1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "sync/syncable/nigori_util.h"
11 #include "base/json/json_writer.h"
12 #include "sync/syncable/directory.h"
13 #include "sync/syncable/entry.h"
14 #include "sync/syncable/nigori_handler.h"
15 #include "sync/syncable/mutable_entry.h"
16 #include "sync/syncable/syncable_util.h"
17 #include "sync/syncable/syncable_write_transaction.h"
18 #include "sync/util/cryptographer.h"
23 bool ProcessUnsyncedChangesForEncryption(
24 WriteTransaction
* const trans
) {
25 NigoriHandler
* nigori_handler
= trans
->directory()->GetNigoriHandler();
26 ModelTypeSet encrypted_types
= nigori_handler
->GetEncryptedTypes(trans
);
27 Cryptographer
* cryptographer
= trans
->directory()->GetCryptographer(trans
);
28 DCHECK(cryptographer
->is_ready());
30 // Get list of all datatypes with unsynced changes. It's possible that our
31 // local changes need to be encrypted if encryption for that datatype was
32 // just turned on (and vice versa).
33 // Note: we do not attempt to re-encrypt data with a new key here as key
34 // changes in this code path are likely due to consistency issues (we have
35 // to be updated to a key we already have, e.g. an old key).
36 std::vector
<int64
> handles
;
37 GetUnsyncedEntries(trans
, &handles
);
38 for (size_t i
= 0; i
< handles
.size(); ++i
) {
39 MutableEntry
entry(trans
, GET_BY_HANDLE
, handles
[i
]);
40 const sync_pb::EntitySpecifics
& specifics
= entry
.Get(SPECIFICS
);
41 // Ignore types that don't need encryption or entries that are already
43 if (!SpecificsNeedsEncryption(encrypted_types
, specifics
))
45 if (!UpdateEntryWithEncryption(trans
, specifics
, &entry
))
51 bool VerifyUnsyncedChangesAreEncrypted(
52 BaseTransaction
* const trans
,
53 ModelTypeSet encrypted_types
) {
54 std::vector
<int64
> handles
;
55 GetUnsyncedEntries(trans
, &handles
);
56 for (size_t i
= 0; i
< handles
.size(); ++i
) {
57 Entry
entry(trans
, GET_BY_HANDLE
, handles
[i
]);
62 if (EntryNeedsEncryption(encrypted_types
, entry
))
68 bool EntryNeedsEncryption(ModelTypeSet encrypted_types
,
70 if (!entry
.Get(UNIQUE_SERVER_TAG
).empty())
71 return false; // We don't encrypt unique server nodes.
72 ModelType type
= entry
.GetModelType();
73 if (type
== PASSWORDS
|| IsControlType(type
))
75 // Checking NON_UNIQUE_NAME is not necessary for the correctness of encrypting
76 // the data, nor for determining if data is encrypted. We simply ensure it has
77 // been overwritten to avoid any possible leaks of sensitive data.
78 return SpecificsNeedsEncryption(encrypted_types
, entry
.Get(SPECIFICS
)) ||
79 (encrypted_types
.Has(type
) &&
80 entry
.Get(NON_UNIQUE_NAME
) != kEncryptedString
);
83 bool SpecificsNeedsEncryption(ModelTypeSet encrypted_types
,
84 const sync_pb::EntitySpecifics
& specifics
) {
85 const ModelType type
= GetModelTypeFromSpecifics(specifics
);
86 if (type
== PASSWORDS
|| IsControlType(type
))
87 return false; // These types have their own encryption schemes.
88 if (!encrypted_types
.Has(type
))
89 return false; // This type does not require encryption
90 return !specifics
.has_encrypted();
93 // Mainly for testing.
94 bool VerifyDataTypeEncryptionForTest(
95 BaseTransaction
* const trans
,
98 Cryptographer
* cryptographer
= trans
->directory()->GetCryptographer(trans
);
99 if (type
== PASSWORDS
|| IsControlType(type
)) {
103 std::string type_tag
= ModelTypeToRootTag(type
);
104 Entry
type_root(trans
, GET_BY_SERVER_TAG
, type_tag
);
105 if (!type_root
.good()) {
110 std::queue
<Id
> to_visit
;
112 if (!trans
->directory()->GetFirstChildId(
113 trans
, type_root
.Get(ID
), &id_string
)) {
117 to_visit
.push(id_string
);
118 while (!to_visit
.empty()) {
119 id_string
= to_visit
.front();
121 if (id_string
.IsRoot())
124 Entry
child(trans
, GET_BY_ID
, id_string
);
129 if (child
.Get(IS_DIR
)) {
131 if (!trans
->directory()->GetFirstChildId(
132 trans
, child
.Get(ID
), &child_id_string
)) {
136 // Traverse the children.
137 to_visit
.push(child_id_string
);
139 const sync_pb::EntitySpecifics
& specifics
= child
.Get(SPECIFICS
);
140 DCHECK_EQ(type
, child
.GetModelType());
141 DCHECK_EQ(type
, GetModelTypeFromSpecifics(specifics
));
142 // We don't encrypt the server's permanent items.
143 if (child
.Get(UNIQUE_SERVER_TAG
).empty()) {
144 if (specifics
.has_encrypted() != is_encrypted
)
146 if (specifics
.has_encrypted()) {
147 if (child
.Get(NON_UNIQUE_NAME
) != kEncryptedString
)
149 if (!cryptographer
->CanDecryptUsingDefaultKey(specifics
.encrypted()))
153 // Push the successor.
154 to_visit
.push(child
.GetSuccessorId());
159 bool UpdateEntryWithEncryption(
160 BaseTransaction
* const trans
,
161 const sync_pb::EntitySpecifics
& new_specifics
,
162 syncable::MutableEntry
* entry
) {
163 NigoriHandler
* nigori_handler
= trans
->directory()->GetNigoriHandler();
164 Cryptographer
* cryptographer
= trans
->directory()->GetCryptographer(trans
);
165 ModelType type
= GetModelTypeFromSpecifics(new_specifics
);
166 DCHECK_GE(type
, FIRST_REAL_MODEL_TYPE
);
167 const sync_pb::EntitySpecifics
& old_specifics
= entry
->Get(SPECIFICS
);
168 const ModelTypeSet encrypted_types
= nigori_handler
->GetEncryptedTypes(trans
);
169 // It's possible the nigori lost the set of encrypted types. If the current
170 // specifics are already encrypted, we want to ensure we continue encrypting.
171 bool was_encrypted
= old_specifics
.has_encrypted();
172 sync_pb::EntitySpecifics generated_specifics
;
173 if (new_specifics
.has_encrypted()) {
174 NOTREACHED() << "New specifics already has an encrypted blob.";
177 if ((!SpecificsNeedsEncryption(encrypted_types
, new_specifics
) &&
179 !cryptographer
->is_initialized()) {
180 // No encryption required or we are unable to encrypt.
181 generated_specifics
.CopyFrom(new_specifics
);
183 // Encrypt new_specifics into generated_specifics.
185 scoped_ptr
<DictionaryValue
> value(entry
->ToValue(NULL
));
187 base::JSONWriter::WriteWithOptions(value
.get(),
188 base::JSONWriter::OPTIONS_PRETTY_PRINT
,
190 DVLOG(2) << "Encrypting specifics of type "
191 << ModelTypeToString(type
)
195 // Only copy over the old specifics if it is of the right type and already
196 // encrypted. The first time we encrypt a node we start from scratch, hence
197 // removing all the unencrypted data, but from then on we only want to
198 // update the node if the data changes or the encryption key changes.
199 if (GetModelTypeFromSpecifics(old_specifics
) == type
&&
201 generated_specifics
.CopyFrom(old_specifics
);
203 AddDefaultFieldValue(type
, &generated_specifics
);
205 // Does not change anything if underlying encrypted blob was already up
206 // to date and encrypted with the default key.
207 if (!cryptographer
->Encrypt(new_specifics
,
208 generated_specifics
.mutable_encrypted())) {
209 NOTREACHED() << "Could not encrypt data for node of type "
210 << ModelTypeToString(type
);
215 // It's possible this entry was encrypted but didn't properly overwrite the
216 // non_unique_name (see crbug.com/96314).
217 bool encrypted_without_overwriting_name
= (was_encrypted
&&
218 entry
->Get(syncable::NON_UNIQUE_NAME
) != kEncryptedString
);
220 // If we're encrypted but the name wasn't overwritten properly we still want
221 // to rewrite the entry, irrespective of whether the specifics match.
222 if (!encrypted_without_overwriting_name
&&
223 old_specifics
.SerializeAsString() ==
224 generated_specifics
.SerializeAsString()) {
225 DVLOG(2) << "Specifics of type " << ModelTypeToString(type
)
226 << " already match, dropping change.";
230 if (generated_specifics
.has_encrypted()) {
231 // Overwrite the possibly sensitive non-specifics data.
232 entry
->Put(syncable::NON_UNIQUE_NAME
, kEncryptedString
);
233 // For bookmarks we actually put bogus data into the unencrypted specifics,
234 // else the server will try to do it for us.
235 if (type
== BOOKMARKS
) {
236 sync_pb::BookmarkSpecifics
* bookmark_specifics
=
237 generated_specifics
.mutable_bookmark();
238 if (!entry
->Get(syncable::IS_DIR
))
239 bookmark_specifics
->set_url(kEncryptedString
);
240 bookmark_specifics
->set_title(kEncryptedString
);
243 entry
->Put(syncable::SPECIFICS
, generated_specifics
);
244 DVLOG(1) << "Overwriting specifics of type "
245 << ModelTypeToString(type
)
246 << " and marking for syncing.";
247 syncable::MarkForSyncing(entry
);
251 void UpdateNigoriFromEncryptedTypes(ModelTypeSet encrypted_types
,
252 bool encrypt_everything
,
253 sync_pb::NigoriSpecifics
* nigori
) {
254 nigori
->set_encrypt_everything(encrypt_everything
);
255 COMPILE_ASSERT(17, MODEL_TYPE_COUNT
);
256 nigori
->set_encrypt_bookmarks(
257 encrypted_types
.Has(BOOKMARKS
));
258 nigori
->set_encrypt_preferences(
259 encrypted_types
.Has(PREFERENCES
));
260 nigori
->set_encrypt_autofill_profile(
261 encrypted_types
.Has(AUTOFILL_PROFILE
));
262 nigori
->set_encrypt_autofill(encrypted_types
.Has(AUTOFILL
));
263 nigori
->set_encrypt_themes(encrypted_types
.Has(THEMES
));
264 nigori
->set_encrypt_typed_urls(
265 encrypted_types
.Has(TYPED_URLS
));
266 nigori
->set_encrypt_extension_settings(
267 encrypted_types
.Has(EXTENSION_SETTINGS
));
268 nigori
->set_encrypt_extensions(
269 encrypted_types
.Has(EXTENSIONS
));
270 nigori
->set_encrypt_search_engines(
271 encrypted_types
.Has(SEARCH_ENGINES
));
272 nigori
->set_encrypt_sessions(encrypted_types
.Has(SESSIONS
));
273 nigori
->set_encrypt_app_settings(
274 encrypted_types
.Has(APP_SETTINGS
));
275 nigori
->set_encrypt_apps(encrypted_types
.Has(APPS
));
276 nigori
->set_encrypt_app_notifications(
277 encrypted_types
.Has(APP_NOTIFICATIONS
));
280 ModelTypeSet
GetEncryptedTypesFromNigori(
281 const sync_pb::NigoriSpecifics
& nigori
) {
282 if (nigori
.encrypt_everything())
283 return ModelTypeSet::All();
285 ModelTypeSet encrypted_types
;
286 COMPILE_ASSERT(17, MODEL_TYPE_COUNT
);
287 if (nigori
.encrypt_bookmarks())
288 encrypted_types
.Put(BOOKMARKS
);
289 if (nigori
.encrypt_preferences())
290 encrypted_types
.Put(PREFERENCES
);
291 if (nigori
.encrypt_autofill_profile())
292 encrypted_types
.Put(AUTOFILL_PROFILE
);
293 if (nigori
.encrypt_autofill())
294 encrypted_types
.Put(AUTOFILL
);
295 if (nigori
.encrypt_themes())
296 encrypted_types
.Put(THEMES
);
297 if (nigori
.encrypt_typed_urls())
298 encrypted_types
.Put(TYPED_URLS
);
299 if (nigori
.encrypt_extension_settings())
300 encrypted_types
.Put(EXTENSION_SETTINGS
);
301 if (nigori
.encrypt_extensions())
302 encrypted_types
.Put(EXTENSIONS
);
303 if (nigori
.encrypt_search_engines())
304 encrypted_types
.Put(SEARCH_ENGINES
);
305 if (nigori
.encrypt_sessions())
306 encrypted_types
.Put(SESSIONS
);
307 if (nigori
.encrypt_app_settings())
308 encrypted_types
.Put(APP_SETTINGS
);
309 if (nigori
.encrypt_apps())
310 encrypted_types
.Put(APPS
);
311 if (nigori
.encrypt_app_notifications())
312 encrypted_types
.Put(APP_NOTIFICATIONS
);
313 return encrypted_types
;
316 } // namespace syncable
317 } // namespace syncer