diff options
| author | zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-12-19 01:56:52 +0000 |
|---|---|---|
| committer | zea@chromium.org <zea@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-12-19 01:56:52 +0000 |
| commit | 9a3072c62ef8896a3e089b50efff8f2eb6794fcd (patch) | |
| tree | 123be8e004986b76bc322e37b3222ec2712313b4 /sync/internal_api/sync_encryption_handler_impl.h | |
| parent | 270f2cf4ed76055f185ca9c59d3e4b9316b758fc (diff) | |
| download | chromium_src-9a3072c62ef8896a3e089b50efff8f2eb6794fcd.zip chromium_src-9a3072c62ef8896a3e089b50efff8f2eb6794fcd.tar.gz chromium_src-9a3072c62ef8896a3e089b50efff8f2eb6794fcd.tar.bz2 | |
[Sync] Add support for keystore key rotation.
Key rotation will trigger a full re-encryption of all sync data with the newest
keystore key. Previous keys will be added to the keybag as well. We detect key
rotation by checking whether we have multiple keystore keys and the nigori's
keybag is not encrypted with the current keystore key. In that case, we no
longer support backwards compatibility with non-keystore supporting versions,
and re-encrypt using the newest keystore key.
This change also fixes two latent issues: lack of encryption of the keystore
bootstrap and not properly posting OnPassphraseAccepted when we resolve pending
keys.
BUG=163744
Review URL: https://chromiumcodereview.appspot.com/11434070
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@173830 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sync/internal_api/sync_encryption_handler_impl.h')
| -rw-r--r-- | sync/internal_api/sync_encryption_handler_impl.h | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/sync/internal_api/sync_encryption_handler_impl.h b/sync/internal_api/sync_encryption_handler_impl.h index d93db15..a308503 100644 --- a/sync/internal_api/sync_encryption_handler_impl.h +++ b/sync/internal_api/sync_encryption_handler_impl.h @@ -73,8 +73,8 @@ class SyncEncryptionHandlerImpl syncable::BaseTransaction* const trans) const OVERRIDE; virtual bool NeedKeystoreKey( syncable::BaseTransaction* const trans) const OVERRIDE; - virtual bool SetKeystoreKey( - const std::string& key, + virtual bool SetKeystoreKeys( + const google::protobuf::RepeatedPtrField<google::protobuf::string>& keys, syncable::BaseTransaction* const trans) OVERRIDE; // Can be called from any thread. virtual ModelTypeSet GetEncryptedTypes( @@ -90,6 +90,7 @@ class SyncEncryptionHandlerImpl base::Time custom_passphrase_time() const; private: + friend class SyncEncryptionHandlerImplTest; FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, NigoriEncryptionTypes); FRIEND_TEST_ALL_PREFIXES(SyncEncryptionHandlerImplTest, @@ -216,8 +217,8 @@ class SyncEncryptionHandlerImpl // triggered or not. // Conditions for triggering migration: // 1. Cryptographer has no pending keys - // 2. Nigori node isn't already properly migrated. - // 3. Keystore key is available (if we are not migrated yet). + // 2. Nigori node isn't already properly migrated or we need to rotate keys. + // 3. Keystore key is available. // Note: if the nigori node is migrated but has an invalid state, will return // true (e.g. node has KEYSTORE_PASSPHRASE, local is CUSTOM_PASSPHRASE). bool ShouldTriggerMigration(const sync_pb::NigoriSpecifics& nigori, @@ -283,9 +284,15 @@ class SyncEncryptionHandlerImpl // keys stored in the nigori node. PassphraseType passphrase_type_; - // The keystore key provided by the server. + // The current keystore key provided by the server. std::string keystore_key_; + // The set of old keystore keys. Every time a key rotation occurs, the server + // sends down all previous keystore keys as well as the new key. We preserve + // the old keys so that when we re-encrypt we can ensure they're all added to + // the keybag (and to detect that a key rotation has occurred). + std::vector<std::string> old_keystore_keys_; + // The number of times we've automatically (i.e. not via SetPassphrase or // conflict resolver) updated the nigori's encryption keys in this chrome // instantiation. |