From 4237bc177e77a9f2408758d6677ea1d9b420ed26 Mon Sep 17 00:00:00 2001 From: "rlarocque@chromium.org" Date: Wed, 6 Aug 2014 20:46:11 +0000 Subject: sync: Add non-blocking type encryption (retry) Fixes some memory leak issues that were present in the first instance of this CL. Original description follows: Introduces the framework for dealing with sync encryption in non-blocking types. Unlike directory sync types, non-blocking type encryption only encrypts data before it is sent to the server. Encrypting the data on-disk is a separate problem. Adds code to the ModelTypeSyncWorker so it can access the directory's cryptographer (through a CryptographerProvider interface) and use it to encrypt entities before it sends them to the server. If the cryptographer is unable to encrypt with the desired key, the worker will not commit until the cryptographer returns to a good state. Adds the concept of a "desired encryption key" to the data type state. When the cryptographer key to be used to encrypt a type changes, this will be reflected in the data type state. The ModelTypeSyncProxy is responsible for ensuring that all items which have not yet been encrypted with this desired key are enqueued for commit. Makes the ModelTypeSyncWorker, EntityTracker, and ModelTypeSyncProxy collaborate on the management of undecryptable (inapplicable) updates. The EntityTracker keeps track of their version numbers and content, and prevents the committing of new items to the server until the inapplicable update has been dealt with. The ModelTypeSyncProxy is responsible for saving inapplicable updates across restarts. This CL alone is not enough to enable encryption support for non-blocking types. It requires additional code to hook up the ModelTypeSyncWorkers to receive cryptographer events. This will be added in a future commit. In the meantime, this CL includes plenty of unit tests to verify the functionality that's being added. BUG=351005 Review URL: https://codereview.chromium.org/442053002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287849 0039d316-1c4b-4281-b951-d872f2087c98 --- sync/util/cryptographer.cc | 8 ++++++-- sync/util/cryptographer.h | 5 ++++- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'sync/util') diff --git a/sync/util/cryptographer.cc b/sync/util/cryptographer.cc index 29f3781..cb155b5 100644 --- a/sync/util/cryptographer.cc +++ b/sync/util/cryptographer.cc @@ -251,7 +251,7 @@ bool Cryptographer::DecryptPendingKeys(const KeyParams& params) { bool Cryptographer::GetBootstrapToken(std::string* token) const { DCHECK(token); - std::string unencrypted_token = GetDefaultNigoriKey(); + std::string unencrypted_token = GetDefaultNigoriKeyData(); if (unencrypted_token.empty()) return false; @@ -324,7 +324,11 @@ bool Cryptographer::KeybagIsStale( return false; } -std::string Cryptographer::GetDefaultNigoriKey() const { +std::string Cryptographer::GetDefaultNigoriKeyName() const { + return default_nigori_name_; +} + +std::string Cryptographer::GetDefaultNigoriKeyData() const { if (!is_initialized()) return std::string(); NigoriMap::const_iterator iter = nigoris_.find(default_nigori_name_); diff --git a/sync/util/cryptographer.h b/sync/util/cryptographer.h index 2dfdedc..9876f83 100644 --- a/sync/util/cryptographer.h +++ b/sync/util/cryptographer.h @@ -176,9 +176,12 @@ class SYNC_EXPORT Cryptographer { // and/or has a different default key. bool KeybagIsStale(const sync_pb::EncryptedData& keybag) const; + // Returns the name of the Nigori key currently used for encryption. + std::string GetDefaultNigoriKeyName() const; + // Returns a serialized sync_pb::NigoriKey version of current default // encryption key. - std::string GetDefaultNigoriKey() const; + std::string GetDefaultNigoriKeyData() const; // Generates a new Nigori from |serialized_nigori_key|, and if successful // installs the new nigori as the default key. -- cgit v1.1