| blob | 2db4c478496b2f907554b57b6ff2b6dc05555f3c |
1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_
6 #define SYNC_INTERNAL_API_SYNC_ENCRYPTION_HANDLER_IMPL_H_
8 #include <string>
29 // Sync encryption handler implementation.
30 //
31 // This class acts as the respository of all sync encryption state, and handles
32 // encryption related changes/queries coming from both the chrome side and
33 // the sync side (via NigoriHandler). It is capable of modifying all sync data
34 // (re-encryption), updating the encrypted types, changing the encryption keys,
35 // and creating/receiving nigori node updates.
36 //
37 // The class should live as long as the directory itself in order to ensure
38 // any data read/written is properly decrypted/encrypted.
39 //
40 // Note: See sync_encryption_handler.h for a description of the chrome visible
41 // methods and what they do, and nigori_handler.h for a description of the
42 // sync methods.
43 // All methods are non-thread-safe and should only be called from the sync
44 // thread unless explicitly noted otherwise.
45 class SYNC_EXPORT_PRIVATE SyncEncryptionHandlerImpl
56 // SyncEncryptionHandler implementation.
67 // NigoriHandler implementation.
68 // Note: all methods are invoked while the caller holds a transaction.
78 // Can be called from any thread.
82 // Unsafe getters. Use only if sync is not up and running and there is no risk
83 // of other threads calling this.
94 NigoriEncryptionTypes);
96 EncryptEverythingExplicit);
98 EncryptEverythingImplicit);
100 UnknownSensitiveTypes);
102 GetKeystoreDecryptor);
104 ReceiveMigratedNigoriKeystorePass);
106 ReceiveUmigratedNigoriAfterMigration);
108 ReceiveOldMigratedNigori);
110 SetKeystoreAfterReceivingMigratedNigori);
112 SetCustomPassAfterMigration);
114 SetCustomPassAfterMigrationNoKeystoreKey);
116 SetImplicitPassAfterMigrationNoKeystoreKey);
118 MigrateOnEncryptEverythingKeystorePassphrase);
120 ReceiveMigratedNigoriWithOldPassphrase);
122 // Container for members that require thread safety protection. All members
123 // that can be accessed from more than one thread should be held here and
124 // accessed via UnlockVault(..) and UnlockVaultMutable(..), which enforce
125 // that a transaction is held.
130 // Sync's cryptographer. Used for encrypting and decrypting sync data.
131 Cryptographer cryptographer;
132 // The set of types that require encryption.
133 ModelTypeSet encrypted_types;
137 };
139 // Iterate over all encrypted types ensuring each entry is properly encrypted.
142 // Apply a nigori update. Updates internal and cryptographer state.
143 // Returns true on success, false if |nigori| was incompatible, and the
144 // nigori node must be corrected.
145 // Note: must be called from within a transaction.
149 // Wrapper around WriteEncryptionStateToNigori that creates a new write
150 // transaction.
153 // Write the current encryption state into the nigori node. This includes
154 // the encrypted types/encrypt everything state, as well as the keybag/
155 // explicit passphrase state (if the cryptographer is ready).
158 // Updates local encrypted types from |nigori|.
159 // Returns true if the local set of encrypted types either matched or was
160 // a subset of that in |nigori|. Returns false if the local state already
161 // had stricter encryption than |nigori|, and the nigori node needs to be
162 // updated with the newer encryption state.
163 // Note: must be called from within a transaction.
168 // TODO(zea): make these public and have them replace SetEncryptionPassphrase
169 // and SetDecryptionPassphrase.
170 // Helper methods for handling passphrases once keystore migration has taken
171 // place.
172 //
173 // Sets a new custom passphrase. Should only be called if a custom passphrase
174 // is not already set.
175 // Triggers OnPassphraseAccepted on success, OnPassphraseRequired if a custom
176 // passphrase already existed.
180 // Decrypt the encryption keybag using a user provided passphrase.
181 // Should only be called if the current passphrase is a frozen implicit
182 // passphrase or a custom passphrase.
183 // Triggers OnPassphraseAccepted on success, OnPassphraseRequired on failure.
188 // The final step of SetEncryptionPassphrase and SetDecryptionPassphrase that
189 // notifies observers of the result of the set passphrase operation, updates
190 // the nigori node, and does re-encryption.
191 // |success|: true if the operation was successful and false otherwise. If
192 // success == false, we send an OnPassphraseRequired notification.
193 // |bootstrap_token|: used to inform observers if the cryptographer's
194 // bootstrap token was updated.
195 // |is_explicit|: used to differentiate between a custom passphrase (true) and
196 // a GAIA passphrase that is implicitly used for encryption
197 // (false).
198 // |trans| and |nigori_node|: used to access data in the cryptographer.
204 // Merges the given set of encrypted types with the existing set and emits a
205 // notification if necessary.
206 // Note: must be called from within a transaction.
210 // Helper methods for ensuring transactions are held when accessing
211 // |vault_unsafe_|.
215 // Helper method for determining if migration of a nigori node should be
216 // triggered or not.
217 // Conditions for triggering migration:
218 // 1. Cryptographer has no pending keys
219 // 2. Nigori node isn't already properly migrated or we need to rotate keys.
220 // 3. Keystore key is available.
221 // Note: if the nigori node is migrated but has an invalid state, will return
222 // true (e.g. node has KEYSTORE_PASSPHRASE, local is CUSTOM_PASSPHRASE).
226 // Performs the actual migration of the |nigori_node| to support keystore
227 // encryption iff ShouldTriggerMigration(..) returns true.
231 // Fill |encrypted_blob| with the keystore decryptor token if
232 // |encrypted_blob|'s contents didn't already contain the key.
233 // The keystore decryptor token is the serialized current default encryption
234 // key, encrypted with the keystore key.
240 // Helper method for installing the keys encrypted in |encryption_keybag|
241 // into |cryptographer|.
242 // Returns true on success, false if we were unable to install the keybag.
243 // Will not update the default key.
248 // Helper method for decrypting pending keys with the keystore bootstrap.
249 // If successful, the default will become the key encrypted in the keystore
250 // bootstrap, and will return true. Else will return false.
256 // Helper to enable encrypt everything, notifying observers if necessary.
257 // Will not perform re-encryption.
260 // If an explicit passphrase is in use, returns the time at which it was set
261 // (if known). Else return base::Time().
268 // The current user share (for creating transactions).
271 // Container for all data that can be accessed from multiple threads. Do not
272 // access this object directly. Instead access it via UnlockVault(..) and
273 // UnlockVaultMutable(..).
274 Vault vault_unsafe_;
276 // Sync encryption state that is only modified and accessed from the sync
277 // thread.
278 // Whether all current and future types should be encrypted.
280 // The current state of the passphrase required to decrypt the encryption
281 // keys stored in the nigori node.
282 PassphraseType passphrase_type_;
284 // The current keystore key provided by the server.
287 // The set of old keystore keys. Every time a key rotation occurs, the server
288 // sends down all previous keystore keys as well as the new key. We preserve
289 // the old keys so that when we re-encrypt we can ensure they're all added to
290 // the keybag (and to detect that a key rotation has occurred).
293 // The number of times we've automatically (i.e. not via SetPassphrase or
294 // conflict resolver) updated the nigori's encryption keys in this chrome
295 // instantiation.
298 // The time the nigori was migrated to support keystore encryption.
301 // The time the custom passphrase was set for this account. Not valid
302 // if there is no custom passphrase or the custom passphrase was set
303 // before support for this field was added.
309 };