Roll src/third_party/WebKit 96fb88b:6bbd108 (svn 201045:201047)
[chromium-blink-merge.git] / sync / syncable / nigori_util.cc
blobdb779a431a60ae9378bb13cd3d8cdae1b6582cae
1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sync/syncable/nigori_util.h"
7 #include <queue>
8 #include <string>
9 #include <vector>
11 #include "base/json/json_writer.h"
12 #include "sync/syncable/directory.h"
13 #include "sync/syncable/entry.h"
14 #include "sync/syncable/nigori_handler.h"
15 #include "sync/syncable/mutable_entry.h"
16 #include "sync/syncable/syncable_util.h"
17 #include "sync/syncable/syncable_write_transaction.h"
18 #include "sync/util/cryptographer.h"
20 namespace syncer {
21 namespace syncable {
23 bool ProcessUnsyncedChangesForEncryption(
24 WriteTransaction* const trans) {
25 NigoriHandler* nigori_handler = trans->directory()->GetNigoriHandler();
26 ModelTypeSet encrypted_types = nigori_handler->GetEncryptedTypes(trans);
27 Cryptographer* cryptographer = trans->directory()->GetCryptographer(trans);
28 DCHECK(cryptographer->is_ready());
30 // Get list of all datatypes with unsynced changes. It's possible that our
31 // local changes need to be encrypted if encryption for that datatype was
32 // just turned on (and vice versa).
33 // Note: we do not attempt to re-encrypt data with a new key here as key
34 // changes in this code path are likely due to consistency issues (we have
35 // to be updated to a key we already have, e.g. an old key).
36 std::vector<int64> handles;
37 GetUnsyncedEntries(trans, &handles);
38 for (size_t i = 0; i < handles.size(); ++i) {
39 MutableEntry entry(trans, GET_BY_HANDLE, handles[i]);
40 const sync_pb::EntitySpecifics& specifics = entry.GetSpecifics();
41 // Ignore types that don't need encryption or entries that are already
42 // encrypted.
43 if (!SpecificsNeedsEncryption(encrypted_types, specifics))
44 continue;
45 if (!UpdateEntryWithEncryption(trans, specifics, &entry))
46 return false;
48 return true;
51 bool VerifyUnsyncedChangesAreEncrypted(
52 BaseTransaction* const trans,
53 ModelTypeSet encrypted_types) {
54 std::vector<int64> handles;
55 GetUnsyncedEntries(trans, &handles);
56 for (size_t i = 0; i < handles.size(); ++i) {
57 Entry entry(trans, GET_BY_HANDLE, handles[i]);
58 if (!entry.good()) {
59 NOTREACHED();
60 return false;
62 if (EntryNeedsEncryption(encrypted_types, entry))
63 return false;
65 return true;
68 bool EntryNeedsEncryption(ModelTypeSet encrypted_types,
69 const Entry& entry) {
70 if (!entry.GetUniqueServerTag().empty())
71 return false; // We don't encrypt unique server nodes.
72 ModelType type = entry.GetModelType();
73 if (type == PASSWORDS || IsControlType(type))
74 return false;
75 // Checking NON_UNIQUE_NAME is not necessary for the correctness of encrypting
76 // the data, nor for determining if data is encrypted. We simply ensure it has
77 // been overwritten to avoid any possible leaks of sensitive data.
78 return SpecificsNeedsEncryption(encrypted_types, entry.GetSpecifics()) ||
79 (encrypted_types.Has(type) &&
80 entry.GetNonUniqueName() != kEncryptedString);
83 bool SpecificsNeedsEncryption(ModelTypeSet encrypted_types,
84 const sync_pb::EntitySpecifics& specifics) {
85 const ModelType type = GetModelTypeFromSpecifics(specifics);
86 if (type == PASSWORDS || IsControlType(type))
87 return false; // These types have their own encryption schemes.
88 if (!encrypted_types.Has(type))
89 return false; // This type does not require encryption
90 return !specifics.has_encrypted();
93 // Mainly for testing.
94 bool VerifyDataTypeEncryptionForTest(
95 BaseTransaction* const trans,
96 ModelType type,
97 bool is_encrypted) {
98 Cryptographer* cryptographer = trans->directory()->GetCryptographer(trans);
99 if (type == PASSWORDS || IsControlType(type)) {
100 NOTREACHED();
101 return true;
103 Entry type_root(trans, GET_TYPE_ROOT, type);
104 if (!type_root.good()) {
105 NOTREACHED();
106 return false;
109 std::queue<Id> to_visit;
110 Id id_string = type_root.GetFirstChildId();
111 to_visit.push(id_string);
112 while (!to_visit.empty()) {
113 id_string = to_visit.front();
114 to_visit.pop();
115 if (id_string.IsNull())
116 continue;
118 Entry child(trans, GET_BY_ID, id_string);
119 if (!child.good()) {
120 NOTREACHED();
121 return false;
123 if (child.GetIsDir()) {
124 Id child_id_string = child.GetFirstChildId();
125 // Traverse the children.
126 to_visit.push(child_id_string);
128 const sync_pb::EntitySpecifics& specifics = child.GetSpecifics();
129 DCHECK_EQ(type, child.GetModelType());
130 DCHECK_EQ(type, GetModelTypeFromSpecifics(specifics));
131 // We don't encrypt the server's permanent items.
132 if (child.GetUniqueServerTag().empty()) {
133 if (specifics.has_encrypted() != is_encrypted)
134 return false;
135 if (specifics.has_encrypted()) {
136 if (child.GetNonUniqueName() != kEncryptedString)
137 return false;
138 if (!cryptographer->CanDecryptUsingDefaultKey(specifics.encrypted()))
139 return false;
142 // Push the successor.
143 to_visit.push(child.GetSuccessorId());
145 return true;
148 bool UpdateEntryWithEncryption(
149 BaseTransaction* const trans,
150 const sync_pb::EntitySpecifics& new_specifics,
151 syncable::MutableEntry* entry) {
152 NigoriHandler* nigori_handler = trans->directory()->GetNigoriHandler();
153 Cryptographer* cryptographer = trans->directory()->GetCryptographer(trans);
154 ModelType type = GetModelTypeFromSpecifics(new_specifics);
155 DCHECK_GE(type, FIRST_REAL_MODEL_TYPE);
156 const sync_pb::EntitySpecifics& old_specifics = entry->GetSpecifics();
157 const ModelTypeSet encrypted_types =
158 nigori_handler?
159 nigori_handler->GetEncryptedTypes(trans) : ModelTypeSet();
160 // It's possible the nigori lost the set of encrypted types. If the current
161 // specifics are already encrypted, we want to ensure we continue encrypting.
162 bool was_encrypted = old_specifics.has_encrypted();
163 sync_pb::EntitySpecifics generated_specifics;
164 if (new_specifics.has_encrypted()) {
165 NOTREACHED() << "New specifics already has an encrypted blob.";
166 return false;
168 if ((!SpecificsNeedsEncryption(encrypted_types, new_specifics) &&
169 !was_encrypted) ||
170 !cryptographer || !cryptographer->is_initialized()) {
171 // No encryption required or we are unable to encrypt.
172 generated_specifics.CopyFrom(new_specifics);
173 } else {
174 // Encrypt new_specifics into generated_specifics.
175 if (VLOG_IS_ON(2)) {
176 scoped_ptr<base::DictionaryValue> value(entry->ToValue(NULL));
177 std::string info;
178 base::JSONWriter::WriteWithOptions(
179 *value, base::JSONWriter::OPTIONS_PRETTY_PRINT, &info);
180 DVLOG(2) << "Encrypting specifics of type "
181 << ModelTypeToString(type)
182 << " with content: "
183 << info;
185 // Only copy over the old specifics if it is of the right type and already
186 // encrypted. The first time we encrypt a node we start from scratch, hence
187 // removing all the unencrypted data, but from then on we only want to
188 // update the node if the data changes or the encryption key changes.
189 if (GetModelTypeFromSpecifics(old_specifics) == type &&
190 was_encrypted) {
191 generated_specifics.CopyFrom(old_specifics);
192 } else {
193 AddDefaultFieldValue(type, &generated_specifics);
195 // Does not change anything if underlying encrypted blob was already up
196 // to date and encrypted with the default key.
197 if (!cryptographer->Encrypt(new_specifics,
198 generated_specifics.mutable_encrypted())) {
199 NOTREACHED() << "Could not encrypt data for node of type "
200 << ModelTypeToString(type);
201 return false;
205 // It's possible this entry was encrypted but didn't properly overwrite the
206 // non_unique_name (see crbug.com/96314).
207 bool encrypted_without_overwriting_name = (was_encrypted &&
208 entry->GetNonUniqueName() != kEncryptedString);
210 // If we're encrypted but the name wasn't overwritten properly we still want
211 // to rewrite the entry, irrespective of whether the specifics match.
212 if (!encrypted_without_overwriting_name &&
213 old_specifics.SerializeAsString() ==
214 generated_specifics.SerializeAsString()) {
215 DVLOG(2) << "Specifics of type " << ModelTypeToString(type)
216 << " already match, dropping change.";
217 return true;
220 if (generated_specifics.has_encrypted()) {
221 // Overwrite the possibly sensitive non-specifics data.
222 entry->PutNonUniqueName(kEncryptedString);
223 // For bookmarks we actually put bogus data into the unencrypted specifics,
224 // else the server will try to do it for us.
225 if (type == BOOKMARKS) {
226 sync_pb::BookmarkSpecifics* bookmark_specifics =
227 generated_specifics.mutable_bookmark();
228 if (!entry->GetIsDir())
229 bookmark_specifics->set_url(kEncryptedString);
230 bookmark_specifics->set_title(kEncryptedString);
233 entry->PutSpecifics(generated_specifics);
234 DVLOG(1) << "Overwriting specifics of type "
235 << ModelTypeToString(type)
236 << " and marking for syncing.";
237 syncable::MarkForSyncing(entry);
238 return true;
241 void UpdateNigoriFromEncryptedTypes(ModelTypeSet encrypted_types,
242 bool encrypt_everything,
243 sync_pb::NigoriSpecifics* nigori) {
244 nigori->set_encrypt_everything(encrypt_everything);
245 static_assert(36 == MODEL_TYPE_COUNT, "update encrypted types");
246 nigori->set_encrypt_bookmarks(
247 encrypted_types.Has(BOOKMARKS));
248 nigori->set_encrypt_preferences(
249 encrypted_types.Has(PREFERENCES));
250 nigori->set_encrypt_autofill_profile(
251 encrypted_types.Has(AUTOFILL_PROFILE));
252 nigori->set_encrypt_autofill(encrypted_types.Has(AUTOFILL));
253 nigori->set_encrypt_autofill_wallet_metadata(
254 encrypted_types.Has(AUTOFILL_WALLET_METADATA));
255 nigori->set_encrypt_themes(encrypted_types.Has(THEMES));
256 nigori->set_encrypt_typed_urls(
257 encrypted_types.Has(TYPED_URLS));
258 nigori->set_encrypt_extension_settings(
259 encrypted_types.Has(EXTENSION_SETTINGS));
260 nigori->set_encrypt_extensions(
261 encrypted_types.Has(EXTENSIONS));
262 nigori->set_encrypt_search_engines(
263 encrypted_types.Has(SEARCH_ENGINES));
264 nigori->set_encrypt_sessions(encrypted_types.Has(SESSIONS));
265 nigori->set_encrypt_app_settings(
266 encrypted_types.Has(APP_SETTINGS));
267 nigori->set_encrypt_apps(encrypted_types.Has(APPS));
268 nigori->set_encrypt_app_notifications(
269 encrypted_types.Has(APP_NOTIFICATIONS));
270 nigori->set_encrypt_dictionary(encrypted_types.Has(DICTIONARY));
271 nigori->set_encrypt_favicon_images(encrypted_types.Has(FAVICON_IMAGES));
272 nigori->set_encrypt_favicon_tracking(encrypted_types.Has(FAVICON_TRACKING));
273 nigori->set_encrypt_articles(encrypted_types.Has(ARTICLES));
274 nigori->set_encrypt_app_list(encrypted_types.Has(APP_LIST));
277 ModelTypeSet GetEncryptedTypesFromNigori(
278 const sync_pb::NigoriSpecifics& nigori) {
279 if (nigori.encrypt_everything())
280 return ModelTypeSet::All();
282 ModelTypeSet encrypted_types;
283 static_assert(36 == MODEL_TYPE_COUNT, "update encrypted types");
284 if (nigori.encrypt_bookmarks())
285 encrypted_types.Put(BOOKMARKS);
286 if (nigori.encrypt_preferences())
287 encrypted_types.Put(PREFERENCES);
288 if (nigori.encrypt_autofill_profile())
289 encrypted_types.Put(AUTOFILL_PROFILE);
290 if (nigori.encrypt_autofill())
291 encrypted_types.Put(AUTOFILL);
292 if (nigori.encrypt_autofill_wallet_metadata())
293 encrypted_types.Put(AUTOFILL_WALLET_METADATA);
294 if (nigori.encrypt_themes())
295 encrypted_types.Put(THEMES);
296 if (nigori.encrypt_typed_urls())
297 encrypted_types.Put(TYPED_URLS);
298 if (nigori.encrypt_extension_settings())
299 encrypted_types.Put(EXTENSION_SETTINGS);
300 if (nigori.encrypt_extensions())
301 encrypted_types.Put(EXTENSIONS);
302 if (nigori.encrypt_search_engines())
303 encrypted_types.Put(SEARCH_ENGINES);
304 if (nigori.encrypt_sessions())
305 encrypted_types.Put(SESSIONS);
306 if (nigori.encrypt_app_settings())
307 encrypted_types.Put(APP_SETTINGS);
308 if (nigori.encrypt_apps())
309 encrypted_types.Put(APPS);
310 if (nigori.encrypt_app_notifications())
311 encrypted_types.Put(APP_NOTIFICATIONS);
312 if (nigori.encrypt_dictionary())
313 encrypted_types.Put(DICTIONARY);
314 if (nigori.encrypt_favicon_images())
315 encrypted_types.Put(FAVICON_IMAGES);
316 if (nigori.encrypt_favicon_tracking())
317 encrypted_types.Put(FAVICON_TRACKING);
318 if (nigori.encrypt_articles())
319 encrypted_types.Put(ARTICLES);
320 if (nigori.encrypt_app_list())
321 encrypted_types.Put(APP_LIST);
322 return encrypted_types;
325 } // namespace syncable
326 } // namespace syncer