sync: Add non-blocking type encryption support

Introduces the framework for dealing with sync encryption in
non-blocking types.  Unlike directory sync types, non-blocking type
encryption only encrypts data before it is sent to the server.
Encrypting the data on-disk is a separate problem.

Adds code to the ModelTypeSyncWorker so it can access the directory's
cryptographer (through a CryptographerProvider interface) and use it to
encrypt entities before it sends them to the server.  If the
cryptographer is unable to encrypt with the desired key, the worker will
not commit until the cryptographer returns to a good state.

Adds the concept of a "desired encryption key" to the data type state.
When the cryptographer key to be used to encrypt a type changes, this
will be reflected in the data type state.  The ModelTypeSyncProxy is
responsible for ensuring that all items which have not yet been
encrypted with this desired key are enqueued for commit.

Makes the ModelTypeSyncWorker, EntityTracker, and ModelTypeSyncProxy
collaborate on the management of undecryptable (inapplicable) updates.
The EntityTracker keeps track of their version numbers and content, and
prevents the committing of new items to the server until the
inapplicable update has been dealt with.  The ModelTypeSyncProxy is
responsible for saving inapplicable updates across restarts.

This CL alone is not enough to enable encryption support for
non-blocking types.  It requires additional code to hook up the
ModelTypeSyncWorkers to receive cryptographer events.  This will be
added in a future commit.  In the meantime, this CL includes plenty
of unit tests to verify the functionality that's being added.

BUG=351005

Review URL: https://codereview.chromium.org/423193002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287428 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 10 insertions, 3 deletions

diff --git a/sync/util/cryptographer.cc b/sync/util/cryptographer.cc
index 29f3781..cb155b5 100644
--- a/sync/util/cryptographer.cc
+++ b/sync/util/cryptographer.cc
@@ -251,7 +251,7 @@ bool Cryptographer::DecryptPendingKeys(const KeyParams& params) {
 
 bool Cryptographer::GetBootstrapToken(std::string* token) const {
   DCHECK(token);
-  std::string unencrypted_token = GetDefaultNigoriKey();
+  std::string unencrypted_token = GetDefaultNigoriKeyData();
   if (unencrypted_token.empty())
     return false;
 
@@ -324,7 +324,11 @@ bool Cryptographer::KeybagIsStale(
   return false;
 }
 
-std::string Cryptographer::GetDefaultNigoriKey() const {
+std::string Cryptographer::GetDefaultNigoriKeyName() const {
+  return default_nigori_name_;
+}
+
+std::string Cryptographer::GetDefaultNigoriKeyData() const {
   if (!is_initialized())
     return std::string();
   NigoriMap::const_iterator iter = nigoris_.find(default_nigori_name_);
diff --git a/sync/util/cryptographer.h b/sync/util/cryptographer.h
index 2dfdedc..9876f83 100644
--- a/sync/util/cryptographer.h
+++ b/sync/util/cryptographer.h
@@ -176,9 +176,12 @@ class SYNC_EXPORT Cryptographer {
   // and/or has a different default key.
   bool KeybagIsStale(const sync_pb::EncryptedData& keybag) const;
 
+  // Returns the name of the Nigori key currently used for encryption.
+  std::string GetDefaultNigoriKeyName() const;
+
   // Returns a serialized sync_pb::NigoriKey version of current default
   // encryption key.
-  std::string GetDefaultNigoriKey() const;
+  std::string GetDefaultNigoriKeyData() const;
 
   // Generates a new Nigori from |serialized_nigori_key|, and if successful
   // installs the new nigori as the default key.