Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / sync / internal_api / sync_encryption_handler_impl_unittest.cc
blob829ecd2cb9b4d5e775b53e446cce3035b0f1d3f7
1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sync/internal_api/sync_encryption_handler_impl.h"
7 #include <string>
9 #include "base/base64.h"
10 #include "base/json/json_string_value_serializer.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/run_loop.h"
13 #include "base/tracked_objects.h"
14 #include "sync/internal_api/public/base/model_type_test_util.h"
15 #include "sync/internal_api/public/read_node.h"
16 #include "sync/internal_api/public/read_transaction.h"
17 #include "sync/internal_api/public/test/test_user_share.h"
18 #include "sync/internal_api/public/write_node.h"
19 #include "sync/internal_api/public/write_transaction.h"
20 #include "sync/protocol/nigori_specifics.pb.h"
21 #include "sync/protocol/sync.pb.h"
22 #include "sync/syncable/entry.h"
23 #include "sync/syncable/mutable_entry.h"
24 #include "sync/syncable/syncable_write_transaction.h"
25 #include "sync/test/engine/test_id_factory.h"
26 #include "sync/test/fake_encryptor.h"
27 #include "sync/util/cryptographer.h"
28 #include "testing/gmock/include/gmock/gmock.h"
29 #include "testing/gtest/include/gtest/gtest.h"
31 namespace syncer {
33 namespace {
35 using ::testing::_;
36 using ::testing::AnyNumber;
37 using ::testing::AtLeast;
38 using ::testing::Mock;
39 using ::testing::SaveArg;
40 using ::testing::StrictMock;
42 // The raw keystore key the server sends.
43 static const char kRawKeystoreKey[] = "keystore_key";
44 // Base64 encoded version of |kRawKeystoreKey|.
45 static const char kKeystoreKey[] = "a2V5c3RvcmVfa2V5";
47 class SyncEncryptionHandlerObserverMock
48 : public SyncEncryptionHandler::Observer {
49 public:
50 MOCK_METHOD2(OnPassphraseRequired,
51 void(PassphraseRequiredReason,
52 const sync_pb::EncryptedData&)); // NOLINT
53 MOCK_METHOD0(OnPassphraseAccepted, void()); // NOLINT
54 MOCK_METHOD2(OnBootstrapTokenUpdated,
55 void(const std::string&, BootstrapTokenType type)); // NOLINT
56 MOCK_METHOD2(OnEncryptedTypesChanged,
57 void(ModelTypeSet, bool)); // NOLINT
58 MOCK_METHOD0(OnEncryptionComplete, void()); // NOLINT
59 MOCK_METHOD1(OnCryptographerStateChanged, void(Cryptographer*)); // NOLINT
60 MOCK_METHOD2(OnPassphraseTypeChanged, void(PassphraseType,
61 base::Time)); // NOLINT
64 google::protobuf::RepeatedPtrField<google::protobuf::string>
65 BuildEncryptionKeyProto(std::string encryption_key) {
66 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
67 keys.Add()->assign(encryption_key);
68 return keys;
71 } // namespace
73 class SyncEncryptionHandlerImplTest : public ::testing::Test {
74 public:
75 SyncEncryptionHandlerImplTest() {}
76 virtual ~SyncEncryptionHandlerImplTest() {}
78 virtual void SetUp() {
79 test_user_share_.SetUp();
80 SetUpEncryption();
81 CreateRootForType(NIGORI);
84 virtual void TearDown() {
85 PumpLoop();
86 test_user_share_.TearDown();
89 protected:
90 void SetUpEncryption() {
91 encryption_handler_.reset(
92 new SyncEncryptionHandlerImpl(user_share(),
93 &encryptor_,
94 std::string(),
95 std::string() /* bootstrap tokens */));
96 encryption_handler_->AddObserver(&observer_);
99 void CreateRootForType(ModelType model_type) {
100 syncer::syncable::Directory* directory = user_share()->directory.get();
102 std::string tag_name = ModelTypeToRootTag(model_type);
104 syncable::WriteTransaction wtrans(FROM_HERE, syncable::UNITTEST, directory);
105 syncable::MutableEntry node(&wtrans,
106 syncable::CREATE,
107 model_type,
108 wtrans.root_id(),
109 tag_name);
110 node.PutUniqueServerTag(tag_name);
111 node.PutIsDir(true);
112 node.PutServerIsDir(false);
113 node.PutIsUnsynced(false);
114 node.PutIsUnappliedUpdate(false);
115 node.PutServerVersion(20);
116 node.PutBaseVersion(20);
117 node.PutIsDel(false);
118 node.PutId(ids_.MakeServer(tag_name));
119 sync_pb::EntitySpecifics specifics;
120 syncer::AddDefaultFieldValue(model_type, &specifics);
121 node.PutSpecifics(specifics);
124 void PumpLoop() {
125 base::RunLoop().RunUntilIdle();
128 // Getters for tests.
129 UserShare* user_share() { return test_user_share_.user_share(); }
130 SyncEncryptionHandlerImpl* encryption_handler() {
131 return encryption_handler_.get();
133 SyncEncryptionHandlerObserverMock* observer() { return &observer_; }
134 Cryptographer* GetCryptographer() {
135 return encryption_handler_->GetCryptographerUnsafe();
138 void VerifyMigratedNigori(PassphraseType passphrase_type,
139 const std::string& passphrase) {
140 VerifyMigratedNigoriWithTimestamp(0, passphrase_type, passphrase);
143 void VerifyMigratedNigoriWithTimestamp(
144 int64 migration_time,
145 PassphraseType passphrase_type,
146 const std::string& passphrase) {
147 ReadTransaction trans(FROM_HERE, user_share());
148 ReadNode nigori_node(&trans);
149 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
150 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics();
151 if (migration_time > 0)
152 EXPECT_EQ(migration_time, nigori.keystore_migration_time());
153 else
154 EXPECT_TRUE(nigori.has_keystore_migration_time());
155 EXPECT_TRUE(nigori.keybag_is_frozen());
156 if (passphrase_type == CUSTOM_PASSPHRASE ||
157 passphrase_type == FROZEN_IMPLICIT_PASSPHRASE) {
158 EXPECT_TRUE(nigori.encrypt_everything());
159 EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty());
160 if (passphrase_type == CUSTOM_PASSPHRASE) {
161 EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE,
162 nigori.passphrase_type());
163 if (!encryption_handler()->custom_passphrase_time().is_null()) {
164 EXPECT_EQ(nigori.custom_passphrase_time(),
165 TimeToProtoTime(
166 encryption_handler()->custom_passphrase_time()));
168 } else {
169 EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE,
170 nigori.passphrase_type());
172 } else {
173 EXPECT_FALSE(nigori.encrypt_everything());
174 EXPECT_FALSE(nigori.keystore_decryptor_token().blob().empty());
175 EXPECT_EQ(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE,
176 nigori.passphrase_type());
177 Cryptographer keystore_cryptographer(&encryptor_);
178 KeyParams params = {"localhost", "dummy", kKeystoreKey};
179 keystore_cryptographer.AddKey(params);
180 EXPECT_TRUE(keystore_cryptographer.CanDecryptUsingDefaultKey(
181 nigori.keystore_decryptor_token()));
184 Cryptographer temp_cryptographer(&encryptor_);
185 KeyParams params = {"localhost", "dummy", passphrase};
186 temp_cryptographer.AddKey(params);
187 EXPECT_TRUE(temp_cryptographer.CanDecryptUsingDefaultKey(
188 nigori.encryption_keybag()));
191 sync_pb::NigoriSpecifics BuildMigratedNigori(
192 PassphraseType passphrase_type,
193 int64 migration_time,
194 const std::string& default_passphrase,
195 const std::string& keystore_key) {
196 DCHECK_NE(passphrase_type, IMPLICIT_PASSPHRASE);
197 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
199 std::string default_key = default_passphrase;
200 if (default_key.empty()) {
201 default_key = keystore_key;
202 } else {
203 KeyParams keystore_params = {"localhost", "dummy", keystore_key};
204 other_cryptographer.AddKey(keystore_params);
206 KeyParams params = {"localhost", "dummy", default_key};
207 other_cryptographer.AddKey(params);
208 EXPECT_TRUE(other_cryptographer.is_ready());
210 sync_pb::NigoriSpecifics nigori;
211 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
212 nigori.set_keybag_is_frozen(true);
213 nigori.set_keystore_migration_time(migration_time);
215 if (passphrase_type == KEYSTORE_PASSPHRASE) {
216 sync_pb::EncryptedData keystore_decryptor_token;
217 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
218 other_cryptographer,
219 keystore_key,
220 &keystore_decryptor_token));
221 nigori.mutable_keystore_decryptor_token()->CopyFrom(
222 keystore_decryptor_token);
223 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
224 } else {
225 nigori.set_encrypt_everything(true);
226 nigori.set_passphrase_type(
227 passphrase_type == CUSTOM_PASSPHRASE ?
228 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE :
229 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
231 return nigori;
234 // Build a migrated nigori node with the specified default passphrase
235 // and keystore key and initialize the encryption handler with it.
236 void InitKeystoreMigratedNigori(int64 migration_time,
237 const std::string& default_passphrase,
238 const std::string& keystore_key) {
240 WriteTransaction trans(FROM_HERE, user_share());
241 WriteNode nigori_node(&trans);
242 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
243 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
244 KEYSTORE_PASSPHRASE,
245 migration_time,
246 default_passphrase,
247 keystore_key);
248 nigori_node.SetNigoriSpecifics(nigori);
251 EXPECT_CALL(*observer(),
252 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
253 EXPECT_CALL(*observer(),
254 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
255 EXPECT_CALL(*observer(),
256 OnCryptographerStateChanged(_)).Times(AtLeast(1));
257 EXPECT_CALL(*observer(),
258 OnEncryptedTypesChanged(_, false));
259 EXPECT_CALL(*observer(),
260 OnEncryptionComplete()).Times(AtLeast(1));
261 encryption_handler()->Init();
262 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
263 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
264 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
265 Mock::VerifyAndClearExpectations(observer());
268 // Build a migrated nigori node with the specified default passphrase
269 // as a custom passphrase.
270 void InitCustomPassMigratedNigori(int64 migration_time,
271 const std::string& default_passphrase) {
273 WriteTransaction trans(FROM_HERE, user_share());
274 WriteNode nigori_node(&trans);
275 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
276 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
277 CUSTOM_PASSPHRASE,
278 migration_time,
279 default_passphrase,
280 kKeystoreKey);
281 nigori_node.SetNigoriSpecifics(nigori);
284 EXPECT_CALL(*observer(),
285 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
286 EXPECT_CALL(*observer(),
287 OnCryptographerStateChanged(_)).Times(AtLeast(1));
288 EXPECT_CALL(*observer(),
289 OnEncryptedTypesChanged(_, true)).Times(AtLeast(1));
290 EXPECT_CALL(*observer(),
291 OnEncryptionComplete()).Times(AtLeast(1));
292 encryption_handler()->Init();
293 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
294 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
295 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
296 Mock::VerifyAndClearExpectations(observer());
299 // Build an unmigrated nigori node with the specified passphrase and type and
300 // initialize the encryption handler with it.
301 void InitUnmigratedNigori(const std::string& default_passphrase,
302 PassphraseType passphrase_type) {
303 DCHECK_NE(passphrase_type, FROZEN_IMPLICIT_PASSPHRASE);
304 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
305 KeyParams default_key = {"localhost", "dummy", default_passphrase};
306 other_cryptographer.AddKey(default_key);
307 EXPECT_TRUE(other_cryptographer.is_ready());
310 WriteTransaction trans(FROM_HERE, user_share());
311 WriteNode nigori_node(&trans);
312 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
313 sync_pb::NigoriSpecifics nigori;
314 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
315 nigori.set_keybag_is_frozen(passphrase_type == CUSTOM_PASSPHRASE);
316 nigori_node.SetNigoriSpecifics(nigori);
319 if (passphrase_type != IMPLICIT_PASSPHRASE) {
320 EXPECT_CALL(*observer(),
321 OnPassphraseTypeChanged(passphrase_type, _));
323 EXPECT_CALL(*observer(),
324 OnCryptographerStateChanged(_)).Times(AtLeast(1));
325 EXPECT_CALL(*observer(),
326 OnEncryptedTypesChanged(_, false));
327 encryption_handler()->Init();
328 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
329 EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type);
330 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
331 Mock::VerifyAndClearExpectations(observer());
334 protected:
335 TestUserShare test_user_share_;
336 FakeEncryptor encryptor_;
337 scoped_ptr<SyncEncryptionHandlerImpl> encryption_handler_;
338 StrictMock<SyncEncryptionHandlerObserverMock> observer_;
339 TestIdFactory ids_;
340 base::MessageLoop message_loop_;
343 // Verify that the encrypted types are being written to and read from the
344 // nigori node properly.
345 TEST_F(SyncEncryptionHandlerImplTest, NigoriEncryptionTypes) {
346 sync_pb::NigoriSpecifics nigori;
348 StrictMock<SyncEncryptionHandlerObserverMock> observer2;
349 SyncEncryptionHandlerImpl handler2(user_share(),
350 &encryptor_,
351 std::string(),
352 std::string() /* bootstrap tokens */);
353 handler2.AddObserver(&observer2);
355 // Just set the sensitive types (shouldn't trigger any notifications).
356 ModelTypeSet encrypted_types(SyncEncryptionHandler::SensitiveTypes());
358 WriteTransaction trans(FROM_HERE, user_share());
359 encryption_handler()->MergeEncryptedTypes(
360 encrypted_types,
361 trans.GetWrappedTrans());
362 encryption_handler()->UpdateNigoriFromEncryptedTypes(
363 &nigori,
364 trans.GetWrappedTrans());
365 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
367 EXPECT_TRUE(encrypted_types.Equals(
368 encryption_handler()->GetEncryptedTypesUnsafe()));
369 EXPECT_TRUE(encrypted_types.Equals(
370 handler2.GetEncryptedTypesUnsafe()));
372 Mock::VerifyAndClearExpectations(observer());
373 Mock::VerifyAndClearExpectations(&observer2);
375 ModelTypeSet encrypted_user_types = EncryptableUserTypes();
377 EXPECT_CALL(*observer(),
378 OnEncryptedTypesChanged(
379 HasModelTypes(encrypted_user_types), false));
380 EXPECT_CALL(observer2,
381 OnEncryptedTypesChanged(
382 HasModelTypes(encrypted_user_types), false));
384 // Set all encrypted types
385 encrypted_types = EncryptableUserTypes();
387 WriteTransaction trans(FROM_HERE, user_share());
388 encryption_handler()->MergeEncryptedTypes(
389 encrypted_types,
390 trans.GetWrappedTrans());
391 encryption_handler()->UpdateNigoriFromEncryptedTypes(
392 &nigori,
393 trans.GetWrappedTrans());
394 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
396 EXPECT_TRUE(encrypted_types.Equals(
397 encryption_handler()->GetEncryptedTypesUnsafe()));
398 EXPECT_TRUE(encrypted_types.Equals(handler2.GetEncryptedTypesUnsafe()));
400 // Receiving an empty nigori should not reset any encrypted types or trigger
401 // an observer notification.
402 Mock::VerifyAndClearExpectations(observer());
403 Mock::VerifyAndClearExpectations(&observer2);
404 nigori = sync_pb::NigoriSpecifics();
406 WriteTransaction trans(FROM_HERE, user_share());
407 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
409 EXPECT_TRUE(encrypted_types.Equals(
410 encryption_handler()->GetEncryptedTypesUnsafe()));
413 // Verify the encryption handler processes the encrypt everything field
414 // properly.
415 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingExplicit) {
416 sync_pb::NigoriSpecifics nigori;
417 nigori.set_encrypt_everything(true);
419 EXPECT_CALL(*observer(),
420 OnEncryptedTypesChanged(
421 HasModelTypes(EncryptableUserTypes()), true));
423 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
424 ModelTypeSet encrypted_types =
425 encryption_handler()->GetEncryptedTypesUnsafe();
426 EXPECT_TRUE(encrypted_types.Equals(
427 ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS)));
430 WriteTransaction trans(FROM_HERE, user_share());
431 encryption_handler()->UpdateEncryptedTypesFromNigori(
432 nigori,
433 trans.GetWrappedTrans());
436 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
437 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
438 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes()));
440 // Receiving the nigori node again shouldn't trigger another notification.
441 Mock::VerifyAndClearExpectations(observer());
443 WriteTransaction trans(FROM_HERE, user_share());
444 encryption_handler()->UpdateEncryptedTypesFromNigori(
445 nigori,
446 trans.GetWrappedTrans());
450 // Verify the encryption handler can detect an implicit encrypt everything state
451 // (from clients that failed to write the encrypt everything field).
452 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingImplicit) {
453 sync_pb::NigoriSpecifics nigori;
454 nigori.set_encrypt_bookmarks(true); // Non-passwords = encrypt everything
456 EXPECT_CALL(*observer(),
457 OnEncryptedTypesChanged(
458 HasModelTypes(EncryptableUserTypes()), true));
460 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
461 ModelTypeSet encrypted_types =
462 encryption_handler()->GetEncryptedTypesUnsafe();
463 EXPECT_TRUE(encrypted_types.Equals(
464 ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS)));
467 WriteTransaction trans(FROM_HERE, user_share());
468 encryption_handler()->UpdateEncryptedTypesFromNigori(
469 nigori,
470 trans.GetWrappedTrans());
473 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
474 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
475 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes()));
477 // Receiving a nigori node with encrypt everything explicitly set shouldn't
478 // trigger another notification.
479 Mock::VerifyAndClearExpectations(observer());
480 nigori.set_encrypt_everything(true);
482 WriteTransaction trans(FROM_HERE, user_share());
483 encryption_handler()->UpdateEncryptedTypesFromNigori(
484 nigori,
485 trans.GetWrappedTrans());
489 // Verify the encryption handler can deal with new versions treating new types
490 // as Sensitive, and that it does not consider this an implicit encrypt
491 // everything case.
492 TEST_F(SyncEncryptionHandlerImplTest, UnknownSensitiveTypes) {
493 sync_pb::NigoriSpecifics nigori;
494 nigori.set_encrypt_everything(false);
495 nigori.set_encrypt_bookmarks(true);
497 ModelTypeSet expected_encrypted_types =
498 SyncEncryptionHandler::SensitiveTypes();
499 expected_encrypted_types.Put(BOOKMARKS);
501 EXPECT_CALL(*observer(),
502 OnEncryptedTypesChanged(
503 HasModelTypes(expected_encrypted_types), false));
505 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
506 ModelTypeSet encrypted_types =
507 encryption_handler()->GetEncryptedTypesUnsafe();
508 EXPECT_TRUE(encrypted_types.Equals(
509 ModelTypeSet(PASSWORDS, WIFI_CREDENTIALS)));
512 WriteTransaction trans(FROM_HERE, user_share());
513 encryption_handler()->UpdateEncryptedTypesFromNigori(
514 nigori,
515 trans.GetWrappedTrans());
518 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
519 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
520 EXPECT_TRUE(encrypted_types.Equals(
521 ModelTypeSet(BOOKMARKS, PASSWORDS, WIFI_CREDENTIALS)));
524 // Receive an old nigori with old encryption keys and encrypted types. We should
525 // not revert our default key or encrypted types, and should post a task to
526 // overwrite the existing nigori with the correct data.
527 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldNigori) {
528 KeyParams old_key = {"localhost", "dummy", "old"};
529 KeyParams current_key = {"localhost", "dummy", "cur"};
531 // Data for testing encryption/decryption.
532 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
533 other_cryptographer.AddKey(old_key);
534 sync_pb::EntitySpecifics other_encrypted_specifics;
535 other_encrypted_specifics.mutable_bookmark()->set_title("title");
536 other_cryptographer.Encrypt(
537 other_encrypted_specifics,
538 other_encrypted_specifics.mutable_encrypted());
539 sync_pb::EntitySpecifics our_encrypted_specifics;
540 our_encrypted_specifics.mutable_bookmark()->set_title("title2");
541 ModelTypeSet encrypted_types = EncryptableUserTypes();
543 // Set up the current encryption state (containing both keys and encrypt
544 // everything).
545 sync_pb::NigoriSpecifics current_nigori_specifics;
546 GetCryptographer()->AddKey(old_key);
547 GetCryptographer()->AddKey(current_key);
548 GetCryptographer()->Encrypt(
549 our_encrypted_specifics,
550 our_encrypted_specifics.mutable_encrypted());
551 GetCryptographer()->GetKeys(
552 current_nigori_specifics.mutable_encryption_keybag());
553 current_nigori_specifics.set_encrypt_everything(true);
555 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
556 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(
557 HasModelTypes(EncryptableUserTypes()), true));
559 // Update the encryption handler.
560 WriteTransaction trans(FROM_HERE, user_share());
561 encryption_handler()->ApplyNigoriUpdate(
562 current_nigori_specifics,
563 trans.GetWrappedTrans());
565 Mock::VerifyAndClearExpectations(observer());
567 // Now set up the old nigori specifics and apply it on top.
568 // Has an old set of keys, and no encrypted types.
569 sync_pb::NigoriSpecifics old_nigori;
570 other_cryptographer.GetKeys(old_nigori.mutable_encryption_keybag());
572 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
574 // Update the encryption handler.
575 WriteTransaction trans(FROM_HERE, user_share());
576 encryption_handler()->ApplyNigoriUpdate(
577 old_nigori,
578 trans.GetWrappedTrans());
580 EXPECT_TRUE(GetCryptographer()->is_ready());
581 EXPECT_FALSE(GetCryptographer()->has_pending_keys());
583 // Encryption handler should have posted a task to overwrite the old
584 // specifics.
585 PumpLoop();
588 // The cryptographer should be able to decrypt both sets of keys and still
589 // be encrypting with the newest, and the encrypted types should be the
590 // most recent.
591 // In addition, the nigori node should match the current encryption state.
592 ReadTransaction trans(FROM_HERE, user_share());
593 ReadNode nigori_node(&trans);
594 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
595 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics();
596 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(
597 our_encrypted_specifics.encrypted()));
598 EXPECT_TRUE(GetCryptographer()->CanDecrypt(
599 other_encrypted_specifics.encrypted()));
600 EXPECT_TRUE(GetCryptographer()->CanDecrypt(nigori.encryption_keybag()));
601 EXPECT_TRUE(nigori.encrypt_everything());
602 EXPECT_TRUE(
603 GetCryptographer()->CanDecryptUsingDefaultKey(
604 nigori.encryption_keybag()));
606 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
609 // Ensure setting the keystore key works, updates the bootstrap token, and
610 // triggers a non-backwards compatible migration. Then verify that the
611 // bootstrap token can be correctly parsed by the encryption handler at startup
612 // time.
613 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreMigratesAndUpdatesBootstrap) {
614 // Passing no keys should do nothing.
615 EXPECT_CALL(*observer(), OnBootstrapTokenUpdated(_, _)).Times(0);
617 WriteTransaction trans(FROM_HERE, user_share());
618 EXPECT_FALSE(GetCryptographer()->is_initialized());
619 EXPECT_TRUE(encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans()));
620 EXPECT_FALSE(encryption_handler()->SetKeystoreKeys(
621 BuildEncryptionKeyProto(std::string()), trans.GetWrappedTrans()));
622 EXPECT_TRUE(encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans()));
624 Mock::VerifyAndClearExpectations(observer());
626 // Build a set of keystore keys.
627 const char kRawOldKeystoreKey[] = "old_keystore_key";
628 std::string old_keystore_key;
629 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
630 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
631 keys.Add()->assign(kRawOldKeystoreKey);
632 keys.Add()->assign(kRawKeystoreKey);
634 // Pass them to the encryption handler, triggering a migration and bootstrap
635 // token update.
636 std::string encoded_key;
637 std::string keystore_bootstrap;
638 EXPECT_CALL(*observer(), OnEncryptionComplete());
639 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_));
640 EXPECT_CALL(*observer(), OnPassphraseAccepted());
641 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
642 EXPECT_CALL(*observer(),
643 OnBootstrapTokenUpdated(_,
644 KEYSTORE_BOOTSTRAP_TOKEN)).
645 WillOnce(SaveArg<0>(&keystore_bootstrap));
647 WriteTransaction trans(FROM_HERE, user_share());
648 EXPECT_TRUE(
649 encryption_handler()->SetKeystoreKeys(
650 keys,
651 trans.GetWrappedTrans()));
652 EXPECT_FALSE(
653 encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans()));
654 EXPECT_FALSE(GetCryptographer()->is_initialized());
656 PumpLoop();
657 EXPECT_TRUE(GetCryptographer()->is_initialized());
658 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
660 // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob
661 // of list values containing the keystore keys).
662 std::string decoded_bootstrap;
663 ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap));
664 std::string decrypted_bootstrap;
665 ASSERT_TRUE(
666 GetCryptographer()->encryptor()->DecryptString(decoded_bootstrap,
667 &decrypted_bootstrap));
668 JSONStringValueDeserializer json(decrypted_bootstrap);
669 scoped_ptr<base::Value> deserialized_keystore_keys(
670 json.Deserialize(NULL, NULL));
671 ASSERT_TRUE(deserialized_keystore_keys.get());
672 base::ListValue* keystore_list = NULL;
673 deserialized_keystore_keys->GetAsList(&keystore_list);
674 ASSERT_TRUE(keystore_list);
675 ASSERT_EQ(2U, keystore_list->GetSize());
676 std::string test_string;
677 keystore_list->GetString(0, &test_string);
678 ASSERT_EQ(old_keystore_key, test_string);
679 keystore_list->GetString(1, &test_string);
680 ASSERT_EQ(kKeystoreKey, test_string);
683 // Now make sure a new encryption handler can correctly parse the bootstrap
684 // token.
685 SyncEncryptionHandlerImpl handler2(user_share(),
686 &encryptor_,
687 std::string(), // Cryptographer bootstrap.
688 keystore_bootstrap);
691 WriteTransaction trans(FROM_HERE, user_share());
692 EXPECT_FALSE(handler2.NeedKeystoreKey(trans.GetWrappedTrans()));
696 // Ensure GetKeystoreDecryptor only updates the keystore decryptor token if it
697 // wasn't already set properly. Otherwise, the decryptor should remain the
698 // same.
699 TEST_F(SyncEncryptionHandlerImplTest, GetKeystoreDecryptor) {
700 const char kCurKey[] = "cur";
701 sync_pb::EncryptedData encrypted;
702 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
703 KeyParams cur_key = {"localhost", "dummy", kCurKey};
704 other_cryptographer.AddKey(cur_key);
705 EXPECT_TRUE(other_cryptographer.is_ready());
706 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
707 other_cryptographer,
708 kKeystoreKey,
709 &encrypted));
710 std::string serialized = encrypted.SerializeAsString();
711 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
712 other_cryptographer,
713 kKeystoreKey,
714 &encrypted));
715 EXPECT_EQ(serialized, encrypted.SerializeAsString());
718 // Test that we don't attempt to migrate while an implicit passphrase is pending
719 // and that once we do decrypt pending keys we migrate the nigori. Once
720 // migrated, we should be in keystore passphrase state.
721 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptImplicitPass) {
722 const char kOtherKey[] = "other";
724 EXPECT_CALL(*observer(),
725 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
726 ReadTransaction trans(FROM_HERE, user_share());
727 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
728 kRawKeystoreKey),
729 trans.GetWrappedTrans());
730 Mock::VerifyAndClearExpectations(observer());
732 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
735 WriteTransaction trans(FROM_HERE, user_share());
736 WriteNode nigori_node(&trans);
737 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
738 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
739 KeyParams other_key = {"localhost", "dummy", kOtherKey};
740 other_cryptographer.AddKey(other_key);
742 sync_pb::NigoriSpecifics nigori;
743 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
744 nigori.set_keybag_is_frozen(false);
745 nigori.set_encrypt_everything(false);
746 EXPECT_CALL(*observer(),
747 OnCryptographerStateChanged(_)).Times(AnyNumber());
748 EXPECT_CALL(*observer(),
749 OnPassphraseRequired(_, _));
750 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
751 nigori_node.SetNigoriSpecifics(nigori);
753 // Run any tasks posted via AppplyNigoriUpdate.
754 PumpLoop();
755 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
756 Mock::VerifyAndClearExpectations(observer());
758 EXPECT_CALL(*observer(),
759 OnCryptographerStateChanged(_)).Times(AnyNumber());
760 EXPECT_CALL(*observer(),
761 OnPassphraseAccepted());
762 EXPECT_CALL(*observer(),
763 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
764 EXPECT_CALL(*observer(),
765 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
766 EXPECT_CALL(*observer(),
767 OnEncryptionComplete());
768 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
769 encryption_handler()->SetDecryptionPassphrase(kOtherKey);
770 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
771 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
772 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kOtherKey);
775 // Test that we don't attempt to migrate while a custom passphrase is pending,
776 // and that once we do decrypt pending keys we migrate the nigori. Once
777 // migrated, we should be in custom passphrase state with encrypt everything.
778 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) {
779 const char kOtherKey[] = "other";
781 EXPECT_CALL(*observer(),
782 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
783 ReadTransaction trans(FROM_HERE, user_share());
784 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
785 kRawKeystoreKey),
786 trans.GetWrappedTrans());
787 Mock::VerifyAndClearExpectations(observer());
789 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
792 WriteTransaction trans(FROM_HERE, user_share());
793 WriteNode nigori_node(&trans);
794 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
795 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
796 KeyParams other_key = {"localhost", "dummy", kOtherKey};
797 other_cryptographer.AddKey(other_key);
799 sync_pb::NigoriSpecifics nigori;
800 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
801 nigori.set_keybag_is_frozen(true);
802 nigori.set_encrypt_everything(false);
803 EXPECT_CALL(*observer(),
804 OnCryptographerStateChanged(_)).Times(AnyNumber());
805 EXPECT_CALL(*observer(),
806 OnPassphraseRequired(_, _));
807 EXPECT_CALL(*observer(),
808 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
809 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
810 nigori_node.SetNigoriSpecifics(nigori);
812 // Run any tasks posted via AppplyNigoriUpdate.
813 PumpLoop();
814 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
815 Mock::VerifyAndClearExpectations(observer());
817 EXPECT_CALL(*observer(),
818 OnCryptographerStateChanged(_)).Times(AnyNumber());
819 EXPECT_CALL(*observer(),
820 OnPassphraseAccepted());
821 EXPECT_CALL(*observer(),
822 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
823 EXPECT_CALL(*observer(),
824 OnEncryptedTypesChanged(_, true));
825 EXPECT_CALL(*observer(),
826 OnEncryptionComplete()).Times(2);
827 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
828 encryption_handler()->SetDecryptionPassphrase(kOtherKey);
829 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
830 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
831 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kOtherKey);
834 // Test that we trigger a migration when we set the keystore key, had an
835 // implicit passphrase, and did not have encrypt everything. We should switch
836 // to KEYSTORE_PASSPHRASE.
837 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) {
838 const char kCurKey[] = "cur";
839 KeyParams current_key = {"localhost", "dummy", kCurKey};
840 GetCryptographer()->AddKey(current_key);
841 EXPECT_CALL(*observer(),
842 OnCryptographerStateChanged(_)).Times(AnyNumber());
843 EXPECT_CALL(*observer(),
844 OnEncryptedTypesChanged(_, false));
845 EXPECT_CALL(*observer(),
846 OnEncryptionComplete());
847 encryption_handler()->Init();
848 Mock::VerifyAndClearExpectations(observer());
851 ReadTransaction trans(FROM_HERE, user_share());
852 // Once we provide a keystore key, we should perform the migration.
853 EXPECT_CALL(*observer(),
854 OnCryptographerStateChanged(_)).Times(AnyNumber());
855 EXPECT_CALL(*observer(),
856 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
857 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
858 kRawKeystoreKey),
859 trans.GetWrappedTrans());
861 EXPECT_CALL(*observer(),
862 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
863 // The actual migration gets posted, so run all pending tasks.
864 PumpLoop();
865 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
866 EXPECT_EQ(KEYSTORE_PASSPHRASE,
867 encryption_handler()->GetPassphraseType());
868 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
869 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
872 // Test that we trigger a migration when we set the keystore key, had an
873 // implicit passphrase, and encrypt everything enabled. We should switch to
874 // FROZEN_IMPLICIT_PASSPHRASE.
875 TEST_F(SyncEncryptionHandlerImplTest,
876 MigrateOnKeystoreKeyAvailableFrozenImplicit) {
877 const char kCurKey[] = "cur";
878 KeyParams current_key = {"localhost", "dummy", kCurKey};
879 GetCryptographer()->AddKey(current_key);
880 EXPECT_CALL(*observer(),
881 OnCryptographerStateChanged(_)).Times(AnyNumber());
882 EXPECT_CALL(*observer(),
883 OnEncryptedTypesChanged(_, false));
884 EXPECT_CALL(*observer(),
885 OnEncryptionComplete());
886 encryption_handler()->Init();
887 Mock::VerifyAndClearExpectations(observer());
889 EXPECT_CALL(*observer(),
890 OnEncryptedTypesChanged(_, true));
891 EXPECT_CALL(*observer(),
892 OnEncryptionComplete());
893 encryption_handler()->EnableEncryptEverything();
896 ReadTransaction trans(FROM_HERE, user_share());
897 // Once we provide a keystore key, we should perform the migration.
898 EXPECT_CALL(*observer(),
899 OnCryptographerStateChanged(_)).Times(AnyNumber());
900 EXPECT_CALL(*observer(),
901 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
902 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
903 kRawKeystoreKey),
904 trans.GetWrappedTrans());
906 EXPECT_CALL(*observer(),
907 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
908 // The actual migration gets posted, so run all pending tasks.
909 PumpLoop();
910 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
911 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
912 encryption_handler()->GetPassphraseType());
913 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
914 VerifyMigratedNigori(FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
917 // Test that we trigger a migration when we set the keystore key, had a
918 // custom passphrase, and encrypt everything enabled. The passphrase state
919 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same.
920 TEST_F(SyncEncryptionHandlerImplTest,
921 MigrateOnKeystoreKeyAvailableCustomWithEncryption) {
922 const char kCurKey[] = "cur";
923 EXPECT_CALL(*observer(),
924 OnCryptographerStateChanged(_)).Times(AnyNumber());
925 EXPECT_CALL(*observer(),
926 OnPassphraseRequired(_, _));
927 EXPECT_CALL(*observer(),
928 OnPassphraseAccepted());
929 EXPECT_CALL(*observer(),
930 OnEncryptedTypesChanged(_, false));
931 EXPECT_CALL(*observer(),
932 OnEncryptionComplete());
933 EXPECT_CALL(*observer(),
934 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
935 EXPECT_CALL(*observer(),
936 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
937 encryption_handler()->Init();
938 encryption_handler()->SetEncryptionPassphrase(kCurKey, true);
939 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
940 Mock::VerifyAndClearExpectations(observer());
942 EXPECT_CALL(*observer(),
943 OnEncryptedTypesChanged(_, true));
944 EXPECT_CALL(*observer(),
945 OnEncryptionComplete());
946 encryption_handler()->EnableEncryptEverything();
947 Mock::VerifyAndClearExpectations(observer());
950 ReadTransaction trans(FROM_HERE, user_share());
951 // Once we provide a keystore key, we should perform the migration.
952 EXPECT_CALL(*observer(),
953 OnCryptographerStateChanged(_)).Times(AnyNumber());
954 EXPECT_CALL(*observer(),
955 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
956 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
957 kRawKeystoreKey),
958 trans.GetWrappedTrans());
960 // The actual migration gets posted, so run all pending tasks.
961 PumpLoop();
962 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
963 EXPECT_EQ(CUSTOM_PASSPHRASE,
964 encryption_handler()->GetPassphraseType());
965 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
966 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey);
969 // Test that we trigger a migration when we set the keystore key, had a
970 // custom passphrase, and did not have encrypt everything. The passphrase state
971 // should remain as CUSTOM_PASSPHRASE, and encrypt everything should be enabled.
972 TEST_F(SyncEncryptionHandlerImplTest,
973 MigrateOnKeystoreKeyAvailableCustomNoEncryption) {
974 const char kCurKey[] = "cur";
975 EXPECT_CALL(*observer(),
976 OnCryptographerStateChanged(_)).Times(AnyNumber());
977 EXPECT_CALL(*observer(),
978 OnPassphraseRequired(_, _));
979 EXPECT_CALL(*observer(),
980 OnPassphraseAccepted());
981 EXPECT_CALL(*observer(),
982 OnEncryptedTypesChanged(_, false));
983 EXPECT_CALL(*observer(),
984 OnEncryptionComplete());
985 EXPECT_CALL(*observer(),
986 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
987 EXPECT_CALL(*observer(),
988 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
989 encryption_handler()->Init();
990 encryption_handler()->SetEncryptionPassphrase(kCurKey, true);
991 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
992 Mock::VerifyAndClearExpectations(observer());
995 ReadTransaction trans(FROM_HERE, user_share());
996 // Once we provide a keystore key, we should perform the migration.
997 EXPECT_CALL(*observer(),
998 OnCryptographerStateChanged(_)).Times(AnyNumber());
999 EXPECT_CALL(*observer(),
1000 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1001 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1002 kRawKeystoreKey),
1003 trans.GetWrappedTrans());
1005 EXPECT_CALL(*observer(),
1006 OnEncryptedTypesChanged(_, true));
1007 EXPECT_CALL(*observer(),
1008 OnEncryptionComplete());
1009 // The actual migration gets posted, so run all pending tasks.
1010 PumpLoop();
1011 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1012 EXPECT_EQ(CUSTOM_PASSPHRASE,
1013 encryption_handler()->GetPassphraseType());
1014 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1015 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey);
1018 // Test that we can handle receiving a migrated nigori node in the
1019 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the
1020 // keybag.
1021 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) {
1022 const char kCurKey[] = "cur";
1023 sync_pb::EncryptedData keystore_decryptor_token;
1024 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1025 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1026 other_cryptographer.AddKey(cur_key);
1027 EXPECT_TRUE(other_cryptographer.is_ready());
1028 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1029 other_cryptographer,
1030 kKeystoreKey,
1031 &keystore_decryptor_token));
1032 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1033 EXPECT_FALSE(GetCryptographer()->is_ready());
1034 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1036 // Now build a nigori node with the generated keystore decryptor token and
1037 // initialize the encryption handler with it. The cryptographer should be
1038 // initialized properly to decrypt both kCurKey and kKeystoreKey.
1040 WriteTransaction trans(FROM_HERE, user_share());
1041 WriteNode nigori_node(&trans);
1042 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1043 sync_pb::NigoriSpecifics nigori;
1044 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1045 keystore_decryptor_token);
1046 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1047 nigori.set_keybag_is_frozen(true);
1048 nigori.set_keystore_migration_time(1);
1049 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1051 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1052 EXPECT_CALL(*observer(),
1053 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1054 EXPECT_CALL(*observer(),
1055 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1056 EXPECT_CALL(*observer(),
1057 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1058 EXPECT_CALL(*observer(),
1059 OnCryptographerStateChanged(_)).Times(AnyNumber());
1060 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1061 kRawKeystoreKey),
1062 trans.GetWrappedTrans());
1063 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1064 nigori_node.SetNigoriSpecifics(nigori);
1066 // Run any tasks posted via AppplyNigoriUpdate.
1067 PumpLoop();
1068 Mock::VerifyAndClearExpectations(observer());
1070 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1071 EXPECT_TRUE(GetCryptographer()->is_ready());
1072 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1073 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1074 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey);
1076 // Check that the cryptographer still encrypts with the current key.
1077 sync_pb::EncryptedData current_encrypted;
1078 other_cryptographer.EncryptString("string", &current_encrypted);
1079 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1081 // Check that the cryptographer can decrypt keystore key based encryption.
1082 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1083 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1084 keystore_cryptographer.AddKey(keystore_key);
1085 sync_pb::EncryptedData keystore_encrypted;
1086 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1087 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1090 // Test that we handle receiving migrated nigori's with
1091 // FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending key state until
1092 // we supply the pending frozen implicit passphrase key.
1093 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) {
1094 const char kCurKey[] = "cur";
1095 sync_pb::EncryptedData encrypted;
1096 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1097 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1098 other_cryptographer.AddKey(cur_key);
1099 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1102 EXPECT_CALL(*observer(),
1103 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1104 ReadTransaction trans(FROM_HERE, user_share());
1105 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1106 kRawKeystoreKey),
1107 trans.GetWrappedTrans());
1109 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1112 EXPECT_CALL(*observer(),
1113 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
1114 EXPECT_CALL(*observer(),
1115 OnPassphraseRequired(_, _));
1116 EXPECT_CALL(*observer(),
1117 OnCryptographerStateChanged(_)).Times(AnyNumber());
1118 EXPECT_CALL(*observer(),
1119 OnEncryptedTypesChanged(_, true));
1120 WriteTransaction trans(FROM_HERE, user_share());
1121 WriteNode nigori_node(&trans);
1122 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1123 sync_pb::NigoriSpecifics nigori;
1124 nigori.set_keybag_is_frozen(true);
1125 nigori.set_passphrase_type(
1126 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
1127 nigori.set_keystore_migration_time(1);
1128 nigori.set_encrypt_everything(true);
1129 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1130 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1131 nigori_node.SetNigoriSpecifics(nigori);
1133 // Run any tasks posted via AppplyNigoriUpdate.
1134 PumpLoop();
1135 Mock::VerifyAndClearExpectations(observer());
1137 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1138 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
1139 encryption_handler()->GetPassphraseType());
1140 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1141 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1143 EXPECT_CALL(*observer(),
1144 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1145 EXPECT_CALL(*observer(),
1146 OnCryptographerStateChanged(_)).Times(AnyNumber());
1147 EXPECT_CALL(*observer(),
1148 OnEncryptionComplete());
1149 EXPECT_CALL(*observer(),
1150 OnPassphraseAccepted());
1151 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1152 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1153 EXPECT_TRUE(GetCryptographer()->is_ready());
1154 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
1156 // Check that the cryptographer still encrypts with the current key.
1157 sync_pb::EncryptedData current_encrypted;
1158 other_cryptographer.EncryptString("string", &current_encrypted);
1159 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1161 // Check that the cryptographer can decrypt keystore key based encryption.
1162 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1163 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1164 keystore_cryptographer.AddKey(keystore_key);
1165 sync_pb::EncryptedData keystore_encrypted;
1166 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1167 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1170 // Test that we handle receiving migrated nigori's with
1171 // CUSTOM_PASSPHRASE state. We should be in a pending key state until we
1172 // provide the custom passphrase key.
1173 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) {
1174 const char kCurKey[] = "cur";
1175 sync_pb::EncryptedData encrypted;
1176 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1177 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1178 other_cryptographer.AddKey(cur_key);
1179 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1182 EXPECT_CALL(*observer(),
1183 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1184 ReadTransaction trans(FROM_HERE, user_share());
1185 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1186 kRawKeystoreKey),
1187 trans.GetWrappedTrans());
1189 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1192 EXPECT_CALL(*observer(),
1193 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1194 EXPECT_CALL(*observer(),
1195 OnPassphraseRequired(_, _));
1196 EXPECT_CALL(*observer(),
1197 OnCryptographerStateChanged(_)).Times(AnyNumber());
1198 EXPECT_CALL(*observer(),
1199 OnEncryptedTypesChanged(_, true));
1200 WriteTransaction trans(FROM_HERE, user_share());
1201 WriteNode nigori_node(&trans);
1202 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1203 sync_pb::NigoriSpecifics nigori;
1204 nigori.set_keybag_is_frozen(true);
1205 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1206 nigori.set_keystore_migration_time(1);
1207 nigori.set_encrypt_everything(true);
1208 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1209 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1210 nigori_node.SetNigoriSpecifics(nigori);
1212 // Run any tasks posted via AppplyNigoriUpdate.
1213 PumpLoop();
1214 Mock::VerifyAndClearExpectations(observer());
1216 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1217 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
1218 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1219 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1221 EXPECT_CALL(*observer(),
1222 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1223 EXPECT_CALL(*observer(),
1224 OnCryptographerStateChanged(_)).Times(AnyNumber());
1225 EXPECT_CALL(*observer(),
1226 OnEncryptionComplete());
1227 EXPECT_CALL(*observer(),
1228 OnPassphraseAccepted());
1229 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1230 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1231 EXPECT_TRUE(GetCryptographer()->is_ready());
1232 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1234 // Check that the cryptographer still encrypts with the current key.
1235 sync_pb::EncryptedData current_encrypted;
1236 other_cryptographer.EncryptString("string", &current_encrypted);
1237 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1239 // Check that the cryptographer can decrypt keystore key based encryption.
1240 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1241 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1242 keystore_cryptographer.AddKey(keystore_key);
1243 sync_pb::EncryptedData keystore_encrypted;
1244 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1245 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1248 // Test that if we have a migrated nigori with a custom passphrase, then receive
1249 // and old implicit passphrase nigori, we properly overwrite it with the current
1250 // state.
1251 TEST_F(SyncEncryptionHandlerImplTest, ReceiveUnmigratedNigoriAfterMigration) {
1252 const char kOldKey[] = "old";
1253 const char kCurKey[] = "cur";
1254 sync_pb::EncryptedData encrypted;
1255 KeyParams old_key = {"localhost", "dummy", kOldKey};
1256 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1257 GetCryptographer()->AddKey(old_key);
1258 GetCryptographer()->AddKey(cur_key);
1260 // Build a migrated nigori with full encryption.
1262 WriteTransaction trans(FROM_HERE, user_share());
1263 WriteNode nigori_node(&trans);
1264 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1265 sync_pb::NigoriSpecifics nigori;
1266 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag());
1267 nigori.set_keybag_is_frozen(true);
1268 nigori.set_keystore_migration_time(1);
1269 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1270 nigori.set_encrypt_everything(true);
1271 nigori_node.SetNigoriSpecifics(nigori);
1274 EXPECT_CALL(*observer(),
1275 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1276 EXPECT_CALL(*observer(),
1277 OnCryptographerStateChanged(_)).Times(AnyNumber());
1278 EXPECT_CALL(*observer(),
1279 OnEncryptedTypesChanged(_, true)).Times(2);
1280 EXPECT_CALL(*observer(),
1281 OnEncryptionComplete());
1282 encryption_handler()->Init();
1283 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1284 EXPECT_TRUE(GetCryptographer()->is_ready());
1285 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1286 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1287 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1290 EXPECT_CALL(*observer(),
1291 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1292 ReadTransaction trans(FROM_HERE, user_share());
1293 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1294 kRawKeystoreKey),
1295 trans.GetWrappedTrans());
1297 Mock::VerifyAndClearExpectations(observer());
1299 // Now build an old unmigrated nigori node with old encrypted types. We should
1300 // properly overwrite it with the migrated + encrypt everything state.
1301 EXPECT_CALL(*observer(),
1302 OnCryptographerStateChanged(_)).Times(AnyNumber());
1303 EXPECT_CALL(*observer(), OnEncryptionComplete());
1305 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1306 other_cryptographer.AddKey(old_key);
1307 WriteTransaction trans(FROM_HERE, user_share());
1308 WriteNode nigori_node(&trans);
1309 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1310 sync_pb::NigoriSpecifics nigori;
1311 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1312 nigori.set_keybag_is_frozen(false);
1313 nigori.set_encrypt_everything(false);
1314 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1315 nigori_node.SetNigoriSpecifics(nigori);
1317 PumpLoop();
1319 // Verify we're still migrated and have proper encryption state.
1320 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1321 EXPECT_TRUE(GetCryptographer()->is_ready());
1322 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1323 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1324 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1327 // Test that if we have a migrated nigori with a custom passphrase, then receive
1328 // a migrated nigori with a keystore passphrase, we properly overwrite it with
1329 // the current state.
1330 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldMigratedNigori) {
1331 const char kOldKey[] = "old";
1332 const char kCurKey[] = "cur";
1333 sync_pb::EncryptedData encrypted;
1334 KeyParams old_key = {"localhost", "dummy", kOldKey};
1335 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1336 GetCryptographer()->AddKey(old_key);
1337 GetCryptographer()->AddKey(cur_key);
1339 // Build a migrated nigori with full encryption.
1341 WriteTransaction trans(FROM_HERE, user_share());
1342 WriteNode nigori_node(&trans);
1343 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1344 sync_pb::NigoriSpecifics nigori;
1345 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag());
1346 nigori.set_keybag_is_frozen(true);
1347 nigori.set_keystore_migration_time(1);
1348 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1349 nigori.set_encrypt_everything(true);
1350 nigori_node.SetNigoriSpecifics(nigori);
1353 EXPECT_CALL(*observer(),
1354 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1355 EXPECT_CALL(*observer(),
1356 OnCryptographerStateChanged(_)).Times(AnyNumber());
1357 EXPECT_CALL(*observer(),
1358 OnEncryptedTypesChanged(_, true)).Times(2);
1359 EXPECT_CALL(*observer(),
1360 OnEncryptionComplete());
1361 encryption_handler()->Init();
1362 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1363 EXPECT_TRUE(GetCryptographer()->is_ready());
1364 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1365 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1366 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1369 EXPECT_CALL(*observer(),
1370 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1371 ReadTransaction trans(FROM_HERE, user_share());
1372 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1373 kRawKeystoreKey),
1374 trans.GetWrappedTrans());
1376 Mock::VerifyAndClearExpectations(observer());
1378 // Now build an old keystore nigori node with old encrypted types. We should
1379 // properly overwrite it with the migrated + encrypt everything state.
1380 EXPECT_CALL(*observer(),
1381 OnCryptographerStateChanged(_)).Times(AnyNumber());
1382 EXPECT_CALL(*observer(), OnEncryptionComplete());
1384 WriteTransaction trans(FROM_HERE, user_share());
1385 WriteNode nigori_node(&trans);
1386 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1387 sync_pb::NigoriSpecifics nigori;
1388 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1389 other_cryptographer.AddKey(old_key);
1390 encryption_handler()->GetKeystoreDecryptor(
1391 other_cryptographer,
1392 kKeystoreKey,
1393 nigori.mutable_keystore_decryptor_token());
1394 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1395 nigori.set_keybag_is_frozen(true);
1396 nigori.set_encrypt_everything(false);
1397 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1398 nigori.set_keystore_migration_time(1);
1399 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1400 nigori_node.SetNigoriSpecifics(nigori);
1402 PumpLoop();
1404 // Verify we're still migrated and have proper encryption state.
1405 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1406 EXPECT_TRUE(GetCryptographer()->is_ready());
1407 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1408 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1409 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1412 // Test that if we receive the keystore key after receiving a migrated nigori
1413 // node, we properly use the keystore decryptor token to decrypt the keybag.
1414 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) {
1415 const char kCurKey[] = "cur";
1416 sync_pb::EncryptedData keystore_decryptor_token;
1417 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1418 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1419 other_cryptographer.AddKey(cur_key);
1420 EXPECT_TRUE(other_cryptographer.is_ready());
1421 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1422 other_cryptographer,
1423 kKeystoreKey,
1424 &keystore_decryptor_token));
1425 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1426 EXPECT_FALSE(GetCryptographer()->is_ready());
1427 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1429 // Now build a nigori node with the generated keystore decryptor token and
1430 // initialize the encryption handler with it. The cryptographer should be
1431 // initialized properly to decrypt both kCurKey and kKeystoreKey.
1433 WriteTransaction trans(FROM_HERE, user_share());
1434 WriteNode nigori_node(&trans);
1435 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1436 sync_pb::NigoriSpecifics nigori;
1437 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1438 keystore_decryptor_token);
1439 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1440 nigori.set_keybag_is_frozen(true);
1441 nigori.set_keystore_migration_time(1);
1442 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1444 EXPECT_CALL(*observer(),
1445 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1446 EXPECT_CALL(*observer(),
1447 OnCryptographerStateChanged(_)).Times(AnyNumber());
1448 EXPECT_CALL(*observer(),
1449 OnPassphraseRequired(_, _));
1450 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1451 nigori_node.SetNigoriSpecifics(nigori);
1453 // Run any tasks posted via AppplyNigoriUpdate.
1454 PumpLoop();
1455 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1456 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1457 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1458 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1459 Mock::VerifyAndClearExpectations(observer());
1461 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1462 EXPECT_CALL(*observer(),
1463 OnCryptographerStateChanged(_)).Times(AnyNumber());
1464 EXPECT_CALL(*observer(),
1465 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1467 EXPECT_CALL(*observer(),
1468 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1469 ReadTransaction trans(FROM_HERE, user_share());
1470 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1471 kRawKeystoreKey),
1472 trans.GetWrappedTrans());
1474 PumpLoop();
1475 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1476 EXPECT_TRUE(GetCryptographer()->is_ready());
1477 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1478 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1479 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey);
1481 // Check that the cryptographer still encrypts with the current key.
1482 sync_pb::EncryptedData current_encrypted;
1483 other_cryptographer.EncryptString("string", &current_encrypted);
1484 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1486 // Check that the cryptographer can decrypt keystore key based encryption.
1487 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1488 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1489 keystore_cryptographer.AddKey(keystore_key);
1490 sync_pb::EncryptedData keystore_encrypted;
1491 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1492 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1495 // Test that after receiving a migrated nigori and decrypting it using the
1496 // keystore key, we can then switch to a custom passphrase. The nigori should
1497 // remain migrated and encrypt everything should be enabled.
1498 TEST_F(SyncEncryptionHandlerImplTest, SetCustomPassAfterMigration) {
1499 const char kOldKey[] = "old";
1500 sync_pb::EncryptedData keystore_decryptor_token;
1501 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1502 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1503 other_cryptographer.AddKey(cur_key);
1504 EXPECT_TRUE(other_cryptographer.is_ready());
1505 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1506 other_cryptographer,
1507 kKeystoreKey,
1508 &keystore_decryptor_token));
1510 // Build a nigori node with the generated keystore decryptor token and
1511 // initialize the encryption handler with it. The cryptographer should be
1512 // initialized properly to decrypt both kOldKey and kKeystoreKey.
1514 WriteTransaction trans(FROM_HERE, user_share());
1515 WriteNode nigori_node(&trans);
1516 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1517 sync_pb::NigoriSpecifics nigori;
1518 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1519 keystore_decryptor_token);
1520 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1521 nigori.set_keybag_is_frozen(true);
1522 nigori.set_keystore_migration_time(1);
1523 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1524 nigori_node.SetNigoriSpecifics(nigori);
1525 EXPECT_CALL(*observer(),
1526 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1527 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1528 kRawKeystoreKey),
1529 trans.GetWrappedTrans());
1532 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1533 EXPECT_CALL(*observer(),
1534 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1535 EXPECT_CALL(*observer(),
1536 OnCryptographerStateChanged(_)).Times(AnyNumber());
1537 EXPECT_CALL(*observer(),
1538 OnEncryptedTypesChanged(_, false));
1539 EXPECT_CALL(*observer(),
1540 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1541 EXPECT_CALL(*observer(),
1542 OnEncryptionComplete());
1543 encryption_handler()->Init();
1544 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1545 EXPECT_TRUE(GetCryptographer()->is_ready());
1546 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1547 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1548 Mock::VerifyAndClearExpectations(observer());
1550 const char kNewKey[] = "new_key";
1551 EXPECT_CALL(*observer(),
1552 OnCryptographerStateChanged(_)).Times(AnyNumber());
1553 EXPECT_CALL(*observer(),
1554 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1555 EXPECT_CALL(*observer(),
1556 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1557 EXPECT_CALL(*observer(),
1558 OnPassphraseAccepted());
1559 EXPECT_CALL(*observer(),
1560 OnEncryptedTypesChanged(_, true));
1561 EXPECT_CALL(*observer(),
1562 OnEncryptionComplete()).Times(2);
1563 encryption_handler()->SetEncryptionPassphrase(kNewKey, true);
1564 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1565 EXPECT_TRUE(GetCryptographer()->is_ready());
1566 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1567 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1568 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
1569 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kNewKey);
1571 // Check that the cryptographer can decrypt the old key.
1572 sync_pb::EncryptedData old_encrypted;
1573 other_cryptographer.EncryptString("string", &old_encrypted);
1574 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted));
1576 // Check that the cryptographer can decrypt keystore key based encryption.
1577 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1578 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1579 keystore_cryptographer.AddKey(keystore_key);
1580 sync_pb::EncryptedData keystore_encrypted;
1581 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1582 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1584 // Check the the cryptographer is encrypting with the new key.
1585 KeyParams new_key = {"localhost", "dummy", kNewKey};
1586 Cryptographer new_cryptographer(GetCryptographer()->encryptor());
1587 new_cryptographer.AddKey(new_key);
1588 sync_pb::EncryptedData new_encrypted;
1589 new_cryptographer.EncryptString("string", &new_encrypted);
1590 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted));
1593 // Test that if a client without a keystore key (e.g. one without keystore
1594 // encryption enabled) receives a migrated nigori and then attempts to set a
1595 // custom passphrase, it also enables encrypt everything. The nigori node
1596 // should remain migrated.
1597 TEST_F(SyncEncryptionHandlerImplTest,
1598 SetCustomPassAfterMigrationNoKeystoreKey) {
1599 const char kOldKey[] = "old";
1600 sync_pb::EncryptedData keystore_decryptor_token;
1601 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1602 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1603 other_cryptographer.AddKey(cur_key);
1604 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1605 other_cryptographer.AddNonDefaultKey(keystore_key);
1606 EXPECT_TRUE(other_cryptographer.is_ready());
1607 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1608 other_cryptographer,
1609 kKeystoreKey,
1610 &keystore_decryptor_token));
1612 // Build a nigori node with the generated keystore decryptor token and
1613 // initialize the encryption handler with it. The cryptographer will have
1614 // pending keys until we provide the decryption passphrase.
1616 WriteTransaction trans(FROM_HERE, user_share());
1617 WriteNode nigori_node(&trans);
1618 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1619 sync_pb::NigoriSpecifics nigori;
1620 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1621 keystore_decryptor_token);
1622 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1623 nigori.set_keybag_is_frozen(true);
1624 nigori.set_keystore_migration_time(1);
1625 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1626 nigori_node.SetNigoriSpecifics(nigori);
1629 EXPECT_CALL(*observer(),
1630 OnPassphraseRequired(_, _));
1631 EXPECT_CALL(*observer(),
1632 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1633 EXPECT_CALL(*observer(),
1634 OnCryptographerStateChanged(_)).Times(AnyNumber());
1635 EXPECT_CALL(*observer(),
1636 OnEncryptedTypesChanged(_, false));
1637 encryption_handler()->Init();
1638 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1639 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1640 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1641 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1642 Mock::VerifyAndClearExpectations(observer());
1644 EXPECT_CALL(*observer(),
1645 OnPassphraseAccepted());
1646 EXPECT_CALL(*observer(),
1647 OnCryptographerStateChanged(_)).Times(AnyNumber());
1648 EXPECT_CALL(*observer(),
1649 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1650 EXPECT_CALL(*observer(),
1651 OnEncryptionComplete());
1652 encryption_handler()->SetDecryptionPassphrase(kOldKey);
1653 EXPECT_TRUE(GetCryptographer()->is_ready());
1654 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1655 Mock::VerifyAndClearExpectations(observer());
1657 const char kNewKey[] = "new_key";
1658 EXPECT_CALL(*observer(),
1659 OnCryptographerStateChanged(_)).Times(AnyNumber());
1660 EXPECT_CALL(*observer(),
1661 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1662 EXPECT_CALL(*observer(),
1663 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1664 EXPECT_CALL(*observer(),
1665 OnPassphraseAccepted());
1666 EXPECT_CALL(*observer(),
1667 OnEncryptedTypesChanged(_, true));
1668 EXPECT_CALL(*observer(),
1669 OnEncryptionComplete()).Times(2);
1670 encryption_handler()->SetEncryptionPassphrase(kNewKey, true);
1671 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1672 EXPECT_TRUE(GetCryptographer()->is_ready());
1673 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1674 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1675 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
1676 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kNewKey);
1678 // Check that the cryptographer can decrypt the old key.
1679 sync_pb::EncryptedData old_encrypted;
1680 other_cryptographer.EncryptString("string", &old_encrypted);
1681 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted));
1683 // Check that the cryptographer can still decrypt keystore key based
1684 // encryption (should have been extracted from the encryption keybag).
1685 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1686 keystore_cryptographer.AddKey(keystore_key);
1687 sync_pb::EncryptedData keystore_encrypted;
1688 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1689 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1691 // Check the the cryptographer is encrypting with the new key.
1692 KeyParams new_key = {"localhost", "dummy", kNewKey};
1693 Cryptographer new_cryptographer(GetCryptographer()->encryptor());
1694 new_cryptographer.AddKey(new_key);
1695 sync_pb::EncryptedData new_encrypted;
1696 new_cryptographer.EncryptString("string", &new_encrypted);
1697 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted));
1700 // Test that if a client without a keystore key (e.g. one without keystore
1701 // encryption enabled) receives a migrated nigori and then attempts to set a
1702 // new implicit passphrase, we do not modify the nigori node (the implicit
1703 // passphrase is dropped).
1704 TEST_F(SyncEncryptionHandlerImplTest,
1705 SetImplicitPassAfterMigrationNoKeystoreKey) {
1706 const char kOldKey[] = "old";
1707 sync_pb::EncryptedData keystore_decryptor_token;
1708 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1709 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1710 other_cryptographer.AddKey(cur_key);
1711 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1712 other_cryptographer.AddNonDefaultKey(keystore_key);
1713 EXPECT_TRUE(other_cryptographer.is_ready());
1714 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1715 other_cryptographer,
1716 kKeystoreKey,
1717 &keystore_decryptor_token));
1719 // Build a nigori node with the generated keystore decryptor token and
1720 // initialize the encryption handler with it. The cryptographer will have
1721 // pending keys until we provide the decryption passphrase.
1723 WriteTransaction trans(FROM_HERE, user_share());
1724 WriteNode nigori_node(&trans);
1725 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1726 sync_pb::NigoriSpecifics nigori;
1727 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1728 keystore_decryptor_token);
1729 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1730 nigori.set_keybag_is_frozen(true);
1731 nigori.set_keystore_migration_time(1);
1732 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1733 nigori_node.SetNigoriSpecifics(nigori);
1736 EXPECT_CALL(*observer(),
1737 OnPassphraseRequired(_, _));
1738 EXPECT_CALL(*observer(),
1739 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1740 EXPECT_CALL(*observer(),
1741 OnCryptographerStateChanged(_)).Times(AnyNumber());
1742 EXPECT_CALL(*observer(),
1743 OnEncryptedTypesChanged(_, false));
1744 encryption_handler()->Init();
1745 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1746 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1747 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1748 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1749 Mock::VerifyAndClearExpectations(observer());
1751 EXPECT_CALL(*observer(),
1752 OnPassphraseAccepted());
1753 EXPECT_CALL(*observer(),
1754 OnCryptographerStateChanged(_)).Times(AnyNumber());
1755 EXPECT_CALL(*observer(),
1756 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1757 EXPECT_CALL(*observer(),
1758 OnEncryptionComplete());
1759 encryption_handler()->SetDecryptionPassphrase(kOldKey);
1760 EXPECT_TRUE(GetCryptographer()->is_ready());
1761 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1762 Mock::VerifyAndClearExpectations(observer());
1764 // Should get dropped on the floor silently.
1765 const char kNewKey[] = "new_key";
1766 encryption_handler()->SetEncryptionPassphrase(kNewKey, false);
1767 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1768 EXPECT_TRUE(GetCryptographer()->is_ready());
1769 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1770 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1771 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kOldKey);
1773 // Check that the cryptographer can decrypt the old key.
1774 sync_pb::EncryptedData old_encrypted;
1775 other_cryptographer.EncryptString("string", &old_encrypted);
1776 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(old_encrypted));
1778 // Check that the cryptographer can still decrypt keystore key based
1779 // encryption (due to extracting the keystore key from the encryption keybag).
1780 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1781 keystore_cryptographer.AddKey(keystore_key);
1782 sync_pb::EncryptedData keystore_encrypted;
1783 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1784 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1786 // Check the the cryptographer does not have the new key.
1787 KeyParams new_key = {"localhost", "dummy", kNewKey};
1788 Cryptographer new_cryptographer(GetCryptographer()->encryptor());
1789 new_cryptographer.AddKey(new_key);
1790 sync_pb::EncryptedData new_encrypted;
1791 new_cryptographer.EncryptString("string", &new_encrypted);
1792 EXPECT_FALSE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted));
1795 // Test that if a client without a keystore key (e.g. one without keystore
1796 // encryption enabled) receives a migrated nigori in keystore passphrase state
1797 // and then attempts to enable encrypt everything, we switch to a custom
1798 // passphrase. The nigori should remain migrated.
1799 TEST_F(SyncEncryptionHandlerImplTest,
1800 MigrateOnEncryptEverythingKeystorePassphrase) {
1801 const char kCurKey[] = "cur";
1802 sync_pb::EncryptedData keystore_decryptor_token;
1803 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1804 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1805 other_cryptographer.AddKey(cur_key);
1806 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1807 other_cryptographer.AddNonDefaultKey(keystore_key);
1808 EXPECT_TRUE(other_cryptographer.is_ready());
1809 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1810 other_cryptographer,
1811 kKeystoreKey,
1812 &keystore_decryptor_token));
1814 // Build a nigori node with the generated keystore decryptor token and
1815 // initialize the encryption handler with it. The cryptographer will have
1816 // pending keys until we provide the decryption passphrase.
1818 WriteTransaction trans(FROM_HERE, user_share());
1819 WriteNode nigori_node(&trans);
1820 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1821 sync_pb::NigoriSpecifics nigori;
1822 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1823 keystore_decryptor_token);
1824 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1825 nigori.set_keybag_is_frozen(true);
1826 nigori.set_keystore_migration_time(1);
1827 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1828 nigori_node.SetNigoriSpecifics(nigori);
1830 EXPECT_CALL(*observer(),
1831 OnPassphraseRequired(_, _));
1832 EXPECT_CALL(*observer(),
1833 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1834 EXPECT_CALL(*observer(),
1835 OnCryptographerStateChanged(_)).Times(AnyNumber());
1836 EXPECT_CALL(*observer(),
1837 OnEncryptedTypesChanged(_, false));
1838 encryption_handler()->Init();
1839 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1840 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1841 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1842 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1843 Mock::VerifyAndClearExpectations(observer());
1845 EXPECT_CALL(*observer(),
1846 OnPassphraseAccepted());
1847 EXPECT_CALL(*observer(),
1848 OnCryptographerStateChanged(_)).Times(AnyNumber());
1849 EXPECT_CALL(*observer(),
1850 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1851 EXPECT_CALL(*observer(),
1852 OnEncryptionComplete());
1853 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1854 Mock::VerifyAndClearExpectations(observer());
1856 EXPECT_CALL(*observer(),
1857 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
1858 EXPECT_CALL(*observer(),
1859 OnEncryptionComplete());
1860 EXPECT_CALL(*observer(),
1861 OnEncryptedTypesChanged(_, true));
1862 EXPECT_CALL(*observer(),
1863 OnCryptographerStateChanged(_)).Times(AnyNumber());
1864 encryption_handler()->EnableEncryptEverything();
1865 Mock::VerifyAndClearExpectations(observer());
1867 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1868 EXPECT_TRUE(GetCryptographer()->is_ready());
1869 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
1870 encryption_handler()->GetPassphraseType());
1871 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1872 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
1874 // Check that the cryptographer is encrypting using the frozen current key.
1875 sync_pb::EncryptedData current_encrypted;
1876 other_cryptographer.EncryptString("string", &current_encrypted);
1877 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1879 // Check that the cryptographer can still decrypt keystore key based
1880 // encryption (due to extracting the keystore key from the encryption keybag).
1881 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1882 keystore_cryptographer.AddKey(keystore_key);
1883 sync_pb::EncryptedData keystore_encrypted;
1884 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1885 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1888 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but
1889 // using an old default key (i.e. old GAIA password), we should overwrite the
1890 // nigori, updating the keybag and keystore decryptor.
1891 TEST_F(SyncEncryptionHandlerImplTest,
1892 ReceiveMigratedNigoriWithOldPassphrase) {
1893 const char kOldKey[] = "old";
1894 const char kCurKey[] = "cur";
1895 sync_pb::EncryptedData encrypted;
1896 KeyParams old_key = {"localhost", "dummy", kOldKey};
1897 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1898 GetCryptographer()->AddKey(old_key);
1899 GetCryptographer()->AddKey(cur_key);
1901 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1902 other_cryptographer.AddKey(old_key);
1903 EXPECT_TRUE(other_cryptographer.is_ready());
1905 EXPECT_CALL(*observer(),
1906 OnCryptographerStateChanged(_)).Times(AnyNumber());
1907 EXPECT_CALL(*observer(),
1908 OnEncryptedTypesChanged(_, false));
1909 EXPECT_CALL(*observer(),
1910 OnEncryptionComplete());
1911 encryption_handler()->Init();
1912 EXPECT_TRUE(GetCryptographer()->is_ready());
1913 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1916 EXPECT_CALL(*observer(),
1917 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1918 ReadTransaction trans(FROM_HERE, user_share());
1919 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1920 kRawKeystoreKey),
1921 trans.GetWrappedTrans());
1923 EXPECT_CALL(*observer(),
1924 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1925 PumpLoop();
1926 Mock::VerifyAndClearExpectations(observer());
1927 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1928 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1929 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
1931 // Now build an old keystore passphrase nigori node.
1932 EXPECT_CALL(*observer(),
1933 OnCryptographerStateChanged(_)).Times(AnyNumber());
1934 EXPECT_CALL(*observer(), OnEncryptionComplete());
1936 WriteTransaction trans(FROM_HERE, user_share());
1937 WriteNode nigori_node(&trans);
1938 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1939 sync_pb::NigoriSpecifics nigori;
1940 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1941 other_cryptographer.AddKey(old_key);
1942 encryption_handler()->GetKeystoreDecryptor(
1943 other_cryptographer,
1944 kKeystoreKey,
1945 nigori.mutable_keystore_decryptor_token());
1946 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1947 nigori.set_keybag_is_frozen(true);
1948 nigori.set_encrypt_everything(false);
1949 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1950 nigori.set_keystore_migration_time(1);
1951 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1952 nigori_node.SetNigoriSpecifics(nigori);
1954 PumpLoop();
1956 // Verify we're still migrated and have proper encryption state.
1957 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1958 EXPECT_TRUE(GetCryptographer()->is_ready());
1959 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1960 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1961 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
1964 // Trigger a key rotation upon receiving new keys if we already had a keystore
1965 // migrated nigori with the gaia key as the default (still in backwards
1966 // compatible mode).
1967 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefault) {
1968 // Destroy the existing nigori node so we init without a nigori node.
1969 TearDown();
1970 test_user_share_.SetUp();
1971 SetUpEncryption();
1973 const char kOldGaiaKey[] = "old_gaia_key";
1974 const char kRawOldKeystoreKey[] = "old_keystore_key";
1975 std::string old_keystore_key;
1976 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
1978 ReadTransaction trans(FROM_HERE, user_share());
1979 EXPECT_CALL(*observer(),
1980 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1981 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1982 kRawOldKeystoreKey),
1983 trans.GetWrappedTrans());
1985 PumpLoop();
1986 Mock::VerifyAndClearExpectations(observer());
1988 // Then init the nigori node with a backwards compatible set of keys.
1989 CreateRootForType(NIGORI);
1990 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1991 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key);
1993 // Now set some new keystore keys.
1994 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1995 EXPECT_CALL(*observer(), OnEncryptionComplete());
1997 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
1998 keys.Add()->assign(kRawOldKeystoreKey);
1999 keys.Add()->assign(kRawKeystoreKey);
2000 EXPECT_CALL(*observer(),
2001 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2002 ReadTransaction trans(FROM_HERE, user_share());
2003 encryption_handler()->SetKeystoreKeys(keys,
2004 trans.GetWrappedTrans());
2006 // Pump for any posted tasks.
2007 PumpLoop();
2008 Mock::VerifyAndClearExpectations(observer());
2010 // Verify we're still migrated and have proper encryption state. We should
2011 // have rotated the keybag so that it's now encrypted with the newest keystore
2012 // key (instead of the old gaia key).
2013 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2014 EXPECT_TRUE(GetCryptographer()->is_ready());
2015 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
2016 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
2017 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2020 // Trigger a key rotation upon receiving new keys if we already had a keystore
2021 // migrated nigori with the keystore key as the default.
2022 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysKeystoreDefault) {
2023 // Destroy the existing nigori node so we init without a nigori node.
2024 TearDown();
2025 test_user_share_.SetUp();
2026 SetUpEncryption();
2028 const char kRawOldKeystoreKey[] = "old_keystore_key";
2029 std::string old_keystore_key;
2030 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2032 ReadTransaction trans(FROM_HERE, user_share());
2033 EXPECT_CALL(*observer(),
2034 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2035 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
2036 kRawOldKeystoreKey),
2037 trans.GetWrappedTrans());
2039 PumpLoop();
2040 Mock::VerifyAndClearExpectations(observer());
2042 // Then init the nigori node with a non-backwards compatible set of keys.
2043 CreateRootForType(NIGORI);
2044 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2045 InitKeystoreMigratedNigori(1, old_keystore_key, old_keystore_key);
2047 // Now set some new keystore keys.
2048 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2049 EXPECT_CALL(*observer(), OnEncryptionComplete());
2051 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2052 keys.Add()->assign(kRawOldKeystoreKey);
2053 keys.Add()->assign(kRawKeystoreKey);
2054 EXPECT_CALL(*observer(),
2055 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2056 ReadTransaction trans(FROM_HERE, user_share());
2057 encryption_handler()->SetKeystoreKeys(keys,
2058 trans.GetWrappedTrans());
2060 // Pump for any posted tasks.
2061 PumpLoop();
2062 Mock::VerifyAndClearExpectations(observer());
2064 // Verify we're still migrated and have proper encryption state. We should
2065 // have rotated the keybag so that it's now encrypted with the newest keystore
2066 // key (instead of the old gaia key).
2067 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2068 EXPECT_TRUE(GetCryptographer()->is_ready());
2069 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
2070 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
2071 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2074 // Trigger a key rotation upon when a pending gaia passphrase is resolved.
2075 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysAfterPendingGaiaResolved) {
2076 const char kOldGaiaKey[] = "old_gaia_key";
2077 const char kRawOldKeystoreKey[] = "old_keystore_key";
2079 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2080 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE);
2083 // Pass multiple keystore keys, signaling a rotation has happened.
2084 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2085 keys.Add()->assign(kRawOldKeystoreKey);
2086 keys.Add()->assign(kRawKeystoreKey);
2087 ReadTransaction trans(FROM_HERE, user_share());
2088 EXPECT_CALL(*observer(),
2089 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2090 encryption_handler()->SetKeystoreKeys(keys,
2091 trans.GetWrappedTrans());
2093 PumpLoop();
2094 Mock::VerifyAndClearExpectations(observer());
2096 // Resolve the pending keys. This should trigger the key rotation.
2097 EXPECT_CALL(*observer(),
2098 OnCryptographerStateChanged(_)).Times(AnyNumber());
2099 EXPECT_CALL(*observer(),
2100 OnPassphraseAccepted());
2101 EXPECT_CALL(*observer(),
2102 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2103 EXPECT_CALL(*observer(),
2104 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
2105 EXPECT_CALL(*observer(),
2106 OnEncryptionComplete()).Times(AtLeast(1));
2107 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
2108 encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey);
2109 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2110 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
2111 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2114 // When signing in for the first time, make sure we can rotate keys if we
2115 // already have a keystore migrated nigori.
2116 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) {
2117 // Destroy the existing nigori node so we init without a nigori node.
2118 TearDown();
2119 test_user_share_.SetUp();
2120 SetUpEncryption();
2122 const char kOldGaiaKey[] = "old_gaia_key";
2123 const char kRawOldKeystoreKey[] = "old_keystore_key";
2124 std::string old_keystore_key;
2125 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2127 // Set two keys, signaling that a rotation has been performed. No nigori
2128 // node is present yet, so we can't rotate.
2130 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2131 keys.Add()->assign(kRawOldKeystoreKey);
2132 keys.Add()->assign(kRawKeystoreKey);
2133 EXPECT_CALL(*observer(),
2134 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2135 ReadTransaction trans(FROM_HERE, user_share());
2136 encryption_handler()->SetKeystoreKeys(keys,
2137 trans.GetWrappedTrans());
2140 // Then init the nigori node with an old set of keys.
2141 CreateRootForType(NIGORI);
2142 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2143 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key);
2144 PumpLoop();
2145 Mock::VerifyAndClearExpectations(observer());
2147 // Verify we're still migrated and have proper encryption state. We should
2148 // have rotated the keybag so that it's now encrypted with the newest keystore
2149 // key (instead of the old gaia key).
2150 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2151 EXPECT_TRUE(GetCryptographer()->is_ready());
2152 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
2153 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
2154 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2157 // Trigger a key rotation when a migrated nigori (with an old keystore key) is
2158 // applied.
2159 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysWhenMigratedNigoriArrives) {
2160 const char kOldGaiaKey[] = "old_gaia_key";
2161 const char kRawOldKeystoreKey[] = "old_keystore_key";
2162 std::string old_keystore_key;
2163 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2165 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2166 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE);
2169 // Pass multiple keystore keys, signaling a rotation has happened.
2170 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2171 keys.Add()->assign(kRawOldKeystoreKey);
2172 keys.Add()->assign(kRawKeystoreKey);
2173 ReadTransaction trans(FROM_HERE, user_share());
2174 EXPECT_CALL(*observer(),
2175 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2176 encryption_handler()->SetKeystoreKeys(keys,
2177 trans.GetWrappedTrans());
2179 PumpLoop();
2180 Mock::VerifyAndClearExpectations(observer());
2182 // Now simulate downloading a nigori node that was migrated before the
2183 // keys were rotated, and hence still encrypt with the old gaia key.
2184 EXPECT_CALL(*observer(),
2185 OnCryptographerStateChanged(_)).Times(AnyNumber());
2186 EXPECT_CALL(*observer(),
2187 OnPassphraseAccepted());
2188 EXPECT_CALL(*observer(),
2189 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2190 EXPECT_CALL(*observer(),
2191 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
2192 EXPECT_CALL(*observer(),
2193 OnEncryptionComplete()).Times(AtLeast(1));
2195 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
2196 KEYSTORE_PASSPHRASE,
2198 kOldGaiaKey,
2199 old_keystore_key);
2200 // Update the encryption handler.
2201 WriteTransaction trans(FROM_HERE, user_share());
2202 encryption_handler()->ApplyNigoriUpdate(
2203 nigori,
2204 trans.GetWrappedTrans());
2206 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
2207 PumpLoop();
2209 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2210 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
2211 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2214 // Verify that performing a migration while having more than one keystore key
2215 // preserves a custom passphrase.
2216 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) {
2217 const char kCustomPass[] = "custom_passphrase";
2218 const char kRawOldKeystoreKey[] = "old_keystore_key";
2220 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2221 InitUnmigratedNigori(kCustomPass, CUSTOM_PASSPHRASE);
2224 // Pass multiple keystore keys, signaling a rotation has happened.
2225 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2226 keys.Add()->assign(kRawOldKeystoreKey);
2227 keys.Add()->assign(kRawKeystoreKey);
2228 ReadTransaction trans(FROM_HERE, user_share());
2229 EXPECT_CALL(*observer(),
2230 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2231 encryption_handler()->SetKeystoreKeys(keys,
2232 trans.GetWrappedTrans());
2234 PumpLoop();
2235 Mock::VerifyAndClearExpectations(observer());
2237 // Pass the decryption passphrase. This will also trigger the migration,
2238 // but should not overwrite the default key.
2239 EXPECT_CALL(*observer(),
2240 OnCryptographerStateChanged(_)).Times(AnyNumber());
2241 EXPECT_CALL(*observer(),
2242 OnPassphraseAccepted());
2243 EXPECT_CALL(*observer(),
2244 OnEncryptedTypesChanged(_, true));
2245 EXPECT_CALL(*observer(),
2246 OnEncryptionComplete()).Times(AnyNumber());
2247 EXPECT_CALL(*observer(),
2248 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
2249 encryption_handler()->SetDecryptionPassphrase(kCustomPass);
2250 Mock::VerifyAndClearExpectations(observer());
2252 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCustomPass);
2255 // Verify that a key rotation done after we've migrated a custom passphrase
2256 // nigori node preserves the custom passphrase.
2257 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysMigratedCustomPassphrase) {
2258 const char kCustomPass[] = "custom_passphrase";
2259 const char kRawOldKeystoreKey[] = "old_keystore_key";
2261 KeyParams custom_key = {"localhost", "dummy", kCustomPass};
2262 GetCryptographer()->AddKey(custom_key);
2264 InitCustomPassMigratedNigori(1, kCustomPass);
2265 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCustomPass);
2268 // Pass multiple keystore keys, signaling a rotation has happened.
2269 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2270 keys.Add()->assign(kRawOldKeystoreKey);
2271 keys.Add()->assign(kRawKeystoreKey);
2272 ReadTransaction trans(FROM_HERE, user_share());
2273 EXPECT_CALL(*observer(),
2274 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2275 EXPECT_CALL(*observer(),
2276 OnCryptographerStateChanged(_)).Times(AnyNumber());
2277 encryption_handler()->SetKeystoreKeys(keys,
2278 trans.GetWrappedTrans());
2280 PumpLoop();
2281 Mock::VerifyAndClearExpectations(observer());
2283 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCustomPass);
2286 } // namespace syncer