diff options
| author | zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-03 00:57:52 +0000 |
|---|---|---|
| committer | zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-03 00:57:52 +0000 |
| commit | a76abe7de93690d517f4279378dd496305a79e64 (patch) | |
| tree | 74bb1b1b1c257ededbccafffb6263b247cfc82f0 /chrome/browser/sync/protocol | |
| parent | 94714db540723a0e76c264a98ac61dde61e04c2e (diff) | |
| download | chromium_src-a76abe7de93690d517f4279378dd496305a79e64.zip chromium_src-a76abe7de93690d517f4279378dd496305a79e64.tar.gz chromium_src-a76abe7de93690d517f4279378dd496305a79e64.tar.bz2 | |
[Sync] Ensure we always re-encrypt with newest gaia password if available.
Previously we would only re-encrypt an account that had implicit passphrases if,
on a password change, the client was already signed in. Otherwise, for example
if the user signs in to a new client, we would disregard the current credentials
because they are unable to decrypt the existing encrypted data (based on the old
gaia password).
This change ensures we do not throw away the old credentials. If we have pending
keys, we go ahead and generate new encryption keys based on the new credentials
and set those keys as the default. In addition, we persist the keys in the
bootstrap token for the cryptographer. In this way, the bootstrap token for
accounts using implicit passphrases will always correspond to the encryption
keys derived from the most recent gaia password.
Once the user supplies the old gaia password (which they will be prompted for
due to the cryptographer having pending keys), we will install it, but then
restore the encryption keys based on the current gaia password as the default.
This decision is made based on whether the pending keybag contains the current
default key or not. If it does, then the keybag must be newer than our data,
and we let it overwrite the default. If it does not, then our current key
is the newest, and we persist the current default.
In order to support this change, we plumb from the setup flow whether a
passphrase originates from the user or from an internal source (the
signin successful notification). In this way we can differentiate the current
implicit passphrase from an older user provided one.
BUG=104508
TEST=sync_unit_tests. All existing passphrase tests. Manually signing into
a clean account, setting up sync, signing out, changing the password, then
signing in to a new client. The new client should prompt for the old password,
but once provided should re-encrypt all data with the new password.
Subsequent new clients should not prompt for any old password.
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=120157
Review URL: https://chromiumcodereview.appspot.com/9309022
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@120257 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/sync/protocol')
| -rw-r--r-- | chrome/browser/sync/protocol/client_debug_info.proto | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/chrome/browser/sync/protocol/client_debug_info.proto b/chrome/browser/sync/protocol/client_debug_info.proto index af97839..6d67b72 100644 --- a/chrome/browser/sync/protocol/client_debug_info.proto +++ b/chrome/browser/sync/protocol/client_debug_info.proto @@ -38,6 +38,8 @@ message DebugEventInfo { ENCRYPTED_TYPES_CHANGED = 9; // Set of encrypted types has changed. ENCRYPTION_COMPLETE = 7; // Client has finished encrypting all data. ACTIONABLE_ERROR = 8; // Client received an actionable error. + BOOTSTRAP_TOKEN_UPDATED = 9; // A new cryptographer bootstrap token was + // generated. } optional EventType type = 1; optional SyncCycleCompletedEventInfo sync_cycle_completed_event_info = 2; |