376 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 1248 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
1377 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 1249 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
1378 EXPECT_CALL(*observer(), OnEncryptionComplete()); 1250 EXPECT_CALL(*observer(), OnEncryptionComplete());
1379 { 1251 {
1380 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1252 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1381 other_cryptographer.AddKey(old_key); 1253 other_cryptographer.AddKey(old_key);
1382 WriteTransaction trans(FROM_HERE, user_share()); 1254 WriteTransaction trans(FROM_HERE, user_share());
1383 WriteNode nigori_node(&trans); 1255 WriteNode nigori_node(&trans);
1384 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1256 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
1427 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1299 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1428 sync_pb::NigoriSpecifics nigori; 1300 sync_pb::NigoriSpecifics nigori;
1429 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag()); 1301 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag());
1430 nigori.set_keybag_is_frozen(true); 1302 nigori.set_keybag_is_frozen(true);
1431 nigori.set_keystore_migration_time(1); 1303 nigori.set_keystore_migration_time(1);
1432 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE); 1304 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1433 nigori.set_encrypt_everything(true); 1305 nigori.set_encrypt_everything(true);
1434 nigori_node.SetNigoriSpecifics(nigori); 1306 nigori_node.SetNigoriSpecifics(nigori);
1435 } 1307 }
1436 1308
1437 EXPECT_CALL(*observer(), 1309 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1438 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _)); 1310 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1439 EXPECT_CALL(*observer(), 1311 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true)).Times(2);
1440 OnCryptographerStateChanged(_)).Times(AnyNumber()); 1312 EXPECT_CALL(*observer(), OnEncryptionComplete());
1441 EXPECT_CALL(*observer(),
1442 OnEncryptedTypesChanged(_, true)).Times(2);
1443 EXPECT_CALL(*observer(),
1444 OnEncryptionComplete());
1445 encryption_handler()->Init(); 1313 encryption_handler()->Init();
1446 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1314 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1447 EXPECT_TRUE(GetCryptographer()->is_ready()); 1315 EXPECT_TRUE(GetCryptographer()->is_ready());
1448 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); 1316 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1449 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 1317 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
1450 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey); 1318 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1451 1319
1452 { 1320 {
1453 EXPECT_CALL(*observer(), 1321 EXPECT_CALL(*observer(),
1454 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1322 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1455 ReadTransaction trans(FROM_HERE, user_share()); 1323 ReadTransaction trans(FROM_HERE, user_share());
1456 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1324 encryption_handler()->SetKeystoreKeys(
1457 kRawKeystoreKey), 1325 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1458 trans.GetWrappedTrans());
1459 } 1326 }
1460 Mock::VerifyAndClearExpectations(observer()); 1327 Mock::VerifyAndClearExpectations(observer());
1461 1328
1462 // Now build an old keystore nigori node with old encrypted types. We should 1329 // Now build an old keystore nigori node with old encrypted types. We should
1463 // properly overwrite it with the migrated + encrypt everything state. 1330 // properly overwrite it with the migrated + encrypt everything state.
1464 EXPECT_CALL(*observer(), 1331 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1465 OnCryptographerStateChanged(_)).Times(AnyNumber());
1466 SyncEncryptionHandler::NigoriState captured_nigori_state; 1332 SyncEncryptionHandler::NigoriState captured_nigori_state;
1467 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 1333 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
1468 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 1334 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
1469 EXPECT_CALL(*observer(), OnEncryptionComplete()); 1335 EXPECT_CALL(*observer(), OnEncryptionComplete());
1470 const int64_t migration_time = 1; 1336 const int64_t migration_time = 1;
1471 { 1337 {
1472 WriteTransaction trans(FROM_HERE, user_share()); 1338 WriteTransaction trans(FROM_HERE, user_share());
1473 WriteNode nigori_node(&trans); 1339 WriteNode nigori_node(&trans);
1474 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1340 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1475 sync_pb::NigoriSpecifics nigori; 1341 sync_pb::NigoriSpecifics nigori;
1476 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1342 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1477 other_cryptographer.AddKey(old_key); 1343 other_cryptographer.AddKey(old_key);
1478 encryption_handler()->GetKeystoreDecryptor( 1344 encryption_handler()->GetKeystoreDecryptor(
1479 other_cryptographer, 1345 other_cryptographer, kKeystoreKey,
1480 kKeystoreKey,
1481 nigori.mutable_keystore_decryptor_token()); 1346 nigori.mutable_keystore_decryptor_token());
1482 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1347 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1483 nigori.set_keybag_is_frozen(true); 1348 nigori.set_keybag_is_frozen(true);
1484 nigori.set_encrypt_everything(false); 1349 nigori.set_encrypt_everything(false);
1485 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 1350 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1486 nigori.set_keystore_migration_time(migration_time); 1351 nigori.set_keystore_migration_time(migration_time);
1487 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); 1352 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1488 nigori_node.SetNigoriSpecifics(nigori); 1353 nigori_node.SetNigoriSpecifics(nigori);
1489 } 1354 }
1490 PumpLoop(); 1355 PumpLoop();
(...skipping 18 matching lines...) Expand all
1509 // Test that if we receive the keystore key after receiving a migrated nigori 1374 // Test that if we receive the keystore key after receiving a migrated nigori
1510 // node, we properly use the keystore decryptor token to decrypt the keybag. 1375 // node, we properly use the keystore decryptor token to decrypt the keybag.
1511 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) { 1376 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) {
1512 const char kCurKey[] = "cur"; 1377 const char kCurKey[] = "cur";
1513 sync_pb::EncryptedData keystore_decryptor_token; 1378 sync_pb::EncryptedData keystore_decryptor_token;
1514 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1379 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1515 KeyParams cur_key = {"localhost", "dummy", kCurKey}; 1380 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1516 other_cryptographer.AddKey(cur_key); 1381 other_cryptographer.AddKey(cur_key);
1517 EXPECT_TRUE(other_cryptographer.is_ready()); 1382 EXPECT_TRUE(other_cryptographer.is_ready());
1518 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 1383 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1519 other_cryptographer, 1384 other_cryptographer, kKeystoreKey, &keystore_decryptor_token));
1520 kKeystoreKey,
1521 &keystore_decryptor_token));
1522 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 1385 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1523 EXPECT_FALSE(GetCryptographer()->is_ready()); 1386 EXPECT_FALSE(GetCryptographer()->is_ready());
1524 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1387 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1525 1388
1526 // Now build a nigori node with the generated keystore decryptor token and 1389 // Now build a nigori node with the generated keystore decryptor token and
1527 // initialize the encryption handler with it. The cryptographer should be 1390 // initialize the encryption handler with it. The cryptographer should be
1528 // initialized properly to decrypt both kCurKey and kKeystoreKey. 1391 // initialized properly to decrypt both kCurKey and kKeystoreKey.
1529 { 1392 {
1530 WriteTransaction trans(FROM_HERE, user_share()); 1393 WriteTransaction trans(FROM_HERE, user_share());
1531 WriteNode nigori_node(&trans); 1394 WriteNode nigori_node(&trans);
1532 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1395 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1533 sync_pb::NigoriSpecifics nigori; 1396 sync_pb::NigoriSpecifics nigori;
1534 nigori.mutable_keystore_decryptor_token()->CopyFrom( 1397 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1535 keystore_decryptor_token); 1398 keystore_decryptor_token);
1536 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1399 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1537 nigori.set_keybag_is_frozen(true); 1400 nigori.set_keybag_is_frozen(true);
1538 nigori.set_keystore_migration_time(1); 1401 nigori.set_keystore_migration_time(1);
1539 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 1402 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1540 1403
1541 EXPECT_CALL(*observer(), 1404 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1542 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); 1405 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1543 EXPECT_CALL(*observer(), 1406 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
1544 OnCryptographerStateChanged(_)).Times(AnyNumber());
1545 EXPECT_CALL(*observer(),
1546 OnPassphraseRequired(_, _));
1547 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); 1407 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1548 nigori_node.SetNigoriSpecifics(nigori); 1408 nigori_node.SetNigoriSpecifics(nigori);
1549 } 1409 }
1550 // Run any tasks posted via AppplyNigoriUpdate. 1410 // Run any tasks posted via AppplyNigoriUpdate.
1551 PumpLoop(); 1411 PumpLoop();
1552 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1412 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1553 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); 1413 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1554 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1414 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1555 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1415 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1556 Mock::VerifyAndClearExpectations(observer()); 1416 Mock::VerifyAndClearExpectations(observer());
1557 1417
1558 EXPECT_CALL(*observer(), OnPassphraseAccepted()); 1418 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1559 EXPECT_CALL(*observer(), 1419 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1560 OnCryptographerStateChanged(_)).Times(AnyNumber());
1561 EXPECT_CALL(*observer(), 1420 EXPECT_CALL(*observer(),
1562 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 1421 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1563 { 1422 {
1564 EXPECT_CALL(*observer(), 1423 EXPECT_CALL(*observer(),
1565 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1424 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1566 ReadTransaction trans(FROM_HERE, user_share()); 1425 ReadTransaction trans(FROM_HERE, user_share());
1567 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1426 encryption_handler()->SetKeystoreKeys(
1568 kRawKeystoreKey), 1427 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1569 trans.GetWrappedTrans());
1570 } 1428 }
1571 PumpLoop(); 1429 PumpLoop();
1572 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1430 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1573 EXPECT_TRUE(GetCryptographer()->is_ready()); 1431 EXPECT_TRUE(GetCryptographer()->is_ready());
1574 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1432 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1575 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1433 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1576 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey); 1434 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey);
1577 1435
1578 // Check that the cryptographer still encrypts with the current key. 1436 // Check that the cryptographer still encrypts with the current key.
1579 sync_pb::EncryptedData current_encrypted; 1437 sync_pb::EncryptedData current_encrypted;
1580 other_cryptographer.EncryptString("string", &current_encrypted); 1438 other_cryptographer.EncryptString("string", &current_encrypted);
1581 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted)); 1439 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1582 1440
1583 // Check that the cryptographer can decrypt keystore key based encryption. 1441 // Check that the cryptographer can decrypt keystore key based encryption.
1584 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); 1442 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1585 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; 1443 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1586 keystore_cryptographer.AddKey(keystore_key); 1444 keystore_cryptographer.AddKey(keystore_key);
1587 sync_pb::EncryptedData keystore_encrypted; 1445 sync_pb::EncryptedData keystore_encrypted;
1588 keystore_cryptographer.EncryptString("string", &keystore_encrypted); 1446 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1589 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); 1447 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1590 } 1448 }
1591 1449
1592 // Test that after receiving a migrated nigori and decrypting it using the 1450 // Test that after receiving a migrated nigori and decrypting it using the
1593 // keystore key, we can then switch to a custom passphrase. The nigori should 1451 // keystore key, we can then switch to a custom passphrase. The nigori should
1594 // remain migrated and encrypt everything should be enabled. 1452 // remain migrated and encrypt everything should be enabled.
1595 TEST_F(SyncEncryptionHandlerImplTest, SetCustomPassAfterMigration) { 1453 TEST_F(SyncEncryptionHandlerImplTest, SetCustomPassAfterMigration) {
1596 const char kOldKey[] = "old"; 1454 const char kOldKey[] = "old";
1597 sync_pb::EncryptedData keystore_decryptor_token; 1455 sync_pb::EncryptedData keystore_decryptor_token;
1598 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1456 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1599 KeyParams cur_key = {"localhost", "dummy", kOldKey}; 1457 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1600 other_cryptographer.AddKey(cur_key); 1458 other_cryptographer.AddKey(cur_key);
1601 EXPECT_TRUE(other_cryptographer.is_ready()); 1459 EXPECT_TRUE(other_cryptographer.is_ready());
1602 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 1460 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1603 other_cryptographer, 1461 other_cryptographer, kKeystoreKey, &keystore_decryptor_token));
1604 kKeystoreKey,
1605 &keystore_decryptor_token));
1606 1462
1607 // Build a nigori node with the generated keystore decryptor token and 1463 // Build a nigori node with the generated keystore decryptor token and
1608 // initialize the encryption handler with it. The cryptographer should be 1464 // initialize the encryption handler with it. The cryptographer should be
1609 // initialized properly to decrypt both kOldKey and kKeystoreKey. 1465 // initialized properly to decrypt both kOldKey and kKeystoreKey.
1610 const int64_t migration_time = 1; 1466 const int64_t migration_time = 1;
1611 { 1467 {
1612 WriteTransaction trans(FROM_HERE, user_share()); 1468 WriteTransaction trans(FROM_HERE, user_share());
1613 WriteNode nigori_node(&trans); 1469 WriteNode nigori_node(&trans);
1614 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1470 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1615 sync_pb::NigoriSpecifics nigori; 1471 sync_pb::NigoriSpecifics nigori;
1616 nigori.mutable_keystore_decryptor_token()->CopyFrom( 1472 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1617 keystore_decryptor_token); 1473 keystore_decryptor_token);
1618 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1474 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1619 nigori.set_keybag_is_frozen(true); 1475 nigori.set_keybag_is_frozen(true);
1620 nigori.set_keystore_migration_time(migration_time); 1476 nigori.set_keystore_migration_time(migration_time);
1621 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 1477 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1622 nigori_node.SetNigoriSpecifics(nigori); 1478 nigori_node.SetNigoriSpecifics(nigori);
1623 EXPECT_CALL(*observer(), 1479 EXPECT_CALL(*observer(),
1624 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1480 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1625 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1481 encryption_handler()->SetKeystoreKeys(
1626 kRawKeystoreKey), 1482 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
1627 trans.GetWrappedTrans());
1628 } 1483 }
1629 1484
1630 EXPECT_CALL(*observer(), OnPassphraseAccepted()); 1485 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1631 EXPECT_CALL(*observer(), 1486 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1632 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); 1487 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1633 EXPECT_CALL(*observer(), 1488 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
1634 OnCryptographerStateChanged(_)).Times(AnyNumber());
1635 EXPECT_CALL(*observer(),
1636 OnEncryptedTypesChanged(_, false));
1637 EXPECT_CALL(*observer(), 1489 EXPECT_CALL(*observer(),
1638 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 1490 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1639 EXPECT_CALL(*observer(), 1491 EXPECT_CALL(*observer(), OnEncryptionComplete());
1640 OnEncryptionComplete());
1641 encryption_handler()->Init(); 1492 encryption_handler()->Init();
1642 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1493 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1643 EXPECT_TRUE(GetCryptographer()->is_ready()); 1494 EXPECT_TRUE(GetCryptographer()->is_ready());
1644 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1495 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1645 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1496 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1646 Mock::VerifyAndClearExpectations(observer()); 1497 Mock::VerifyAndClearExpectations(observer());
1647 1498
1648 const char kNewKey[] = "new_key"; 1499 const char kNewKey[] = "new_key";
1649 EXPECT_CALL(*observer(), 1500 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1650 OnCryptographerStateChanged(_)).Times(AnyNumber()); 1501 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1651 EXPECT_CALL(*observer(),
1652 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1653 SyncEncryptionHandler::NigoriState captured_nigori_state; 1502 SyncEncryptionHandler::NigoriState captured_nigori_state;
1654 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 1503 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
1655 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 1504 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
1656 std::string captured_bootstrap_token; 1505 std::string captured_bootstrap_token;
1657 EXPECT_CALL(*observer(), 1506 EXPECT_CALL(*observer(),
1658 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) 1507 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
1659 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); 1508 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
1660 EXPECT_CALL(*observer(), 1509 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1661 OnPassphraseAccepted()); 1510 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
1662 EXPECT_CALL(*observer(), 1511 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2);
1663 OnEncryptedTypesChanged(_, true));
1664 EXPECT_CALL(*observer(),
1665 OnEncryptionComplete()).Times(2);
1666 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); 1512 encryption_handler()->SetEncryptionPassphrase(kNewKey, true);
1667 Mock::VerifyAndClearExpectations(observer()); 1513 Mock::VerifyAndClearExpectations(observer());
1668 1514
1669 EXPECT_FALSE(captured_bootstrap_token.empty()); 1515 EXPECT_FALSE(captured_bootstrap_token.empty());
1670 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1516 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1671 EXPECT_TRUE(GetCryptographer()->is_ready()); 1517 EXPECT_TRUE(GetCryptographer()->is_ready());
1672 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); 1518 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1673 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 1519 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
1674 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); 1520 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
1675 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey); 1521 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey);
1676 1522
1677 // Check that the cryptographer can decrypt the old key. 1523 // Check that the cryptographer can decrypt the old key.
1678 sync_pb::EncryptedData old_encrypted; 1524 sync_pb::EncryptedData old_encrypted;
1679 other_cryptographer.EncryptString("string", &old_encrypted); 1525 other_cryptographer.EncryptString("string", &old_encrypted);
1680 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted)); 1526 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted));
1681 1527
1682 // Check that the cryptographer can decrypt keystore key based encryption. 1528 // Check that the cryptographer can decrypt keystore key based encryption.
1683 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor()); 1529 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1684 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; 1530 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1685 keystore_cryptographer.AddKey(keystore_key); 1531 keystore_cryptographer.AddKey(keystore_key);
1686 sync_pb::EncryptedData keystore_encrypted; 1532 sync_pb::EncryptedData keystore_encrypted;
1687 keystore_cryptographer.EncryptString("string", &keystore_encrypted); 1533 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1688 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); 1534 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1689 1535
1690 // Check the the cryptographer is encrypting with the new key. 1536 // Check the the cryptographer is encrypting with the new key.
1691 KeyParams new_key = {"localhost", "dummy", kNewKey}; 1537 KeyParams new_key = {"localhost", "dummy", kNewKey};
1692 Cryptographer new_cryptographer(GetCryptographer()->encryptor()); 1538 Cryptographer new_cryptographer(GetCryptographer()->encryptor());
1693 new_cryptographer.AddKey(new_key); 1539 new_cryptographer.AddKey(new_key);
1694 sync_pb::EncryptedData new_encrypted; 1540 sync_pb::EncryptedData new_encrypted;
(...skipping 15 matching lines...) Expand all
1710 SetCustomPassAfterMigrationNoKeystoreKey) { 1556 SetCustomPassAfterMigrationNoKeystoreKey) {
1711 const char kOldKey[] = "old"; 1557 const char kOldKey[] = "old";
1712 sync_pb::EncryptedData keystore_decryptor_token; 1558 sync_pb::EncryptedData keystore_decryptor_token;
1713 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1559 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1714 KeyParams cur_key = {"localhost", "dummy", kOldKey}; 1560 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1715 other_cryptographer.AddKey(cur_key); 1561 other_cryptographer.AddKey(cur_key);
1716 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; 1562 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1717 other_cryptographer.AddNonDefaultKey(keystore_key); 1563 other_cryptographer.AddNonDefaultKey(keystore_key);
1718 EXPECT_TRUE(other_cryptographer.is_ready()); 1564 EXPECT_TRUE(other_cryptographer.is_ready());
1719 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 1565 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1720 other_cryptographer, 1566 other_cryptographer, kKeystoreKey, &keystore_decryptor_token));
1721 kKeystoreKey,
1722 &keystore_decryptor_token));
1723 1567
1724 // Build a nigori node with the generated keystore decryptor token and 1568 // Build a nigori node with the generated keystore decryptor token and
1725 // initialize the encryption handler with it. The cryptographer will have 1569 // initialize the encryption handler with it. The cryptographer will have
1726 // pending keys until we provide the decryption passphrase. 1570 // pending keys until we provide the decryption passphrase.
1727 const int64_t migration_time = 1; 1571 const int64_t migration_time = 1;
1728 { 1572 {
1729 WriteTransaction trans(FROM_HERE, user_share()); 1573 WriteTransaction trans(FROM_HERE, user_share());
1730 WriteNode nigori_node(&trans); 1574 WriteNode nigori_node(&trans);
1731 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1575 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1732 sync_pb::NigoriSpecifics nigori; 1576 sync_pb::NigoriSpecifics nigori;
1733 nigori.mutable_keystore_decryptor_token()->CopyFrom( 1577 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1734 keystore_decryptor_token); 1578 keystore_decryptor_token);
1735 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1579 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1736 nigori.set_keybag_is_frozen(true); 1580 nigori.set_keybag_is_frozen(true);
1737 nigori.set_keystore_migration_time(migration_time); 1581 nigori.set_keystore_migration_time(migration_time);
1738 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 1582 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1739 nigori_node.SetNigoriSpecifics(nigori); 1583 nigori_node.SetNigoriSpecifics(nigori);
1740 } 1584 }
1741 1585
1742 EXPECT_CALL(*observer(), 1586 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
1743 OnPassphraseRequired(_, _)); 1587 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1744 EXPECT_CALL(*observer(), 1588 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1745 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); 1589 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
1746 EXPECT_CALL(*observer(),
1747 OnCryptographerStateChanged(_)).Times(AnyNumber());
1748 EXPECT_CALL(*observer(),
1749 OnEncryptedTypesChanged(_, false));
1750 encryption_handler()->Init(); 1590 encryption_handler()->Init();
1751 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1591 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1752 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); 1592 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1753 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1593 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1754 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1594 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1755 Mock::VerifyAndClearExpectations(observer()); 1595 Mock::VerifyAndClearExpectations(observer());
1756 1596
1757 EXPECT_CALL(*observer(), 1597 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1758 OnPassphraseAccepted()); 1598 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1759 EXPECT_CALL(*observer(),
1760 OnCryptographerStateChanged(_)).Times(AnyNumber());
1761 EXPECT_CALL(*observer(), 1599 EXPECT_CALL(*observer(),
1762 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 1600 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1763 EXPECT_CALL(*observer(), 1601 EXPECT_CALL(*observer(), OnEncryptionComplete());
1764 OnEncryptionComplete());
1765 encryption_handler()->SetDecryptionPassphrase(kOldKey); 1602 encryption_handler()->SetDecryptionPassphrase(kOldKey);
1766 EXPECT_TRUE(GetCryptographer()->is_ready()); 1603 EXPECT_TRUE(GetCryptographer()->is_ready());
1767 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1604 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1768 Mock::VerifyAndClearExpectations(observer()); 1605 Mock::VerifyAndClearExpectations(observer());
1769 1606
1770 const char kNewKey[] = "new_key"; 1607 const char kNewKey[] = "new_key";
1771 EXPECT_CALL(*observer(), 1608 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1772 OnCryptographerStateChanged(_)).Times(AnyNumber()); 1609 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1773 EXPECT_CALL(*observer(),
1774 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1775 SyncEncryptionHandler::NigoriState captured_nigori_state; 1610 SyncEncryptionHandler::NigoriState captured_nigori_state;
1776 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 1611 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
1777 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 1612 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
1778 std::string captured_bootstrap_token; 1613 std::string captured_bootstrap_token;
1779 EXPECT_CALL(*observer(), 1614 EXPECT_CALL(*observer(),
1780 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) 1615 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
1781 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); 1616 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
1782 EXPECT_CALL(*observer(), 1617 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1783 OnPassphraseAccepted()); 1618 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
1784 EXPECT_CALL(*observer(), 1619 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(2);
1785 OnEncryptedTypesChanged(_, true));
1786 EXPECT_CALL(*observer(),
1787 OnEncryptionComplete()).Times(2);
1788 encryption_handler()->SetEncryptionPassphrase(kNewKey, true); 1620 encryption_handler()->SetEncryptionPassphrase(kNewKey, true);
1789 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1621 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1790 EXPECT_TRUE(GetCryptographer()->is_ready()); 1622 EXPECT_TRUE(GetCryptographer()->is_ready());
1791 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE); 1623 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1792 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 1624 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
1793 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null()); 1625 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
1794 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey); 1626 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, kNewKey);
1795 1627
1796 // Check that the cryptographer can decrypt the old key. 1628 // Check that the cryptographer can decrypt the old key.
1797 sync_pb::EncryptedData old_encrypted; 1629 sync_pb::EncryptedData old_encrypted;
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
1829 SetImplicitPassAfterMigrationNoKeystoreKey) { 1661 SetImplicitPassAfterMigrationNoKeystoreKey) {
1830 const char kOldKey[] = "old"; 1662 const char kOldKey[] = "old";
1831 sync_pb::EncryptedData keystore_decryptor_token; 1663 sync_pb::EncryptedData keystore_decryptor_token;
1832 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1664 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1833 KeyParams cur_key = {"localhost", "dummy", kOldKey}; 1665 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1834 other_cryptographer.AddKey(cur_key); 1666 other_cryptographer.AddKey(cur_key);
1835 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; 1667 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1836 other_cryptographer.AddNonDefaultKey(keystore_key); 1668 other_cryptographer.AddNonDefaultKey(keystore_key);
1837 EXPECT_TRUE(other_cryptographer.is_ready()); 1669 EXPECT_TRUE(other_cryptographer.is_ready());
1838 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 1670 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1839 other_cryptographer, 1671 other_cryptographer, kKeystoreKey, &keystore_decryptor_token));
1840 kKeystoreKey,
1841 &keystore_decryptor_token));
1842 1672
1843 // Build a nigori node with the generated keystore decryptor token and 1673 // Build a nigori node with the generated keystore decryptor token and
1844 // initialize the encryption handler with it. The cryptographer will have 1674 // initialize the encryption handler with it. The cryptographer will have
1845 // pending keys until we provide the decryption passphrase. 1675 // pending keys until we provide the decryption passphrase.
1846 { 1676 {
1847 WriteTransaction trans(FROM_HERE, user_share()); 1677 WriteTransaction trans(FROM_HERE, user_share());
1848 WriteNode nigori_node(&trans); 1678 WriteNode nigori_node(&trans);
1849 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1679 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1850 sync_pb::NigoriSpecifics nigori; 1680 sync_pb::NigoriSpecifics nigori;
1851 nigori.mutable_keystore_decryptor_token()->CopyFrom( 1681 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1852 keystore_decryptor_token); 1682 keystore_decryptor_token);
1853 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1683 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1854 nigori.set_keybag_is_frozen(true); 1684 nigori.set_keybag_is_frozen(true);
1855 nigori.set_keystore_migration_time(1); 1685 nigori.set_keystore_migration_time(1);
1856 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 1686 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1857 nigori_node.SetNigoriSpecifics(nigori); 1687 nigori_node.SetNigoriSpecifics(nigori);
1858 } 1688 }
1859 1689
1860 EXPECT_CALL(*observer(), 1690 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
1861 OnPassphraseRequired(_, _)); 1691 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1862 EXPECT_CALL(*observer(), 1692 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1863 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); 1693 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
1864 EXPECT_CALL(*observer(),
1865 OnCryptographerStateChanged(_)).Times(AnyNumber());
1866 EXPECT_CALL(*observer(),
1867 OnEncryptedTypesChanged(_, false));
1868 encryption_handler()->Init(); 1694 encryption_handler()->Init();
1869 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1695 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1870 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); 1696 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1871 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1697 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1872 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1698 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1873 Mock::VerifyAndClearExpectations(observer()); 1699 Mock::VerifyAndClearExpectations(observer());
1874 1700
1875 EXPECT_CALL(*observer(), 1701 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1876 OnPassphraseAccepted()); 1702 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1877 EXPECT_CALL(*observer(),
1878 OnCryptographerStateChanged(_)).Times(AnyNumber());
1879 EXPECT_CALL(*observer(), 1703 EXPECT_CALL(*observer(),
1880 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 1704 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1881 EXPECT_CALL(*observer(), 1705 EXPECT_CALL(*observer(), OnEncryptionComplete());
1882 OnEncryptionComplete());
1883 encryption_handler()->SetDecryptionPassphrase(kOldKey); 1706 encryption_handler()->SetDecryptionPassphrase(kOldKey);
1884 EXPECT_TRUE(GetCryptographer()->is_ready()); 1707 EXPECT_TRUE(GetCryptographer()->is_ready());
1885 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1708 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1886 Mock::VerifyAndClearExpectations(observer()); 1709 Mock::VerifyAndClearExpectations(observer());
1887 1710
1888 // Should get dropped on the floor silently. 1711 // Should get dropped on the floor silently.
1889 const char kNewKey[] = "new_key"; 1712 const char kNewKey[] = "new_key";
1890 encryption_handler()->SetEncryptionPassphrase(kNewKey, false); 1713 encryption_handler()->SetEncryptionPassphrase(kNewKey, false);
1891 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1714 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1892 EXPECT_TRUE(GetCryptographer()->is_ready()); 1715 EXPECT_TRUE(GetCryptographer()->is_ready());
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
1924 MigrateOnEncryptEverythingKeystorePassphrase) { 1747 MigrateOnEncryptEverythingKeystorePassphrase) {
1925 const char kCurKey[] = "cur"; 1748 const char kCurKey[] = "cur";
1926 sync_pb::EncryptedData keystore_decryptor_token; 1749 sync_pb::EncryptedData keystore_decryptor_token;
1927 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1750 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1928 KeyParams cur_key = {"localhost", "dummy", kCurKey}; 1751 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1929 other_cryptographer.AddKey(cur_key); 1752 other_cryptographer.AddKey(cur_key);
1930 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey}; 1753 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1931 other_cryptographer.AddNonDefaultKey(keystore_key); 1754 other_cryptographer.AddNonDefaultKey(keystore_key);
1932 EXPECT_TRUE(other_cryptographer.is_ready()); 1755 EXPECT_TRUE(other_cryptographer.is_ready());
1933 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor( 1756 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1934 other_cryptographer, 1757 other_cryptographer, kKeystoreKey, &keystore_decryptor_token));
1935 kKeystoreKey,
1936 &keystore_decryptor_token));
1937 1758
1938 // Build a nigori node with the generated keystore decryptor token and 1759 // Build a nigori node with the generated keystore decryptor token and
1939 // initialize the encryption handler with it. The cryptographer will have 1760 // initialize the encryption handler with it. The cryptographer will have
1940 // pending keys until we provide the decryption passphrase. 1761 // pending keys until we provide the decryption passphrase.
1941 const int64_t migration_time = 1; 1762 const int64_t migration_time = 1;
1942 { 1763 {
1943 WriteTransaction trans(FROM_HERE, user_share()); 1764 WriteTransaction trans(FROM_HERE, user_share());
1944 WriteNode nigori_node(&trans); 1765 WriteNode nigori_node(&trans);
1945 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1766 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1946 sync_pb::NigoriSpecifics nigori; 1767 sync_pb::NigoriSpecifics nigori;
1947 nigori.mutable_keystore_decryptor_token()->CopyFrom( 1768 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1948 keystore_decryptor_token); 1769 keystore_decryptor_token);
1949 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1770 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1950 nigori.set_keybag_is_frozen(true); 1771 nigori.set_keybag_is_frozen(true);
1951 nigori.set_keystore_migration_time(migration_time); 1772 nigori.set_keystore_migration_time(migration_time);
1952 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 1773 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1953 nigori_node.SetNigoriSpecifics(nigori); 1774 nigori_node.SetNigoriSpecifics(nigori);
1954 } 1775 }
1955 EXPECT_CALL(*observer(), 1776 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
1956 OnPassphraseRequired(_, _)); 1777 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1957 EXPECT_CALL(*observer(), 1778 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1958 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _)); 1779 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
1959 EXPECT_CALL(*observer(),
1960 OnCryptographerStateChanged(_)).Times(AnyNumber());
1961 EXPECT_CALL(*observer(),
1962 OnEncryptedTypesChanged(_, false));
1963 encryption_handler()->Init(); 1780 encryption_handler()->Init();
1964 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1781 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1965 EXPECT_TRUE(GetCryptographer()->has_pending_keys()); 1782 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1966 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1783 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1967 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1784 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
1968 Mock::VerifyAndClearExpectations(observer()); 1785 Mock::VerifyAndClearExpectations(observer());
1969 1786
1970 EXPECT_CALL(*observer(), 1787 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1971 OnPassphraseAccepted()); 1788 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1972 EXPECT_CALL(*observer(),
1973 OnCryptographerStateChanged(_)).Times(AnyNumber());
1974 std::string captured_bootstrap_token; 1789 std::string captured_bootstrap_token;
1975 EXPECT_CALL(*observer(), 1790 EXPECT_CALL(*observer(),
1976 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) 1791 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
1977 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); 1792 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
1978 EXPECT_CALL(*observer(), 1793 EXPECT_CALL(*observer(), OnEncryptionComplete());
1979 OnEncryptionComplete());
1980 encryption_handler()->SetDecryptionPassphrase(kCurKey); 1794 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1981 Mock::VerifyAndClearExpectations(observer()); 1795 Mock::VerifyAndClearExpectations(observer());
1982 1796
1983 EXPECT_CALL(*observer(), 1797 EXPECT_CALL(*observer(),
1984 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _)); 1798 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
1985 EXPECT_CALL(*observer(), 1799 EXPECT_CALL(*observer(), OnEncryptionComplete());
1986 OnEncryptionComplete()); 1800 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
1987 EXPECT_CALL(*observer(),
1988 OnEncryptedTypesChanged(_, true));
1989 SyncEncryptionHandler::NigoriState captured_nigori_state; 1801 SyncEncryptionHandler::NigoriState captured_nigori_state;
1990 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 1802 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
1991 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 1803 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
1992 EXPECT_CALL(*observer(), 1804 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1993 OnCryptographerStateChanged(_)).Times(AnyNumber());
1994 encryption_handler()->EnableEncryptEverything(); 1805 encryption_handler()->EnableEncryptEverything();
1995 Mock::VerifyAndClearExpectations(observer()); 1806 Mock::VerifyAndClearExpectations(observer());
1996 1807
1997 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1808 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1998 EXPECT_TRUE(GetCryptographer()->is_ready()); 1809 EXPECT_TRUE(GetCryptographer()->is_ready());
1999 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE, 1810 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
2000 encryption_handler()->GetPassphraseType()); 1811 encryption_handler()->GetPassphraseType());
2001 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled()); 1812 EXPECT_TRUE(encryption_handler()->IsEncryptEverythingEnabled());
2002 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey); 1813 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
2003 1814
(...skipping 11 matching lines...) Expand all
2015 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted)); 1826 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
2016 1827
2017 VerifyRestoreAfterCustomPassphrase( 1828 VerifyRestoreAfterCustomPassphrase(
2018 migration_time, kCurKey, captured_bootstrap_token, captured_nigori_state, 1829 migration_time, kCurKey, captured_bootstrap_token, captured_nigori_state,
2019 FROZEN_IMPLICIT_PASSPHRASE); 1830 FROZEN_IMPLICIT_PASSPHRASE);
2020 } 1831 }
2021 1832
2022 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but 1833 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but
2023 // using an old default key (i.e. old GAIA password), we should overwrite the 1834 // using an old default key (i.e. old GAIA password), we should overwrite the
2024 // nigori, updating the keybag and keystore decryptor. 1835 // nigori, updating the keybag and keystore decryptor.
2025 TEST_F(SyncEncryptionHandlerImplTest, 1836 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriWithOldPassphrase) {
2026 ReceiveMigratedNigoriWithOldPassphrase) {
2027 const char kOldKey[] = "old"; 1837 const char kOldKey[] = "old";
2028 const char kCurKey[] = "cur"; 1838 const char kCurKey[] = "cur";
2029 sync_pb::EncryptedData encrypted; 1839 sync_pb::EncryptedData encrypted;
2030 KeyParams old_key = {"localhost", "dummy", kOldKey}; 1840 KeyParams old_key = {"localhost", "dummy", kOldKey};
2031 KeyParams cur_key = {"localhost", "dummy", kCurKey}; 1841 KeyParams cur_key = {"localhost", "dummy", kCurKey};
2032 GetCryptographer()->AddKey(old_key); 1842 GetCryptographer()->AddKey(old_key);
2033 GetCryptographer()->AddKey(cur_key); 1843 GetCryptographer()->AddKey(cur_key);
2034 1844
2035 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1845 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
2036 other_cryptographer.AddKey(old_key); 1846 other_cryptographer.AddKey(old_key);
2037 EXPECT_TRUE(other_cryptographer.is_ready()); 1847 EXPECT_TRUE(other_cryptographer.is_ready());
2038 1848
2039 EXPECT_CALL(*observer(), 1849 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2040 OnCryptographerStateChanged(_)).Times(AnyNumber()); 1850 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
2041 EXPECT_CALL(*observer(), 1851 EXPECT_CALL(*observer(), OnEncryptionComplete());
2042 OnEncryptedTypesChanged(_, false));
2043 EXPECT_CALL(*observer(),
2044 OnEncryptionComplete());
2045 encryption_handler()->Init(); 1852 encryption_handler()->Init();
2046 EXPECT_TRUE(GetCryptographer()->is_ready()); 1853 EXPECT_TRUE(GetCryptographer()->is_ready());
2047 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled()); 1854 EXPECT_FALSE(encryption_handler()->IsEncryptEverythingEnabled());
2048 1855
2049 { 1856 {
2050 EXPECT_CALL(*observer(), 1857 EXPECT_CALL(*observer(),
2051 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1858 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2052 ReadTransaction trans(FROM_HERE, user_share()); 1859 ReadTransaction trans(FROM_HERE, user_share());
2053 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1860 encryption_handler()->SetKeystoreKeys(
2054 kRawKeystoreKey), 1861 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
2055 trans.GetWrappedTrans());
2056 } 1862 }
2057 EXPECT_CALL(*observer(), 1863 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2058 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2059 PumpLoop(); 1864 PumpLoop();
2060 Mock::VerifyAndClearExpectations(observer()); 1865 Mock::VerifyAndClearExpectations(observer());
2061 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1866 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2062 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE); 1867 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
2063 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey); 1868 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
2064 1869
2065 // Now build an old keystore passphrase nigori node. 1870 // Now build an old keystore passphrase nigori node.
2066 EXPECT_CALL(*observer(), 1871 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2067 OnCryptographerStateChanged(_)).Times(AnyNumber());
2068 EXPECT_CALL(*observer(), OnEncryptionComplete()); 1872 EXPECT_CALL(*observer(), OnEncryptionComplete());
2069 { 1873 {
2070 WriteTransaction trans(FROM_HERE, user_share()); 1874 WriteTransaction trans(FROM_HERE, user_share());
2071 WriteNode nigori_node(&trans); 1875 WriteNode nigori_node(&trans);
2072 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK); 1876 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
2073 sync_pb::NigoriSpecifics nigori; 1877 sync_pb::NigoriSpecifics nigori;
2074 Cryptographer other_cryptographer(GetCryptographer()->encryptor()); 1878 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
2075 other_cryptographer.AddKey(old_key); 1879 other_cryptographer.AddKey(old_key);
2076 encryption_handler()->GetKeystoreDecryptor( 1880 encryption_handler()->GetKeystoreDecryptor(
2077 other_cryptographer, 1881 other_cryptographer, kKeystoreKey,
2078 kKeystoreKey,
2079 nigori.mutable_keystore_decryptor_token()); 1882 nigori.mutable_keystore_decryptor_token());
2080 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag()); 1883 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
2081 nigori.set_keybag_is_frozen(true); 1884 nigori.set_keybag_is_frozen(true);
2082 nigori.set_encrypt_everything(false); 1885 nigori.set_encrypt_everything(false);
2083 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE); 1886 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
2084 nigori.set_keystore_migration_time(1); 1887 nigori.set_keystore_migration_time(1);
2085 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans()); 1888 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
2086 nigori_node.SetNigoriSpecifics(nigori); 1889 nigori_node.SetNigoriSpecifics(nigori);
2087 } 1890 }
2088 PumpLoop(); 1891 PumpLoop();
(...skipping 16 matching lines...) Expand all
2105 SetUpEncryption(); 1908 SetUpEncryption();
2106 1909
2107 const char kOldGaiaKey[] = "old_gaia_key"; 1910 const char kOldGaiaKey[] = "old_gaia_key";
2108 const char kRawOldKeystoreKey[] = "old_keystore_key"; 1911 const char kRawOldKeystoreKey[] = "old_keystore_key";
2109 std::string old_keystore_key; 1912 std::string old_keystore_key;
2110 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); 1913 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2111 { 1914 {
2112 ReadTransaction trans(FROM_HERE, user_share()); 1915 ReadTransaction trans(FROM_HERE, user_share());
2113 EXPECT_CALL(*observer(), 1916 EXPECT_CALL(*observer(),
2114 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1917 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2115 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1918 encryption_handler()->SetKeystoreKeys(
2116 kRawOldKeystoreKey), 1919 BuildEncryptionKeyProto(kRawOldKeystoreKey), trans.GetWrappedTrans());
2117 trans.GetWrappedTrans());
2118 } 1920 }
2119 PumpLoop(); 1921 PumpLoop();
2120 Mock::VerifyAndClearExpectations(observer()); 1922 Mock::VerifyAndClearExpectations(observer());
2121 1923
2122 // Then init the nigori node with a backwards compatible set of keys. 1924 // Then init the nigori node with a backwards compatible set of keys.
2123 CreateRootForType(NIGORI); 1925 CreateRootForType(NIGORI);
2124 EXPECT_CALL(*observer(), OnPassphraseAccepted()); 1926 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2125 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key); 1927 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key);
2126 1928
2127 // Now set some new keystore keys. 1929 // Now set some new keystore keys.
2128 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); 1930 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2129 EXPECT_CALL(*observer(), OnEncryptionComplete()); 1931 EXPECT_CALL(*observer(), OnEncryptionComplete());
2130 { 1932 {
2131 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; 1933 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2132 keys.Add()->assign(kRawOldKeystoreKey); 1934 keys.Add()->assign(kRawOldKeystoreKey);
2133 keys.Add()->assign(kRawKeystoreKey); 1935 keys.Add()->assign(kRawKeystoreKey);
2134 EXPECT_CALL(*observer(), 1936 EXPECT_CALL(*observer(),
2135 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1937 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2136 ReadTransaction trans(FROM_HERE, user_share()); 1938 ReadTransaction trans(FROM_HERE, user_share());
2137 encryption_handler()->SetKeystoreKeys(keys, 1939 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
2138 trans.GetWrappedTrans());
2139 } 1940 }
2140 // Pump for any posted tasks. 1941 // Pump for any posted tasks.
2141 PumpLoop(); 1942 PumpLoop();
2142 Mock::VerifyAndClearExpectations(observer()); 1943 Mock::VerifyAndClearExpectations(observer());
2143 1944
2144 // Verify we're still migrated and have proper encryption state. We should 1945 // Verify we're still migrated and have proper encryption state. We should
2145 // have rotated the keybag so that it's now encrypted with the newest keystore 1946 // have rotated the keybag so that it's now encrypted with the newest keystore
2146 // key (instead of the old gaia key). 1947 // key (instead of the old gaia key).
2147 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 1948 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2148 EXPECT_TRUE(GetCryptographer()->is_ready()); 1949 EXPECT_TRUE(GetCryptographer()->is_ready());
(...skipping 10 matching lines...) Expand all
2159 test_user_share_.SetUp(); 1960 test_user_share_.SetUp();
2160 SetUpEncryption(); 1961 SetUpEncryption();
2161 1962
2162 const char kRawOldKeystoreKey[] = "old_keystore_key"; 1963 const char kRawOldKeystoreKey[] = "old_keystore_key";
2163 std::string old_keystore_key; 1964 std::string old_keystore_key;
2164 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); 1965 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2165 { 1966 {
2166 ReadTransaction trans(FROM_HERE, user_share()); 1967 ReadTransaction trans(FROM_HERE, user_share());
2167 EXPECT_CALL(*observer(), 1968 EXPECT_CALL(*observer(),
2168 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1969 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2169 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 1970 encryption_handler()->SetKeystoreKeys(
2170 kRawOldKeystoreKey), 1971 BuildEncryptionKeyProto(kRawOldKeystoreKey), trans.GetWrappedTrans());
2171 trans.GetWrappedTrans());
2172 } 1972 }
2173 PumpLoop(); 1973 PumpLoop();
2174 Mock::VerifyAndClearExpectations(observer()); 1974 Mock::VerifyAndClearExpectations(observer());
2175 1975
2176 // Then init the nigori node with a non-backwards compatible set of keys. 1976 // Then init the nigori node with a non-backwards compatible set of keys.
2177 CreateRootForType(NIGORI); 1977 CreateRootForType(NIGORI);
2178 EXPECT_CALL(*observer(), OnPassphraseAccepted()); 1978 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2179 InitKeystoreMigratedNigori(1, old_keystore_key, old_keystore_key); 1979 InitKeystoreMigratedNigori(1, old_keystore_key, old_keystore_key);
2180 1980
2181 // Now set some new keystore keys. 1981 // Now set some new keystore keys.
2182 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber()); 1982 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2183 EXPECT_CALL(*observer(), OnEncryptionComplete()); 1983 EXPECT_CALL(*observer(), OnEncryptionComplete());
2184 { 1984 {
2185 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; 1985 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2186 keys.Add()->assign(kRawOldKeystoreKey); 1986 keys.Add()->assign(kRawOldKeystoreKey);
2187 keys.Add()->assign(kRawKeystoreKey); 1987 keys.Add()->assign(kRawKeystoreKey);
2188 EXPECT_CALL(*observer(), 1988 EXPECT_CALL(*observer(),
2189 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 1989 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2190 ReadTransaction trans(FROM_HERE, user_share()); 1990 ReadTransaction trans(FROM_HERE, user_share());
2191 encryption_handler()->SetKeystoreKeys(keys, 1991 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
2192 trans.GetWrappedTrans());
2193 } 1992 }
2194 // Pump for any posted tasks. 1993 // Pump for any posted tasks.
2195 PumpLoop(); 1994 PumpLoop();
2196 Mock::VerifyAndClearExpectations(observer()); 1995 Mock::VerifyAndClearExpectations(observer());
2197 1996
2198 // Verify we're still migrated and have proper encryption state. We should 1997 // Verify we're still migrated and have proper encryption state. We should
2199 // have rotated the keybag so that it's now encrypted with the newest keystore 1998 // have rotated the keybag so that it's now encrypted with the newest keystore
2200 // key (instead of the old gaia key). 1999 // key (instead of the old gaia key).
2201 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 2000 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2202 EXPECT_TRUE(GetCryptographer()->is_ready()); 2001 EXPECT_TRUE(GetCryptographer()->is_ready());
(...skipping 11 matching lines...) Expand all
2214 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE); 2013 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE);
2215 2014
2216 { 2015 {
2217 // Pass multiple keystore keys, signaling a rotation has happened. 2016 // Pass multiple keystore keys, signaling a rotation has happened.
2218 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; 2017 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2219 keys.Add()->assign(kRawOldKeystoreKey); 2018 keys.Add()->assign(kRawOldKeystoreKey);
2220 keys.Add()->assign(kRawKeystoreKey); 2019 keys.Add()->assign(kRawKeystoreKey);
2221 ReadTransaction trans(FROM_HERE, user_share()); 2020 ReadTransaction trans(FROM_HERE, user_share());
2222 EXPECT_CALL(*observer(), 2021 EXPECT_CALL(*observer(),
2223 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 2022 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2224 encryption_handler()->SetKeystoreKeys(keys, 2023 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
2225 trans.GetWrappedTrans());
2226 } 2024 }
2227 PumpLoop(); 2025 PumpLoop();
2228 Mock::VerifyAndClearExpectations(observer()); 2026 Mock::VerifyAndClearExpectations(observer());
2229 2027
2230 // Resolve the pending keys. This should trigger the key rotation. 2028 // Resolve the pending keys. This should trigger the key rotation.
2231 EXPECT_CALL(*observer(), 2029 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2232 OnCryptographerStateChanged(_)).Times(AnyNumber()); 2030 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2233 EXPECT_CALL(*observer(), 2031 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2234 OnPassphraseAccepted());
2235 EXPECT_CALL(*observer(),
2236 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2237 EXPECT_CALL(*observer(), 2032 EXPECT_CALL(*observer(),
2238 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 2033 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
2239 EXPECT_CALL(*observer(), 2034 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1));
2240 OnEncryptionComplete()).Times(AtLeast(1));
2241 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 2035 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
2242 encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey); 2036 encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey);
2243 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 2037 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2244 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); 2038 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
2245 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); 2039 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2246 } 2040 }
2247 2041
2248 // When signing in for the first time, make sure we can rotate keys if we 2042 // When signing in for the first time, make sure we can rotate keys if we
2249 // already have a keystore migrated nigori. 2043 // already have a keystore migrated nigori.
2250 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) { 2044 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) {
2251 // Destroy the existing nigori node so we init without a nigori node. 2045 // Destroy the existing nigori node so we init without a nigori node.
2252 TearDown(); 2046 TearDown();
2253 test_user_share_.SetUp(); 2047 test_user_share_.SetUp();
2254 SetUpEncryption(); 2048 SetUpEncryption();
2255 2049
2256 const char kOldGaiaKey[] = "old_gaia_key"; 2050 const char kOldGaiaKey[] = "old_gaia_key";
2257 const char kRawOldKeystoreKey[] = "old_keystore_key"; 2051 const char kRawOldKeystoreKey[] = "old_keystore_key";
2258 std::string old_keystore_key; 2052 std::string old_keystore_key;
2259 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key); 2053 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2260 2054
2261 // Set two keys, signaling that a rotation has been performed. No nigori 2055 // Set two keys, signaling that a rotation has been performed. No nigori
2262 // node is present yet, so we can't rotate. 2056 // node is present yet, so we can't rotate.
2263 { 2057 {
2264 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; 2058 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2265 keys.Add()->assign(kRawOldKeystoreKey); 2059 keys.Add()->assign(kRawOldKeystoreKey);
2266 keys.Add()->assign(kRawKeystoreKey); 2060 keys.Add()->assign(kRawKeystoreKey);
2267 EXPECT_CALL(*observer(), 2061 EXPECT_CALL(*observer(),
2268 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 2062 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2269 ReadTransaction trans(FROM_HERE, user_share()); 2063 ReadTransaction trans(FROM_HERE, user_share());
2270 encryption_handler()->SetKeystoreKeys(keys, 2064 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
2271 trans.GetWrappedTrans());
2272 } 2065 }
2273 2066
2274 // Then init the nigori node with an old set of keys. 2067 // Then init the nigori node with an old set of keys.
2275 CreateRootForType(NIGORI); 2068 CreateRootForType(NIGORI);
2276 EXPECT_CALL(*observer(), OnPassphraseAccepted()); 2069 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2277 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key); 2070 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key);
2278 PumpLoop(); 2071 PumpLoop();
2279 Mock::VerifyAndClearExpectations(observer()); 2072 Mock::VerifyAndClearExpectations(observer());
2280 2073
2281 // Verify we're still migrated and have proper encryption state. We should 2074 // Verify we're still migrated and have proper encryption state. We should
(...skipping 18 matching lines...) Expand all
2300 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE); 2093 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE);
2301 2094
2302 { 2095 {
2303 // Pass multiple keystore keys, signaling a rotation has happened. 2096 // Pass multiple keystore keys, signaling a rotation has happened.
2304 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; 2097 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2305 keys.Add()->assign(kRawOldKeystoreKey); 2098 keys.Add()->assign(kRawOldKeystoreKey);
2306 keys.Add()->assign(kRawKeystoreKey); 2099 keys.Add()->assign(kRawKeystoreKey);
2307 ReadTransaction trans(FROM_HERE, user_share()); 2100 ReadTransaction trans(FROM_HERE, user_share());
2308 EXPECT_CALL(*observer(), 2101 EXPECT_CALL(*observer(),
2309 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 2102 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2310 encryption_handler()->SetKeystoreKeys(keys, 2103 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
2311 trans.GetWrappedTrans());
2312 } 2104 }
2313 PumpLoop(); 2105 PumpLoop();
2314 Mock::VerifyAndClearExpectations(observer()); 2106 Mock::VerifyAndClearExpectations(observer());
2315 2107
2316 // Now simulate downloading a nigori node that was migrated before the 2108 // Now simulate downloading a nigori node that was migrated before the
2317 // keys were rotated, and hence still encrypt with the old gaia key. 2109 // keys were rotated, and hence still encrypt with the old gaia key.
2318 EXPECT_CALL(*observer(), 2110 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2319 OnCryptographerStateChanged(_)).Times(AnyNumber()); 2111 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2320 EXPECT_CALL(*observer(), 2112 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2321 OnPassphraseAccepted());
2322 EXPECT_CALL(*observer(),
2323 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2324 EXPECT_CALL(*observer(), 2113 EXPECT_CALL(*observer(),
2325 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)); 2114 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
2326 EXPECT_CALL(*observer(), 2115 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AtLeast(1));
2327 OnEncryptionComplete()).Times(AtLeast(1));
2328 { 2116 {
2329 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( 2117 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
2330 KEYSTORE_PASSPHRASE, 2118 KEYSTORE_PASSPHRASE, 1, kOldGaiaKey, old_keystore_key);
2331 1,
2332 kOldGaiaKey,
2333 old_keystore_key);
2334 // Update the encryption handler. 2119 // Update the encryption handler.
2335 WriteTransaction trans(FROM_HERE, user_share()); 2120 WriteTransaction trans(FROM_HERE, user_share());
2336 encryption_handler()->ApplyNigoriUpdate( 2121 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
2337 nigori,
2338 trans.GetWrappedTrans());
2339 } 2122 }
2340 EXPECT_FALSE(encryption_handler()->MigratedToKeystore()); 2123 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
2341 PumpLoop(); 2124 PumpLoop();
2342 2125
2343 EXPECT_TRUE(encryption_handler()->MigratedToKeystore()); 2126 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2344 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType()); 2127 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
2345 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey); 2128 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2346 } 2129 }
2347 2130
2348 // Verify that performing a migration while having more than one keystore key 2131 // Verify that performing a migration while having more than one keystore key
2349 // preserves a custom passphrase. 2132 // preserves a custom passphrase.
2350 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) { 2133 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) {
2351 const char kCustomPass[] = "custom_passphrase"; 2134 const char kCustomPass[] = "custom_passphrase";
2352 const char kRawOldKeystoreKey[] = "old_keystore_key"; 2135 const char kRawOldKeystoreKey[] = "old_keystore_key";
2353 2136
2354 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _)); 2137 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2355 InitUnmigratedNigori(kCustomPass, CUSTOM_PASSPHRASE); 2138 InitUnmigratedNigori(kCustomPass, CUSTOM_PASSPHRASE);
2356 2139
2357 { 2140 {
2358 // Pass multiple keystore keys, signaling a rotation has happened. 2141 // Pass multiple keystore keys, signaling a rotation has happened.
2359 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; 2142 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2360 keys.Add()->assign(kRawOldKeystoreKey); 2143 keys.Add()->assign(kRawOldKeystoreKey);
2361 keys.Add()->assign(kRawKeystoreKey); 2144 keys.Add()->assign(kRawKeystoreKey);
2362 ReadTransaction trans(FROM_HERE, user_share()); 2145 ReadTransaction trans(FROM_HERE, user_share());
2363 EXPECT_CALL(*observer(), 2146 EXPECT_CALL(*observer(),
2364 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 2147 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2365 encryption_handler()->SetKeystoreKeys(keys, 2148 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
2366 trans.GetWrappedTrans());
2367 } 2149 }
2368 PumpLoop(); 2150 PumpLoop();
2369 Mock::VerifyAndClearExpectations(observer()); 2151 Mock::VerifyAndClearExpectations(observer());
2370 2152
2371 // Pass the decryption passphrase. This will also trigger the migration, 2153 // Pass the decryption passphrase. This will also trigger the migration,
2372 // but should not overwrite the default key. 2154 // but should not overwrite the default key.
2373 EXPECT_CALL(*observer(), 2155 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2374 OnCryptographerStateChanged(_)).Times(AnyNumber()); 2156 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2375 EXPECT_CALL(*observer(), 2157 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, true));
2376 OnPassphraseAccepted());
2377 EXPECT_CALL(*observer(),
2378 OnEncryptedTypesChanged(_, true));
2379 SyncEncryptionHandler::NigoriState captured_nigori_state; 2158 SyncEncryptionHandler::NigoriState captured_nigori_state;
2380 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 2159 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
2381 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 2160 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
2382 EXPECT_CALL(*observer(), 2161 EXPECT_CALL(*observer(), OnEncryptionComplete()).Times(AnyNumber());
2383 OnEncryptionComplete()).Times(AnyNumber());
2384 std::string captured_bootstrap_token; 2162 std::string captured_bootstrap_token;
2385 EXPECT_CALL(*observer(), 2163 EXPECT_CALL(*observer(),
2386 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN)) 2164 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN))
2387 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token)); 2165 .WillOnce(testing::SaveArg<0>(&captured_bootstrap_token));
2388 encryption_handler()->SetDecryptionPassphrase(kCustomPass); 2166 encryption_handler()->SetDecryptionPassphrase(kCustomPass);
2389 Mock::VerifyAndClearExpectations(observer()); 2167 Mock::VerifyAndClearExpectations(observer());
2390 2168
2391 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCustomPass); 2169 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCustomPass);
2392 2170
2393 const base::Time migration_time = encryption_handler()->migration_time(); 2171 const base::Time migration_time = encryption_handler()->migration_time();
(...skipping 18 matching lines...) Expand all
2412 2190
2413 SyncEncryptionHandler::NigoriState captured_nigori_state; 2191 SyncEncryptionHandler::NigoriState captured_nigori_state;
2414 { 2192 {
2415 // Pass multiple keystore keys, signaling a rotation has happened. 2193 // Pass multiple keystore keys, signaling a rotation has happened.
2416 google::protobuf::RepeatedPtrField<google::protobuf::string> keys; 2194 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2417 keys.Add()->assign(kRawOldKeystoreKey); 2195 keys.Add()->assign(kRawOldKeystoreKey);
2418 keys.Add()->assign(kRawKeystoreKey); 2196 keys.Add()->assign(kRawKeystoreKey);
2419 ReadTransaction trans(FROM_HERE, user_share()); 2197 ReadTransaction trans(FROM_HERE, user_share());
2420 EXPECT_CALL(*observer(), 2198 EXPECT_CALL(*observer(),
2421 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 2199 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2422 EXPECT_CALL(*observer(), 2200 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2423 OnCryptographerStateChanged(_)).Times(AnyNumber());
2424 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_)) 2201 EXPECT_CALL(*observer(), OnLocalSetPassphraseEncryption(_))
2425 .WillOnce(testing::SaveArg<0>(&captured_nigori_state)); 2202 .WillOnce(testing::SaveArg<0>(&captured_nigori_state));
2426 encryption_handler()->SetKeystoreKeys(keys, 2203 encryption_handler()->SetKeystoreKeys(keys, trans.GetWrappedTrans());
2427 trans.GetWrappedTrans());
2428 } 2204 }
2429 PumpLoop(); 2205 PumpLoop();
2430 Mock::VerifyAndClearExpectations(observer()); 2206 Mock::VerifyAndClearExpectations(observer());
2431 2207
2432 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE, 2208 VerifyMigratedNigoriWithTimestamp(migration_time, CUSTOM_PASSPHRASE,
2433 kCustomPass); 2209 kCustomPass);
2434 2210
2435 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_, 2211 // We need the passphrase bootstrap token, but OnBootstrapTokenUpdated(_,
2436 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked 2212 // PASSPHRASE_BOOTSTRAP_TOKEN) has not been invoked (because it was invoked
2437 // during a previous instance) so get it from the Cryptographer. 2213 // during a previous instance) so get it from the Cryptographer.
2438 std::string passphrase_bootstrap_token; 2214 std::string passphrase_bootstrap_token;
2439 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token); 2215 GetCryptographer()->GetBootstrapToken(&passphrase_bootstrap_token);
2440 VerifyRestoreAfterCustomPassphrase(migration_time, kCustomPass, 2216 VerifyRestoreAfterCustomPassphrase(migration_time, kCustomPass,
2441 passphrase_bootstrap_token, 2217 passphrase_bootstrap_token,
2442 captured_nigori_state, CUSTOM_PASSPHRASE); 2218 captured_nigori_state, CUSTOM_PASSPHRASE);
2443 } 2219 }
2444 2220
2445 // Verify that the client can gracefully handle a nigori node that is missing 2221 // Verify that the client can gracefully handle a nigori node that is missing
2446 // the keystore migration time field. 2222 // the keystore migration time field.
2447 TEST_F(SyncEncryptionHandlerImplTest, MissingKeystoreMigrationTime) { 2223 TEST_F(SyncEncryptionHandlerImplTest, MissingKeystoreMigrationTime) {
2448 EXPECT_CALL(*observer(), 2224 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2449 OnCryptographerStateChanged(_)).Times(AnyNumber()); 2225 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2450 EXPECT_CALL(*observer(), 2226 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(_, false));
2451 OnPassphraseRequired(_, _));
2452 EXPECT_CALL(*observer(),
2453 OnEncryptedTypesChanged(_, false));
2454 encryption_handler()->Init(); 2227 encryption_handler()->Init();
2455 Mock::VerifyAndClearExpectations(observer()); 2228 Mock::VerifyAndClearExpectations(observer());
2456 2229
2457 // Now simulate downloading a nigori node that that is missing the keystore 2230 // Now simulate downloading a nigori node that that is missing the keystore
2458 // migration time. It should be interpreted properly, and the passphrase type 2231 // migration time. It should be interpreted properly, and the passphrase type
2459 // should switch to keystore passphrase. 2232 // should switch to keystore passphrase.
2460 EXPECT_CALL(*observer(), 2233 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2461 OnCryptographerStateChanged(_)).Times(AnyNumber()); 2234 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2462 EXPECT_CALL(*observer(), 2235 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2463 OnPassphraseRequired(_, _));
2464 EXPECT_CALL(*observer(),
2465 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2466 { 2236 {
2467 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori( 2237 sync_pb::NigoriSpecifics nigori =
2468 KEYSTORE_PASSPHRASE, 2238 BuildMigratedNigori(KEYSTORE_PASSPHRASE, 1, kKeystoreKey, kKeystoreKey);
2469 1,
2470 kKeystoreKey,
2471 kKeystoreKey);
2472 nigori.clear_keystore_migration_time(); 2239 nigori.clear_keystore_migration_time();
2473 // Update the encryption handler. 2240 // Update the encryption handler.
2474 WriteTransaction trans(FROM_HERE, user_share()); 2241 WriteTransaction trans(FROM_HERE, user_share());
2475 encryption_handler()->ApplyNigoriUpdate( 2242 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
2476 nigori,
2477 trans.GetWrappedTrans());
2478 } 2243 }
2479 Mock::VerifyAndClearExpectations(observer()); 2244 Mock::VerifyAndClearExpectations(observer());
2480 2245
2481 // Now provide the keystore key to fully initialize the cryptographer. 2246 // Now provide the keystore key to fully initialize the cryptographer.
2482 EXPECT_CALL(*observer(), 2247 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2483 OnCryptographerStateChanged(_)).Times(AnyNumber());
2484 EXPECT_CALL(*observer(), 2248 EXPECT_CALL(*observer(),
2485 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN)); 2249 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2486 { 2250 {
2487 ReadTransaction trans(FROM_HERE, user_share()); 2251 ReadTransaction trans(FROM_HERE, user_share());
2488 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto( 2252 encryption_handler()->SetKeystoreKeys(
2489 kRawKeystoreKey), 2253 BuildEncryptionKeyProto(kRawKeystoreKey), trans.GetWrappedTrans());
2490 trans.GetWrappedTrans());
2491 } 2254 }
2492 } 2255 }
2493 2256
2494 } // namespace syncer 2257 } // namespace syncer
OLDNEW
« no previous file with comments | « components/sync/core_impl/sync_encryption_handler_impl.cc ('k') | components/sync/core_impl/sync_manager_impl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698