[Sync] Implement keystore migration support.

We'll now trigger migration if the keystore key is available, the cryptographer is ready, and the nigori node isn't already properly migrated. Note that this means we won't trigger migration without at least the implicit gaia password already available to the cryptographer, in order to support backwards compatibility with older clients. Eventually that will change. In addition, once a nigori node has been migrated, any client that supports keystore encryption will follow the new encryption constraints, whether or not the --sync-keystore-encryption flag is passed. This means that if the user sets a custom passphrase, encrypt everything will also be enabled (and vice versa). Migration-aware conflict resolution is not implemented yet. BUG=129665 Review URL: https://chromiumcodereview.appspot.com/10916036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156646 0039d316-1c4b-4281-b951-d872f2087c98
author: zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-09-13 21:52:28 +0000
committer: zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-09-13 21:52:28 +0000
commit: 19fb909bb05f2574c3fc0f16455c68b6143b2e75 (patch)
tree: 4c5eb62def367c4c58422b3f3524cc56e8bfba57 /sync/engine
parent: 8c55c673a845f9e3d8556c9e755d3247c051800a (diff)
download: chromium_src-19fb909bb05f2574c3fc0f16455c68b6143b2e75.zip
chromium_src-19fb909bb05f2574c3fc0f16455c68b6143b2e75.tar.gz
chromium_src-19fb909bb05f2574c3fc0f16455c68b6143b2e75.tar.bz2
3 files changed, 18 insertions, 17 deletions
diff --git a/sync/engine/apply_control_data_updates.cc b/sync/engine/apply_control_data_updates.cc
index 2aa7dd4..7a52e8c 100644
--- a/sync/engine/apply_control_data_updates.cc
+++ b/sync/engine/apply_control_data_updates.cc
@@ -117,9 +117,9 @@ bool ApplyNigoriUpdates(syncable::WriteTransaction* trans,
     // that passphrase as an explicit one via settings. The goal here is to
     // ensure both sets of encryption keys are preserved.
     if (cryptographer->is_ready()) {
-      cryptographer->GetKeys(server_nigori->mutable_encrypted());
-      server_nigori->set_using_explicit_passphrase(
-          nigori_node.Get(SPECIFICS).nigori().using_explicit_passphrase());
+      cryptographer->GetKeys(server_nigori->mutable_encryption_keybag());
+      server_nigori->set_keybag_is_frozen(
+          nigori_node.Get(SPECIFICS).nigori().keybag_is_frozen());
     }
     nigori_node.Put(SPECIFICS, specifics);
     DVLOG(1) << "Resolving simple conflict, merging nigori nodes: "
diff --git a/sync/engine/apply_control_data_updates_unittest.cc b/sync/engine/apply_control_data_updates_unittest.cc
index dbfc98d..7f1a9fa 100644
--- a/sync/engine/apply_control_data_updates_unittest.cc
+++ b/sync/engine/apply_control_data_updates_unittest.cc
@@ -82,7 +82,7 @@ TEST_F(ApplyControlDataUpdatesTest, NigoriUpdate) {
 
   sync_pb::EntitySpecifics specifics;
   sync_pb::NigoriSpecifics* nigori = specifics.mutable_nigori();
-  other_cryptographer.GetKeys(nigori->mutable_encrypted());
+  other_cryptographer.GetKeys(nigori->mutable_encryption_keybag());
   nigori->set_encrypt_everything(true);
   entry_factory_->CreateUnappliedNewItem(
       ModelTypeToRootTag(NIGORI), specifics, true);
@@ -126,7 +126,7 @@ TEST_F(ApplyControlDataUpdatesTest, NigoriUpdateForDisabledTypes) {
 
   sync_pb::EntitySpecifics specifics;
   sync_pb::NigoriSpecifics* nigori = specifics.mutable_nigori();
-  other_cryptographer.GetKeys(nigori->mutable_encrypted());
+  other_cryptographer.GetKeys(nigori->mutable_encryption_keybag());
   nigori->set_encrypt_everything(true);
   entry_factory_->CreateUnappliedNewItem(
       ModelTypeToRootTag(NIGORI), specifics, true);
@@ -194,7 +194,7 @@ TEST_F(ApplyControlDataUpdatesTest, EncryptUnsyncedChanges) {
   cryptographer->AddKey(params);
   sync_pb::EntitySpecifics specifics;
   sync_pb::NigoriSpecifics* nigori = specifics.mutable_nigori();
-  cryptographer->GetKeys(nigori->mutable_encrypted());
+  cryptographer->GetKeys(nigori->mutable_encryption_keybag());
   nigori->set_encrypt_everything(true);
   encrypted_types.Put(BOOKMARKS);
   entry_factory_->CreateUnappliedNewItem(
@@ -307,7 +307,7 @@ TEST_F(ApplyControlDataUpdatesTest, CannotEncryptUnsyncedChanges) {
   other_cryptographer.AddKey(params);
   sync_pb::EntitySpecifics specifics;
   sync_pb::NigoriSpecifics* nigori = specifics.mutable_nigori();
-  other_cryptographer.GetKeys(nigori->mutable_encrypted());
+  other_cryptographer.GetKeys(nigori->mutable_encryption_keybag());
   nigori->set_encrypt_everything(true);
   encrypted_types.Put(BOOKMARKS);
   entry_factory_->CreateUnappliedNewItem(
diff --git a/sync/engine/syncer_unittest.cc b/sync/engine/syncer_unittest.cc
index 60e5a27..0165016 100644
--- a/sync/engine/syncer_unittest.cc
+++ b/sync/engine/syncer_unittest.cc
@@ -723,13 +723,13 @@ TEST_F(SyncerTest, GetCommitIdsFiltersUnreadyEntries) {
     other_cryptographer.AddKey(other_params);
     sync_pb::EntitySpecifics specifics;
     sync_pb::NigoriSpecifics* nigori = specifics.mutable_nigori();
-    other_cryptographer.GetKeys(nigori->mutable_encrypted());
+    other_cryptographer.GetKeys(nigori->mutable_encryption_keybag());
     dir_maker_.encryption_handler()->EnableEncryptEverything();
     // Set up with an old passphrase, but have pending keys
     GetCryptographer(&wtrans)->AddKey(key_params);
     GetCryptographer(&wtrans)->Encrypt(bookmark,
                                     encrypted_bookmark.mutable_encrypted());
-    GetCryptographer(&wtrans)->SetPendingKeys(nigori->encrypted());
+    GetCryptographer(&wtrans)->SetPendingKeys(nigori->encryption_keybag());
 
     // In conflict but properly encrypted.
     MutableEntry A(&wtrans, GET_BY_ID, ids_.FromNumber(1));
@@ -836,9 +836,9 @@ TEST_F(SyncerTest, EncryptionAwareConflicts) {
     WriteTransaction wtrans(FROM_HERE, UNITTEST, directory());
     sync_pb::EntitySpecifics specifics;
     sync_pb::NigoriSpecifics* nigori = specifics.mutable_nigori();
-    other_cryptographer.GetKeys(nigori->mutable_encrypted());
+    other_cryptographer.GetKeys(nigori->mutable_encryption_keybag());
     dir_maker_.encryption_handler()->EnableEncryptEverything();
-    GetCryptographer(&wtrans)->SetPendingKeys(nigori->encrypted());
+    GetCryptographer(&wtrans)->SetPendingKeys(nigori->encryption_keybag());
     EXPECT_TRUE(GetCryptographer(&wtrans)->has_pending_keys());
   }
 
@@ -982,6 +982,7 @@ TEST_F(SyncerTest, EncryptionAwareConflicts) {
 // and encryption keys (remote is explicit). Afterwards, the encrypted types
 // should be unioned and the cryptographer should have both keys and be
 // encrypting with the remote encryption key by default.
+// TODO(zea): Test conflicts with keystore migration.
 TEST_F(SyncerTest, NigoriConflicts) {
   KeyParams local_key_params = {"localhost", "dummy", "blargle"};
   KeyParams other_key_params = {"localhost", "dummy", "foobar"};
@@ -1014,7 +1015,7 @@ TEST_F(SyncerTest, NigoriConflicts) {
         our_encrypted_specifics,
         our_encrypted_specifics.mutable_encrypted());
     GetCryptographer(&wtrans)->GetKeys(
-        nigori->mutable_encrypted());
+        nigori->mutable_encryption_keybag());
     dir_maker_.encryption_handler()->EnableEncryptEverything();
     directory()->GetNigoriHandler()->UpdateNigoriFromEncryptedTypes(
         nigori,
@@ -1031,11 +1032,11 @@ TEST_F(SyncerTest, NigoriConflicts) {
   {
     sync_pb::EntitySpecifics specifics;
     sync_pb::NigoriSpecifics* nigori = specifics.mutable_nigori();
-    other_cryptographer.GetKeys(nigori->mutable_encrypted());
+    other_cryptographer.GetKeys(nigori->mutable_encryption_keybag());
     nigori->set_encrypt_bookmarks(true);
     nigori->set_encrypt_preferences(true);
     nigori->set_encrypt_everything(false);
-    nigori->set_using_explicit_passphrase(true);
+    nigori->set_keybag_is_frozen(true);
     mock_server_->SetNigori(1, 20, 20, specifics);
   }
 
@@ -1059,7 +1060,7 @@ TEST_F(SyncerTest, NigoriConflicts) {
     EXPECT_TRUE(encrypted_types.Equals(
         directory()->GetNigoriHandler()->GetEncryptedTypes(&wtrans)));
     EXPECT_TRUE(dir_maker_.encryption_handler()->EncryptEverythingEnabled());
-    EXPECT_TRUE(specifics.nigori().using_explicit_passphrase());
+    EXPECT_TRUE(specifics.nigori().keybag_is_frozen());
     // Supply the pending keys. Afterwards, we should be able to decrypt both
     // our own encrypted data and data encrypted by the other cryptographer,
     // but the key provided by the other cryptographer should be the default.
@@ -1067,7 +1068,7 @@ TEST_F(SyncerTest, NigoriConflicts) {
         GetCryptographer(&wtrans)->DecryptPendingKeys(other_key_params));
     EXPECT_FALSE(GetCryptographer(&wtrans)->has_pending_keys());
     sync_pb::NigoriSpecifics* nigori = specifics.mutable_nigori();
-    GetCryptographer(&wtrans)->GetKeys(nigori->mutable_encrypted());
+    GetCryptographer(&wtrans)->GetKeys(nigori->mutable_encryption_keybag());
     directory()->GetNigoriHandler()->UpdateNigoriFromEncryptedTypes(
         nigori,
         &wtrans);
@@ -1097,7 +1098,7 @@ TEST_F(SyncerTest, NigoriConflicts) {
     EXPECT_TRUE(GetCryptographer(&wtrans)->
         CanDecryptUsingDefaultKey(other_encrypted_specifics.encrypted()));
     EXPECT_TRUE(nigori_entry.Get(SPECIFICS).nigori().
-        using_explicit_passphrase());
+        keybag_is_frozen());
   }
 }
author	zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-09-13 21:52:28 +0000
committer	zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-09-13 21:52:28 +0000
commit	19fb909bb05f2574c3fc0f16455c68b6143b2e75 (patch)
tree	4c5eb62def367c4c58422b3f3524cc56e8bfba57 /sync/engine
parent	8c55c673a845f9e3d8556c9e755d3247c051800a (diff)
download	chromium_src-19fb909bb05f2574c3fc0f16455c68b6143b2e75.zip chromium_src-19fb909bb05f2574c3fc0f16455c68b6143b2e75.tar.gz chromium_src-19fb909bb05f2574c3fc0f16455c68b6143b2e75.tar.bz2