1 // Copyright 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "sync/internal_api/sync_encryption_handler_impl.h"
6
7 #include <string>
8
9 #include "base/base64.h"
10 #include "base/json/json_string_value_serializer.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/message_loop/message_loop.h"
13 #include "base/tracked_objects.h"
14 #include "sync/internal_api/public/base/model_type_test_util.h"
15 #include "sync/internal_api/public/read_node.h"
16 #include "sync/internal_api/public/read_transaction.h"
17 #include "sync/internal_api/public/test/test_user_share.h"
18 #include "sync/internal_api/public/write_node.h"
19 #include "sync/internal_api/public/write_transaction.h"
20 #include "sync/protocol/nigori_specifics.pb.h"
21 #include "sync/protocol/sync.pb.h"
22 #include "sync/syncable/entry.h"
23 #include "sync/syncable/mutable_entry.h"
24 #include "sync/syncable/syncable_write_transaction.h"
25 #include "sync/test/engine/test_id_factory.h"
26 #include "sync/test/fake_encryptor.h"
27 #include "sync/util/cryptographer.h"
28 #include "testing/gmock/include/gmock/gmock.h"
29 #include "testing/gtest/include/gtest/gtest.h"
30
31 namespace syncer {
32
33 namespace {
34
35 using ::testing::_;
36 using ::testing::AnyNumber;
37 using ::testing::AtLeast;
38 using ::testing::Mock;
39 using ::testing::SaveArg;
40 using ::testing::StrictMock;
41
42 // The raw keystore key the server sends.
43 static const char kRawKeystoreKey[] = "keystore_key";
44 // Base64 encoded version of |kRawKeystoreKey|.
45 static const char kKeystoreKey[] = "a2V5c3RvcmVfa2V5";
46
47 class SyncEncryptionHandlerObserverMock
48 : public SyncEncryptionHandler::Observer {
49 public:
50 MOCK_METHOD2(OnPassphraseRequired,
51 void(PassphraseRequiredReason,
52 const sync_pb::EncryptedData&)); // NOLINT
53 MOCK_METHOD0(OnPassphraseAccepted, void()); // NOLINT
54 MOCK_METHOD2(OnBootstrapTokenUpdated,
55 void(const std::string&, BootstrapTokenType type)); // NOLINT
56 MOCK_METHOD2(OnEncryptedTypesChanged,
57 void(ModelTypeSet, bool)); // NOLINT
58 MOCK_METHOD0(OnEncryptionComplete, void()); // NOLINT
59 MOCK_METHOD1(OnCryptographerStateChanged, void(Cryptographer*)); // NOLINT
60 MOCK_METHOD2(OnPassphraseTypeChanged, void(PassphraseType,
61 base::Time)); // NOLINT
62 };
63
64 google::protobuf::RepeatedPtrField<google::protobuf::string>
BuildEncryptionKeyProto(std::string encryption_key)65 BuildEncryptionKeyProto(std::string encryption_key) {
66 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
67 keys.Add()->assign(encryption_key);
68 return keys;
69 }
70
71 } // namespace
72
73 class SyncEncryptionHandlerImplTest : public ::testing::Test {
74 public:
SyncEncryptionHandlerImplTest()75 SyncEncryptionHandlerImplTest() {}
~SyncEncryptionHandlerImplTest()76 virtual ~SyncEncryptionHandlerImplTest() {}
77
SetUp()78 virtual void SetUp() {
79 test_user_share_.SetUp();
80 SetUpEncryption();
81 CreateRootForType(NIGORI);
82 }
83
TearDown()84 virtual void TearDown() {
85 PumpLoop();
86 test_user_share_.TearDown();
87 }
88
89 protected:
SetUpEncryption()90 void SetUpEncryption() {
91 encryption_handler_.reset(
92 new SyncEncryptionHandlerImpl(user_share(),
93 &encryptor_,
94 std::string(),
95 std::string() /* bootstrap tokens */));
96 encryption_handler_->AddObserver(&observer_);
97 }
98
CreateRootForType(ModelType model_type)99 void CreateRootForType(ModelType model_type) {
100 syncer::syncable::Directory* directory = user_share()->directory.get();
101
102 std::string tag_name = ModelTypeToRootTag(model_type);
103
104 syncable::WriteTransaction wtrans(FROM_HERE, syncable::UNITTEST, directory);
105 syncable::MutableEntry node(&wtrans,
106 syncable::CREATE,
107 model_type,
108 wtrans.root_id(),
109 tag_name);
110 node.PutUniqueServerTag(tag_name);
111 node.PutIsDir(true);
112 node.PutServerIsDir(false);
113 node.PutIsUnsynced(false);
114 node.PutIsUnappliedUpdate(false);
115 node.PutServerVersion(20);
116 node.PutBaseVersion(20);
117 node.PutIsDel(false);
118 node.PutId(ids_.MakeServer(tag_name));
119 sync_pb::EntitySpecifics specifics;
120 syncer::AddDefaultFieldValue(model_type, &specifics);
121 node.PutSpecifics(specifics);
122 }
123
PumpLoop()124 void PumpLoop() {
125 message_loop_.RunUntilIdle();
126 }
127
128 // Getters for tests.
user_share()129 UserShare* user_share() { return test_user_share_.user_share(); }
encryption_handler()130 SyncEncryptionHandlerImpl* encryption_handler() {
131 return encryption_handler_.get();
132 }
observer()133 SyncEncryptionHandlerObserverMock* observer() { return &observer_; }
GetCryptographer()134 Cryptographer* GetCryptographer() {
135 return encryption_handler_->GetCryptographerUnsafe();
136 }
137
VerifyMigratedNigori(PassphraseType passphrase_type,const std::string & passphrase)138 void VerifyMigratedNigori(PassphraseType passphrase_type,
139 const std::string& passphrase) {
140 VerifyMigratedNigoriWithTimestamp(0, passphrase_type, passphrase);
141 }
142
VerifyMigratedNigoriWithTimestamp(int64 migration_time,PassphraseType passphrase_type,const std::string & passphrase)143 void VerifyMigratedNigoriWithTimestamp(
144 int64 migration_time,
145 PassphraseType passphrase_type,
146 const std::string& passphrase) {
147 ReadTransaction trans(FROM_HERE, user_share());
148 ReadNode nigori_node(&trans);
149 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
150 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics();
151 if (migration_time > 0)
152 EXPECT_EQ(migration_time, nigori.keystore_migration_time());
153 else
154 EXPECT_TRUE(nigori.has_keystore_migration_time());
155 EXPECT_TRUE(nigori.keybag_is_frozen());
156 if (passphrase_type == CUSTOM_PASSPHRASE ||
157 passphrase_type == FROZEN_IMPLICIT_PASSPHRASE) {
158 EXPECT_TRUE(nigori.encrypt_everything());
159 EXPECT_TRUE(nigori.keystore_decryptor_token().blob().empty());
160 if (passphrase_type == CUSTOM_PASSPHRASE) {
161 EXPECT_EQ(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE,
162 nigori.passphrase_type());
163 if (!encryption_handler()->custom_passphrase_time().is_null()) {
164 EXPECT_EQ(nigori.custom_passphrase_time(),
165 TimeToProtoTime(
166 encryption_handler()->custom_passphrase_time()));
167 }
168 } else {
169 EXPECT_EQ(sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE,
170 nigori.passphrase_type());
171 }
172 } else {
173 EXPECT_FALSE(nigori.encrypt_everything());
174 EXPECT_FALSE(nigori.keystore_decryptor_token().blob().empty());
175 EXPECT_EQ(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE,
176 nigori.passphrase_type());
177 Cryptographer keystore_cryptographer(&encryptor_);
178 KeyParams params = {"localhost", "dummy", kKeystoreKey};
179 keystore_cryptographer.AddKey(params);
180 EXPECT_TRUE(keystore_cryptographer.CanDecryptUsingDefaultKey(
181 nigori.keystore_decryptor_token()));
182 }
183
184 Cryptographer temp_cryptographer(&encryptor_);
185 KeyParams params = {"localhost", "dummy", passphrase};
186 temp_cryptographer.AddKey(params);
187 EXPECT_TRUE(temp_cryptographer.CanDecryptUsingDefaultKey(
188 nigori.encryption_keybag()));
189 }
190
BuildMigratedNigori(PassphraseType passphrase_type,int64 migration_time,const std::string & default_passphrase,const std::string & keystore_key)191 sync_pb::NigoriSpecifics BuildMigratedNigori(
192 PassphraseType passphrase_type,
193 int64 migration_time,
194 const std::string& default_passphrase,
195 const std::string& keystore_key) {
196 DCHECK_NE(passphrase_type, IMPLICIT_PASSPHRASE);
197 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
198
199 std::string default_key = default_passphrase;
200 if (default_key.empty()) {
201 default_key = keystore_key;
202 } else {
203 KeyParams keystore_params = {"localhost", "dummy", keystore_key};
204 other_cryptographer.AddKey(keystore_params);
205 }
206 KeyParams params = {"localhost", "dummy", default_key};
207 other_cryptographer.AddKey(params);
208 EXPECT_TRUE(other_cryptographer.is_ready());
209
210 sync_pb::NigoriSpecifics nigori;
211 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
212 nigori.set_keybag_is_frozen(true);
213 nigori.set_keystore_migration_time(migration_time);
214
215 if (passphrase_type == KEYSTORE_PASSPHRASE) {
216 sync_pb::EncryptedData keystore_decryptor_token;
217 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
218 other_cryptographer,
219 keystore_key,
220 &keystore_decryptor_token));
221 nigori.mutable_keystore_decryptor_token()->CopyFrom(
222 keystore_decryptor_token);
223 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
224 } else {
225 nigori.set_encrypt_everything(true);
226 nigori.set_passphrase_type(
227 passphrase_type == CUSTOM_PASSPHRASE ?
228 sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE :
229 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
230 }
231 return nigori;
232 }
233
234 // Build a migrated nigori node with the specified default passphrase
235 // and keystore key and initialize the encryption handler with it.
InitKeystoreMigratedNigori(int64 migration_time,const std::string & default_passphrase,const std::string & keystore_key)236 void InitKeystoreMigratedNigori(int64 migration_time,
237 const std::string& default_passphrase,
238 const std::string& keystore_key) {
239 {
240 WriteTransaction trans(FROM_HERE, user_share());
241 WriteNode nigori_node(&trans);
242 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
243 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
244 KEYSTORE_PASSPHRASE,
245 migration_time,
246 default_passphrase,
247 keystore_key);
248 nigori_node.SetNigoriSpecifics(nigori);
249 }
250
251 EXPECT_CALL(*observer(),
252 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
253 EXPECT_CALL(*observer(),
254 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
255 EXPECT_CALL(*observer(),
256 OnCryptographerStateChanged(_)).Times(AtLeast(1));
257 EXPECT_CALL(*observer(),
258 OnEncryptedTypesChanged(_, false));
259 EXPECT_CALL(*observer(),
260 OnEncryptionComplete()).Times(AtLeast(1));
261 encryption_handler()->Init();
262 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
263 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
264 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
265 Mock::VerifyAndClearExpectations(observer());
266 }
267
268 // Build a migrated nigori node with the specified default passphrase
269 // as a custom passphrase.
InitCustomPassMigratedNigori(int64 migration_time,const std::string & default_passphrase)270 void InitCustomPassMigratedNigori(int64 migration_time,
271 const std::string& default_passphrase) {
272 {
273 WriteTransaction trans(FROM_HERE, user_share());
274 WriteNode nigori_node(&trans);
275 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
276 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
277 CUSTOM_PASSPHRASE,
278 migration_time,
279 default_passphrase,
280 kKeystoreKey);
281 nigori_node.SetNigoriSpecifics(nigori);
282 }
283
284 EXPECT_CALL(*observer(),
285 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
286 EXPECT_CALL(*observer(),
287 OnCryptographerStateChanged(_)).Times(AtLeast(1));
288 EXPECT_CALL(*observer(),
289 OnEncryptedTypesChanged(_, true)).Times(AtLeast(1));
290 EXPECT_CALL(*observer(),
291 OnEncryptionComplete()).Times(AtLeast(1));
292 encryption_handler()->Init();
293 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
294 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
295 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
296 Mock::VerifyAndClearExpectations(observer());
297 }
298
299 // Build an unmigrated nigori node with the specified passphrase and type and
300 // initialize the encryption handler with it.
InitUnmigratedNigori(const std::string & default_passphrase,PassphraseType passphrase_type)301 void InitUnmigratedNigori(const std::string& default_passphrase,
302 PassphraseType passphrase_type) {
303 DCHECK_NE(passphrase_type, FROZEN_IMPLICIT_PASSPHRASE);
304 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
305 KeyParams default_key = {"localhost", "dummy", default_passphrase};
306 other_cryptographer.AddKey(default_key);
307 EXPECT_TRUE(other_cryptographer.is_ready());
308
309 {
310 WriteTransaction trans(FROM_HERE, user_share());
311 WriteNode nigori_node(&trans);
312 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
313 sync_pb::NigoriSpecifics nigori;
314 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
315 nigori.set_keybag_is_frozen(passphrase_type == CUSTOM_PASSPHRASE);
316 nigori_node.SetNigoriSpecifics(nigori);
317 }
318
319 if (passphrase_type != IMPLICIT_PASSPHRASE) {
320 EXPECT_CALL(*observer(),
321 OnPassphraseTypeChanged(passphrase_type, _));
322 }
323 EXPECT_CALL(*observer(),
324 OnCryptographerStateChanged(_)).Times(AtLeast(1));
325 EXPECT_CALL(*observer(),
326 OnEncryptedTypesChanged(_, false));
327 encryption_handler()->Init();
328 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
329 EXPECT_EQ(encryption_handler()->GetPassphraseType(), passphrase_type);
330 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
331 Mock::VerifyAndClearExpectations(observer());
332 }
333
334 protected:
335 TestUserShare test_user_share_;
336 FakeEncryptor encryptor_;
337 scoped_ptr<SyncEncryptionHandlerImpl> encryption_handler_;
338 StrictMock<SyncEncryptionHandlerObserverMock> observer_;
339 TestIdFactory ids_;
340 base::MessageLoop message_loop_;
341 };
342
343 // Verify that the encrypted types are being written to and read from the
344 // nigori node properly.
TEST_F(SyncEncryptionHandlerImplTest,NigoriEncryptionTypes)345 TEST_F(SyncEncryptionHandlerImplTest, NigoriEncryptionTypes) {
346 sync_pb::NigoriSpecifics nigori;
347
348 StrictMock<SyncEncryptionHandlerObserverMock> observer2;
349 SyncEncryptionHandlerImpl handler2(user_share(),
350 &encryptor_,
351 std::string(),
352 std::string() /* bootstrap tokens */);
353 handler2.AddObserver(&observer2);
354
355 // Just set the sensitive types (shouldn't trigger any notifications).
356 ModelTypeSet encrypted_types(SyncEncryptionHandler::SensitiveTypes());
357 {
358 WriteTransaction trans(FROM_HERE, user_share());
359 encryption_handler()->MergeEncryptedTypes(
360 encrypted_types,
361 trans.GetWrappedTrans());
362 encryption_handler()->UpdateNigoriFromEncryptedTypes(
363 &nigori,
364 trans.GetWrappedTrans());
365 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
366 }
367 EXPECT_TRUE(encrypted_types.Equals(
368 encryption_handler()->GetEncryptedTypesUnsafe()));
369 EXPECT_TRUE(encrypted_types.Equals(
370 handler2.GetEncryptedTypesUnsafe()));
371
372 Mock::VerifyAndClearExpectations(observer());
373 Mock::VerifyAndClearExpectations(&observer2);
374
375 ModelTypeSet encrypted_user_types = EncryptableUserTypes();
376
377 EXPECT_CALL(*observer(),
378 OnEncryptedTypesChanged(
379 HasModelTypes(encrypted_user_types), false));
380 EXPECT_CALL(observer2,
381 OnEncryptedTypesChanged(
382 HasModelTypes(encrypted_user_types), false));
383
384 // Set all encrypted types
385 encrypted_types = EncryptableUserTypes();
386 {
387 WriteTransaction trans(FROM_HERE, user_share());
388 encryption_handler()->MergeEncryptedTypes(
389 encrypted_types,
390 trans.GetWrappedTrans());
391 encryption_handler()->UpdateNigoriFromEncryptedTypes(
392 &nigori,
393 trans.GetWrappedTrans());
394 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
395 }
396 EXPECT_TRUE(encrypted_types.Equals(
397 encryption_handler()->GetEncryptedTypesUnsafe()));
398 EXPECT_TRUE(encrypted_types.Equals(handler2.GetEncryptedTypesUnsafe()));
399
400 // Receiving an empty nigori should not reset any encrypted types or trigger
401 // an observer notification.
402 Mock::VerifyAndClearExpectations(observer());
403 Mock::VerifyAndClearExpectations(&observer2);
404 nigori = sync_pb::NigoriSpecifics();
405 {
406 WriteTransaction trans(FROM_HERE, user_share());
407 handler2.UpdateEncryptedTypesFromNigori(nigori, trans.GetWrappedTrans());
408 }
409 EXPECT_TRUE(encrypted_types.Equals(
410 encryption_handler()->GetEncryptedTypesUnsafe()));
411 }
412
413 // Verify the encryption handler processes the encrypt everything field
414 // properly.
TEST_F(SyncEncryptionHandlerImplTest,EncryptEverythingExplicit)415 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingExplicit) {
416 sync_pb::NigoriSpecifics nigori;
417 nigori.set_encrypt_everything(true);
418
419 EXPECT_CALL(*observer(),
420 OnEncryptedTypesChanged(
421 HasModelTypes(EncryptableUserTypes()), true));
422
423 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
424 ModelTypeSet encrypted_types =
425 encryption_handler()->GetEncryptedTypesUnsafe();
426 EXPECT_TRUE(encrypted_types.Equals(ModelTypeSet(PASSWORDS)));
427
428 {
429 WriteTransaction trans(FROM_HERE, user_share());
430 encryption_handler()->UpdateEncryptedTypesFromNigori(
431 nigori,
432 trans.GetWrappedTrans());
433 }
434
435 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
436 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
437 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes()));
438
439 // Receiving the nigori node again shouldn't trigger another notification.
440 Mock::VerifyAndClearExpectations(observer());
441 {
442 WriteTransaction trans(FROM_HERE, user_share());
443 encryption_handler()->UpdateEncryptedTypesFromNigori(
444 nigori,
445 trans.GetWrappedTrans());
446 }
447 }
448
449 // Verify the encryption handler can detect an implicit encrypt everything state
450 // (from clients that failed to write the encrypt everything field).
TEST_F(SyncEncryptionHandlerImplTest,EncryptEverythingImplicit)451 TEST_F(SyncEncryptionHandlerImplTest, EncryptEverythingImplicit) {
452 sync_pb::NigoriSpecifics nigori;
453 nigori.set_encrypt_bookmarks(true); // Non-passwords = encrypt everything
454
455 EXPECT_CALL(*observer(),
456 OnEncryptedTypesChanged(
457 HasModelTypes(EncryptableUserTypes()), true));
458
459 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
460 ModelTypeSet encrypted_types =
461 encryption_handler()->GetEncryptedTypesUnsafe();
462 EXPECT_TRUE(encrypted_types.Equals(ModelTypeSet(PASSWORDS)));
463
464 {
465 WriteTransaction trans(FROM_HERE, user_share());
466 encryption_handler()->UpdateEncryptedTypesFromNigori(
467 nigori,
468 trans.GetWrappedTrans());
469 }
470
471 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
472 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
473 EXPECT_TRUE(encrypted_types.HasAll(EncryptableUserTypes()));
474
475 // Receiving a nigori node with encrypt everything explicitly set shouldn't
476 // trigger another notification.
477 Mock::VerifyAndClearExpectations(observer());
478 nigori.set_encrypt_everything(true);
479 {
480 WriteTransaction trans(FROM_HERE, user_share());
481 encryption_handler()->UpdateEncryptedTypesFromNigori(
482 nigori,
483 trans.GetWrappedTrans());
484 }
485 }
486
487 // Verify the encryption handler can deal with new versions treating new types
488 // as Sensitive, and that it does not consider this an implicit encrypt
489 // everything case.
TEST_F(SyncEncryptionHandlerImplTest,UnknownSensitiveTypes)490 TEST_F(SyncEncryptionHandlerImplTest, UnknownSensitiveTypes) {
491 sync_pb::NigoriSpecifics nigori;
492 nigori.set_encrypt_everything(false);
493 nigori.set_encrypt_bookmarks(true);
494
495 ModelTypeSet expected_encrypted_types =
496 SyncEncryptionHandler::SensitiveTypes();
497 expected_encrypted_types.Put(BOOKMARKS);
498
499 EXPECT_CALL(*observer(),
500 OnEncryptedTypesChanged(
501 HasModelTypes(expected_encrypted_types), false));
502
503 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
504 ModelTypeSet encrypted_types =
505 encryption_handler()->GetEncryptedTypesUnsafe();
506 EXPECT_TRUE(encrypted_types.Equals(ModelTypeSet(PASSWORDS)));
507
508 {
509 WriteTransaction trans(FROM_HERE, user_share());
510 encryption_handler()->UpdateEncryptedTypesFromNigori(
511 nigori,
512 trans.GetWrappedTrans());
513 }
514
515 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
516 encrypted_types = encryption_handler()->GetEncryptedTypesUnsafe();
517 EXPECT_TRUE(encrypted_types.Equals(ModelTypeSet(BOOKMARKS, PASSWORDS)));
518 }
519
520 // Receive an old nigori with old encryption keys and encrypted types. We should
521 // not revert our default key or encrypted types, and should post a task to
522 // overwrite the existing nigori with the correct data.
TEST_F(SyncEncryptionHandlerImplTest,ReceiveOldNigori)523 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldNigori) {
524 KeyParams old_key = {"localhost", "dummy", "old"};
525 KeyParams current_key = {"localhost", "dummy", "cur"};
526
527 // Data for testing encryption/decryption.
528 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
529 other_cryptographer.AddKey(old_key);
530 sync_pb::EntitySpecifics other_encrypted_specifics;
531 other_encrypted_specifics.mutable_bookmark()->set_title("title");
532 other_cryptographer.Encrypt(
533 other_encrypted_specifics,
534 other_encrypted_specifics.mutable_encrypted());
535 sync_pb::EntitySpecifics our_encrypted_specifics;
536 our_encrypted_specifics.mutable_bookmark()->set_title("title2");
537 ModelTypeSet encrypted_types = EncryptableUserTypes();
538
539 // Set up the current encryption state (containing both keys and encrypt
540 // everything).
541 sync_pb::NigoriSpecifics current_nigori_specifics;
542 GetCryptographer()->AddKey(old_key);
543 GetCryptographer()->AddKey(current_key);
544 GetCryptographer()->Encrypt(
545 our_encrypted_specifics,
546 our_encrypted_specifics.mutable_encrypted());
547 GetCryptographer()->GetKeys(
548 current_nigori_specifics.mutable_encryption_keybag());
549 current_nigori_specifics.set_encrypt_everything(true);
550
551 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
552 EXPECT_CALL(*observer(), OnEncryptedTypesChanged(
553 HasModelTypes(EncryptableUserTypes()), true));
554 {
555 // Update the encryption handler.
556 WriteTransaction trans(FROM_HERE, user_share());
557 encryption_handler()->ApplyNigoriUpdate(
558 current_nigori_specifics,
559 trans.GetWrappedTrans());
560 }
561 Mock::VerifyAndClearExpectations(observer());
562
563 // Now set up the old nigori specifics and apply it on top.
564 // Has an old set of keys, and no encrypted types.
565 sync_pb::NigoriSpecifics old_nigori;
566 other_cryptographer.GetKeys(old_nigori.mutable_encryption_keybag());
567
568 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
569 {
570 // Update the encryption handler.
571 WriteTransaction trans(FROM_HERE, user_share());
572 encryption_handler()->ApplyNigoriUpdate(
573 old_nigori,
574 trans.GetWrappedTrans());
575 }
576 EXPECT_TRUE(GetCryptographer()->is_ready());
577 EXPECT_FALSE(GetCryptographer()->has_pending_keys());
578
579 // Encryption handler should have posted a task to overwrite the old
580 // specifics.
581 PumpLoop();
582
583 {
584 // The cryptographer should be able to decrypt both sets of keys and still
585 // be encrypting with the newest, and the encrypted types should be the
586 // most recent.
587 // In addition, the nigori node should match the current encryption state.
588 ReadTransaction trans(FROM_HERE, user_share());
589 ReadNode nigori_node(&trans);
590 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
591 const sync_pb::NigoriSpecifics& nigori = nigori_node.GetNigoriSpecifics();
592 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(
593 our_encrypted_specifics.encrypted()));
594 EXPECT_TRUE(GetCryptographer()->CanDecrypt(
595 other_encrypted_specifics.encrypted()));
596 EXPECT_TRUE(GetCryptographer()->CanDecrypt(nigori.encryption_keybag()));
597 EXPECT_TRUE(nigori.encrypt_everything());
598 EXPECT_TRUE(
599 GetCryptographer()->CanDecryptUsingDefaultKey(
600 nigori.encryption_keybag()));
601 }
602 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
603 }
604
605 // Ensure setting the keystore key works, updates the bootstrap token, and
606 // triggers a non-backwards compatible migration. Then verify that the
607 // bootstrap token can be correctly parsed by the encryption handler at startup
608 // time.
TEST_F(SyncEncryptionHandlerImplTest,SetKeystoreMigratesAndUpdatesBootstrap)609 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreMigratesAndUpdatesBootstrap) {
610 // Passing no keys should do nothing.
611 EXPECT_CALL(*observer(), OnBootstrapTokenUpdated(_, _)).Times(0);
612 {
613 WriteTransaction trans(FROM_HERE, user_share());
614 EXPECT_FALSE(GetCryptographer()->is_initialized());
615 EXPECT_TRUE(encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans()));
616 EXPECT_FALSE(encryption_handler()->SetKeystoreKeys(
617 BuildEncryptionKeyProto(std::string()), trans.GetWrappedTrans()));
618 EXPECT_TRUE(encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans()));
619 }
620 Mock::VerifyAndClearExpectations(observer());
621
622 // Build a set of keystore keys.
623 const char kRawOldKeystoreKey[] = "old_keystore_key";
624 std::string old_keystore_key;
625 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
626 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
627 keys.Add()->assign(kRawOldKeystoreKey);
628 keys.Add()->assign(kRawKeystoreKey);
629
630 // Pass them to the encryption handler, triggering a migration and bootstrap
631 // token update.
632 std::string encoded_key;
633 std::string keystore_bootstrap;
634 EXPECT_CALL(*observer(), OnEncryptionComplete());
635 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_));
636 EXPECT_CALL(*observer(), OnPassphraseAccepted());
637 EXPECT_CALL(*observer(), OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
638 EXPECT_CALL(*observer(),
639 OnBootstrapTokenUpdated(_,
640 KEYSTORE_BOOTSTRAP_TOKEN)).
641 WillOnce(SaveArg<0>(&keystore_bootstrap));
642 {
643 WriteTransaction trans(FROM_HERE, user_share());
644 EXPECT_TRUE(
645 encryption_handler()->SetKeystoreKeys(
646 keys,
647 trans.GetWrappedTrans()));
648 EXPECT_FALSE(
649 encryption_handler()->NeedKeystoreKey(trans.GetWrappedTrans()));
650 EXPECT_FALSE(GetCryptographer()->is_initialized());
651 }
652 PumpLoop();
653 EXPECT_TRUE(GetCryptographer()->is_initialized());
654 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
655
656 // Ensure the bootstrap is encoded properly (a base64 encoded encrypted blob
657 // of list values containing the keystore keys).
658 std::string decoded_bootstrap;
659 ASSERT_TRUE(base::Base64Decode(keystore_bootstrap, &decoded_bootstrap));
660 std::string decrypted_bootstrap;
661 ASSERT_TRUE(
662 GetCryptographer()->encryptor()->DecryptString(decoded_bootstrap,
663 &decrypted_bootstrap));
664 JSONStringValueSerializer json(decrypted_bootstrap);
665 scoped_ptr<base::Value> deserialized_keystore_keys(
666 json.Deserialize(NULL, NULL));
667 ASSERT_TRUE(deserialized_keystore_keys.get());
668 base::ListValue* keystore_list = NULL;
669 deserialized_keystore_keys->GetAsList(&keystore_list);
670 ASSERT_TRUE(keystore_list);
671 ASSERT_EQ(2U, keystore_list->GetSize());
672 std::string test_string;
673 keystore_list->GetString(0, &test_string);
674 ASSERT_EQ(old_keystore_key, test_string);
675 keystore_list->GetString(1, &test_string);
676 ASSERT_EQ(kKeystoreKey, test_string);
677
678
679 // Now make sure a new encryption handler can correctly parse the bootstrap
680 // token.
681 SyncEncryptionHandlerImpl handler2(user_share(),
682 &encryptor_,
683 std::string(), // Cryptographer bootstrap.
684 keystore_bootstrap);
685
686 {
687 WriteTransaction trans(FROM_HERE, user_share());
688 EXPECT_FALSE(handler2.NeedKeystoreKey(trans.GetWrappedTrans()));
689 }
690 }
691
692 // Ensure GetKeystoreDecryptor only updates the keystore decryptor token if it
693 // wasn't already set properly. Otherwise, the decryptor should remain the
694 // same.
TEST_F(SyncEncryptionHandlerImplTest,GetKeystoreDecryptor)695 TEST_F(SyncEncryptionHandlerImplTest, GetKeystoreDecryptor) {
696 const char kCurKey[] = "cur";
697 sync_pb::EncryptedData encrypted;
698 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
699 KeyParams cur_key = {"localhost", "dummy", kCurKey};
700 other_cryptographer.AddKey(cur_key);
701 EXPECT_TRUE(other_cryptographer.is_ready());
702 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
703 other_cryptographer,
704 kKeystoreKey,
705 &encrypted));
706 std::string serialized = encrypted.SerializeAsString();
707 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
708 other_cryptographer,
709 kKeystoreKey,
710 &encrypted));
711 EXPECT_EQ(serialized, encrypted.SerializeAsString());
712 }
713
714 // Test that we don't attempt to migrate while an implicit passphrase is pending
715 // and that once we do decrypt pending keys we migrate the nigori. Once
716 // migrated, we should be in keystore passphrase state.
TEST_F(SyncEncryptionHandlerImplTest,MigrateOnDecryptImplicitPass)717 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptImplicitPass) {
718 const char kOtherKey[] = "other";
719 {
720 EXPECT_CALL(*observer(),
721 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
722 ReadTransaction trans(FROM_HERE, user_share());
723 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
724 kRawKeystoreKey),
725 trans.GetWrappedTrans());
726 Mock::VerifyAndClearExpectations(observer());
727 }
728 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
729
730 {
731 WriteTransaction trans(FROM_HERE, user_share());
732 WriteNode nigori_node(&trans);
733 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
734 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
735 KeyParams other_key = {"localhost", "dummy", kOtherKey};
736 other_cryptographer.AddKey(other_key);
737
738 sync_pb::NigoriSpecifics nigori;
739 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
740 nigori.set_keybag_is_frozen(false);
741 nigori.set_encrypt_everything(false);
742 EXPECT_CALL(*observer(),
743 OnCryptographerStateChanged(_)).Times(AnyNumber());
744 EXPECT_CALL(*observer(),
745 OnPassphraseRequired(_, _));
746 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
747 nigori_node.SetNigoriSpecifics(nigori);
748 }
749 // Run any tasks posted via AppplyNigoriUpdate.
750 PumpLoop();
751 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
752 Mock::VerifyAndClearExpectations(observer());
753
754 EXPECT_CALL(*observer(),
755 OnCryptographerStateChanged(_)).Times(AnyNumber());
756 EXPECT_CALL(*observer(),
757 OnPassphraseAccepted());
758 EXPECT_CALL(*observer(),
759 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
760 EXPECT_CALL(*observer(),
761 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
762 EXPECT_CALL(*observer(),
763 OnEncryptionComplete());
764 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
765 encryption_handler()->SetDecryptionPassphrase(kOtherKey);
766 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
767 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
768 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kOtherKey);
769 }
770
771 // Test that we don't attempt to migrate while a custom passphrase is pending,
772 // and that once we do decrypt pending keys we migrate the nigori. Once
773 // migrated, we should be in custom passphrase state with encrypt everything.
TEST_F(SyncEncryptionHandlerImplTest,MigrateOnDecryptCustomPass)774 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnDecryptCustomPass) {
775 const char kOtherKey[] = "other";
776 {
777 EXPECT_CALL(*observer(),
778 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
779 ReadTransaction trans(FROM_HERE, user_share());
780 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
781 kRawKeystoreKey),
782 trans.GetWrappedTrans());
783 Mock::VerifyAndClearExpectations(observer());
784 }
785 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
786
787 {
788 WriteTransaction trans(FROM_HERE, user_share());
789 WriteNode nigori_node(&trans);
790 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
791 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
792 KeyParams other_key = {"localhost", "dummy", kOtherKey};
793 other_cryptographer.AddKey(other_key);
794
795 sync_pb::NigoriSpecifics nigori;
796 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
797 nigori.set_keybag_is_frozen(true);
798 nigori.set_encrypt_everything(false);
799 EXPECT_CALL(*observer(),
800 OnCryptographerStateChanged(_)).Times(AnyNumber());
801 EXPECT_CALL(*observer(),
802 OnPassphraseRequired(_, _));
803 EXPECT_CALL(*observer(),
804 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
805 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
806 nigori_node.SetNigoriSpecifics(nigori);
807 }
808 // Run any tasks posted via AppplyNigoriUpdate.
809 PumpLoop();
810 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
811 Mock::VerifyAndClearExpectations(observer());
812
813 EXPECT_CALL(*observer(),
814 OnCryptographerStateChanged(_)).Times(AnyNumber());
815 EXPECT_CALL(*observer(),
816 OnPassphraseAccepted());
817 EXPECT_CALL(*observer(),
818 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
819 EXPECT_CALL(*observer(),
820 OnEncryptedTypesChanged(_, true));
821 EXPECT_CALL(*observer(),
822 OnEncryptionComplete()).Times(2);
823 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
824 encryption_handler()->SetDecryptionPassphrase(kOtherKey);
825 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
826 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
827 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kOtherKey);
828 }
829
830 // Test that we trigger a migration when we set the keystore key, had an
831 // implicit passphrase, and did not have encrypt everything. We should switch
832 // to KEYSTORE_PASSPHRASE.
TEST_F(SyncEncryptionHandlerImplTest,MigrateOnKeystoreKeyAvailableImplicit)833 TEST_F(SyncEncryptionHandlerImplTest, MigrateOnKeystoreKeyAvailableImplicit) {
834 const char kCurKey[] = "cur";
835 KeyParams current_key = {"localhost", "dummy", kCurKey};
836 GetCryptographer()->AddKey(current_key);
837 EXPECT_CALL(*observer(),
838 OnCryptographerStateChanged(_)).Times(AnyNumber());
839 EXPECT_CALL(*observer(),
840 OnEncryptedTypesChanged(_, false));
841 EXPECT_CALL(*observer(),
842 OnEncryptionComplete());
843 encryption_handler()->Init();
844 Mock::VerifyAndClearExpectations(observer());
845
846 {
847 ReadTransaction trans(FROM_HERE, user_share());
848 // Once we provide a keystore key, we should perform the migration.
849 EXPECT_CALL(*observer(),
850 OnCryptographerStateChanged(_)).Times(AnyNumber());
851 EXPECT_CALL(*observer(),
852 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
853 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
854 kRawKeystoreKey),
855 trans.GetWrappedTrans());
856 }
857 EXPECT_CALL(*observer(),
858 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
859 // The actual migration gets posted, so run all pending tasks.
860 PumpLoop();
861 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
862 EXPECT_EQ(KEYSTORE_PASSPHRASE,
863 encryption_handler()->GetPassphraseType());
864 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
865 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
866 }
867
868 // Test that we trigger a migration when we set the keystore key, had an
869 // implicit passphrase, and encrypt everything enabled. We should switch to
870 // FROZEN_IMPLICIT_PASSPHRASE.
TEST_F(SyncEncryptionHandlerImplTest,MigrateOnKeystoreKeyAvailableFrozenImplicit)871 TEST_F(SyncEncryptionHandlerImplTest,
872 MigrateOnKeystoreKeyAvailableFrozenImplicit) {
873 const char kCurKey[] = "cur";
874 KeyParams current_key = {"localhost", "dummy", kCurKey};
875 GetCryptographer()->AddKey(current_key);
876 EXPECT_CALL(*observer(),
877 OnCryptographerStateChanged(_)).Times(AnyNumber());
878 EXPECT_CALL(*observer(),
879 OnEncryptedTypesChanged(_, false));
880 EXPECT_CALL(*observer(),
881 OnEncryptionComplete());
882 encryption_handler()->Init();
883 Mock::VerifyAndClearExpectations(observer());
884
885 EXPECT_CALL(*observer(),
886 OnEncryptedTypesChanged(_, true));
887 EXPECT_CALL(*observer(),
888 OnEncryptionComplete());
889 encryption_handler()->EnableEncryptEverything();
890
891 {
892 ReadTransaction trans(FROM_HERE, user_share());
893 // Once we provide a keystore key, we should perform the migration.
894 EXPECT_CALL(*observer(),
895 OnCryptographerStateChanged(_)).Times(AnyNumber());
896 EXPECT_CALL(*observer(),
897 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
898 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
899 kRawKeystoreKey),
900 trans.GetWrappedTrans());
901 }
902 EXPECT_CALL(*observer(),
903 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
904 // The actual migration gets posted, so run all pending tasks.
905 PumpLoop();
906 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
907 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
908 encryption_handler()->GetPassphraseType());
909 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
910 VerifyMigratedNigori(FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
911 }
912
913 // Test that we trigger a migration when we set the keystore key, had a
914 // custom passphrase, and encrypt everything enabled. The passphrase state
915 // should remain as CUSTOM_PASSPHRASE, and encrypt everything stay the same.
TEST_F(SyncEncryptionHandlerImplTest,MigrateOnKeystoreKeyAvailableCustomWithEncryption)916 TEST_F(SyncEncryptionHandlerImplTest,
917 MigrateOnKeystoreKeyAvailableCustomWithEncryption) {
918 const char kCurKey[] = "cur";
919 EXPECT_CALL(*observer(),
920 OnCryptographerStateChanged(_)).Times(AnyNumber());
921 EXPECT_CALL(*observer(),
922 OnPassphraseRequired(_, _));
923 EXPECT_CALL(*observer(),
924 OnPassphraseAccepted());
925 EXPECT_CALL(*observer(),
926 OnEncryptedTypesChanged(_, false));
927 EXPECT_CALL(*observer(),
928 OnEncryptionComplete());
929 EXPECT_CALL(*observer(),
930 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
931 EXPECT_CALL(*observer(),
932 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
933 encryption_handler()->Init();
934 encryption_handler()->SetEncryptionPassphrase(kCurKey, true);
935 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
936 Mock::VerifyAndClearExpectations(observer());
937
938 EXPECT_CALL(*observer(),
939 OnEncryptedTypesChanged(_, true));
940 EXPECT_CALL(*observer(),
941 OnEncryptionComplete());
942 encryption_handler()->EnableEncryptEverything();
943 Mock::VerifyAndClearExpectations(observer());
944
945 {
946 ReadTransaction trans(FROM_HERE, user_share());
947 // Once we provide a keystore key, we should perform the migration.
948 EXPECT_CALL(*observer(),
949 OnCryptographerStateChanged(_)).Times(AnyNumber());
950 EXPECT_CALL(*observer(),
951 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
952 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
953 kRawKeystoreKey),
954 trans.GetWrappedTrans());
955 }
956 // The actual migration gets posted, so run all pending tasks.
957 PumpLoop();
958 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
959 EXPECT_EQ(CUSTOM_PASSPHRASE,
960 encryption_handler()->GetPassphraseType());
961 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
962 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey);
963 }
964
965 // Test that we trigger a migration when we set the keystore key, had a
966 // custom passphrase, and did not have encrypt everything. The passphrase state
967 // should remain as CUSTOM_PASSPHRASE, and encrypt everything should be enabled.
TEST_F(SyncEncryptionHandlerImplTest,MigrateOnKeystoreKeyAvailableCustomNoEncryption)968 TEST_F(SyncEncryptionHandlerImplTest,
969 MigrateOnKeystoreKeyAvailableCustomNoEncryption) {
970 const char kCurKey[] = "cur";
971 EXPECT_CALL(*observer(),
972 OnCryptographerStateChanged(_)).Times(AnyNumber());
973 EXPECT_CALL(*observer(),
974 OnPassphraseRequired(_, _));
975 EXPECT_CALL(*observer(),
976 OnPassphraseAccepted());
977 EXPECT_CALL(*observer(),
978 OnEncryptedTypesChanged(_, false));
979 EXPECT_CALL(*observer(),
980 OnEncryptionComplete());
981 EXPECT_CALL(*observer(),
982 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
983 EXPECT_CALL(*observer(),
984 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
985 encryption_handler()->Init();
986 encryption_handler()->SetEncryptionPassphrase(kCurKey, true);
987 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
988 Mock::VerifyAndClearExpectations(observer());
989
990 {
991 ReadTransaction trans(FROM_HERE, user_share());
992 // Once we provide a keystore key, we should perform the migration.
993 EXPECT_CALL(*observer(),
994 OnCryptographerStateChanged(_)).Times(AnyNumber());
995 EXPECT_CALL(*observer(),
996 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
997 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
998 kRawKeystoreKey),
999 trans.GetWrappedTrans());
1000 }
1001 EXPECT_CALL(*observer(),
1002 OnEncryptedTypesChanged(_, true));
1003 EXPECT_CALL(*observer(),
1004 OnEncryptionComplete());
1005 // The actual migration gets posted, so run all pending tasks.
1006 PumpLoop();
1007 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1008 EXPECT_EQ(CUSTOM_PASSPHRASE,
1009 encryption_handler()->GetPassphraseType());
1010 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1011 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCurKey);
1012 }
1013
1014 // Test that we can handle receiving a migrated nigori node in the
1015 // KEYSTORE_PASS state, and use the keystore decryptor token to decrypt the
1016 // keybag.
TEST_F(SyncEncryptionHandlerImplTest,ReceiveMigratedNigoriKeystorePass)1017 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriKeystorePass) {
1018 const char kCurKey[] = "cur";
1019 sync_pb::EncryptedData keystore_decryptor_token;
1020 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1021 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1022 other_cryptographer.AddKey(cur_key);
1023 EXPECT_TRUE(other_cryptographer.is_ready());
1024 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1025 other_cryptographer,
1026 kKeystoreKey,
1027 &keystore_decryptor_token));
1028 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1029 EXPECT_FALSE(GetCryptographer()->is_ready());
1030 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1031
1032 // Now build a nigori node with the generated keystore decryptor token and
1033 // initialize the encryption handler with it. The cryptographer should be
1034 // initialized properly to decrypt both kCurKey and kKeystoreKey.
1035 {
1036 WriteTransaction trans(FROM_HERE, user_share());
1037 WriteNode nigori_node(&trans);
1038 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1039 sync_pb::NigoriSpecifics nigori;
1040 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1041 keystore_decryptor_token);
1042 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1043 nigori.set_keybag_is_frozen(true);
1044 nigori.set_keystore_migration_time(1);
1045 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1046
1047 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1048 EXPECT_CALL(*observer(),
1049 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1050 EXPECT_CALL(*observer(),
1051 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1052 EXPECT_CALL(*observer(),
1053 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1054 EXPECT_CALL(*observer(),
1055 OnCryptographerStateChanged(_)).Times(AnyNumber());
1056 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1057 kRawKeystoreKey),
1058 trans.GetWrappedTrans());
1059 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1060 nigori_node.SetNigoriSpecifics(nigori);
1061 }
1062 // Run any tasks posted via AppplyNigoriUpdate.
1063 PumpLoop();
1064 Mock::VerifyAndClearExpectations(observer());
1065
1066 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1067 EXPECT_TRUE(GetCryptographer()->is_ready());
1068 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1069 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1070 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey);
1071
1072 // Check that the cryptographer still encrypts with the current key.
1073 sync_pb::EncryptedData current_encrypted;
1074 other_cryptographer.EncryptString("string", ¤t_encrypted);
1075 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1076
1077 // Check that the cryptographer can decrypt keystore key based encryption.
1078 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1079 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1080 keystore_cryptographer.AddKey(keystore_key);
1081 sync_pb::EncryptedData keystore_encrypted;
1082 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1083 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1084 }
1085
1086 // Test that we handle receiving migrated nigori's with
1087 // FROZEN_IMPLICIT_PASSPHRASE state. We should be in a pending key state until
1088 // we supply the pending frozen implicit passphrase key.
TEST_F(SyncEncryptionHandlerImplTest,ReceiveMigratedNigoriFrozenImplicitPass)1089 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriFrozenImplicitPass) {
1090 const char kCurKey[] = "cur";
1091 sync_pb::EncryptedData encrypted;
1092 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1093 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1094 other_cryptographer.AddKey(cur_key);
1095 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1096
1097 {
1098 EXPECT_CALL(*observer(),
1099 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1100 ReadTransaction trans(FROM_HERE, user_share());
1101 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1102 kRawKeystoreKey),
1103 trans.GetWrappedTrans());
1104 }
1105 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1106
1107 {
1108 EXPECT_CALL(*observer(),
1109 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
1110 EXPECT_CALL(*observer(),
1111 OnPassphraseRequired(_, _));
1112 EXPECT_CALL(*observer(),
1113 OnCryptographerStateChanged(_)).Times(AnyNumber());
1114 EXPECT_CALL(*observer(),
1115 OnEncryptedTypesChanged(_, true));
1116 WriteTransaction trans(FROM_HERE, user_share());
1117 WriteNode nigori_node(&trans);
1118 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1119 sync_pb::NigoriSpecifics nigori;
1120 nigori.set_keybag_is_frozen(true);
1121 nigori.set_passphrase_type(
1122 sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE);
1123 nigori.set_keystore_migration_time(1);
1124 nigori.set_encrypt_everything(true);
1125 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1126 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1127 nigori_node.SetNigoriSpecifics(nigori);
1128 }
1129 // Run any tasks posted via AppplyNigoriUpdate.
1130 PumpLoop();
1131 Mock::VerifyAndClearExpectations(observer());
1132
1133 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1134 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
1135 encryption_handler()->GetPassphraseType());
1136 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1137 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1138
1139 EXPECT_CALL(*observer(),
1140 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1141 EXPECT_CALL(*observer(),
1142 OnCryptographerStateChanged(_)).Times(AnyNumber());
1143 EXPECT_CALL(*observer(),
1144 OnEncryptionComplete());
1145 EXPECT_CALL(*observer(),
1146 OnPassphraseAccepted());
1147 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1148 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1149 EXPECT_TRUE(GetCryptographer()->is_ready());
1150 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
1151
1152 // Check that the cryptographer still encrypts with the current key.
1153 sync_pb::EncryptedData current_encrypted;
1154 other_cryptographer.EncryptString("string", ¤t_encrypted);
1155 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1156
1157 // Check that the cryptographer can decrypt keystore key based encryption.
1158 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1159 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1160 keystore_cryptographer.AddKey(keystore_key);
1161 sync_pb::EncryptedData keystore_encrypted;
1162 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1163 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1164 }
1165
1166 // Test that we handle receiving migrated nigori's with
1167 // CUSTOM_PASSPHRASE state. We should be in a pending key state until we
1168 // provide the custom passphrase key.
TEST_F(SyncEncryptionHandlerImplTest,ReceiveMigratedNigoriCustomPass)1169 TEST_F(SyncEncryptionHandlerImplTest, ReceiveMigratedNigoriCustomPass) {
1170 const char kCurKey[] = "cur";
1171 sync_pb::EncryptedData encrypted;
1172 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1173 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1174 other_cryptographer.AddKey(cur_key);
1175 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1176
1177 {
1178 EXPECT_CALL(*observer(),
1179 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1180 ReadTransaction trans(FROM_HERE, user_share());
1181 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1182 kRawKeystoreKey),
1183 trans.GetWrappedTrans());
1184 }
1185 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1186
1187 {
1188 EXPECT_CALL(*observer(),
1189 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1190 EXPECT_CALL(*observer(),
1191 OnPassphraseRequired(_, _));
1192 EXPECT_CALL(*observer(),
1193 OnCryptographerStateChanged(_)).Times(AnyNumber());
1194 EXPECT_CALL(*observer(),
1195 OnEncryptedTypesChanged(_, true));
1196 WriteTransaction trans(FROM_HERE, user_share());
1197 WriteNode nigori_node(&trans);
1198 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1199 sync_pb::NigoriSpecifics nigori;
1200 nigori.set_keybag_is_frozen(true);
1201 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1202 nigori.set_keystore_migration_time(1);
1203 nigori.set_encrypt_everything(true);
1204 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1205 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1206 nigori_node.SetNigoriSpecifics(nigori);
1207 }
1208 // Run any tasks posted via AppplyNigoriUpdate.
1209 PumpLoop();
1210 Mock::VerifyAndClearExpectations(observer());
1211
1212 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1213 EXPECT_EQ(CUSTOM_PASSPHRASE, encryption_handler()->GetPassphraseType());
1214 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1215 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1216
1217 EXPECT_CALL(*observer(),
1218 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1219 EXPECT_CALL(*observer(),
1220 OnCryptographerStateChanged(_)).Times(AnyNumber());
1221 EXPECT_CALL(*observer(),
1222 OnEncryptionComplete());
1223 EXPECT_CALL(*observer(),
1224 OnPassphraseAccepted());
1225 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1226 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1227 EXPECT_TRUE(GetCryptographer()->is_ready());
1228 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1229
1230 // Check that the cryptographer still encrypts with the current key.
1231 sync_pb::EncryptedData current_encrypted;
1232 other_cryptographer.EncryptString("string", ¤t_encrypted);
1233 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1234
1235 // Check that the cryptographer can decrypt keystore key based encryption.
1236 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1237 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1238 keystore_cryptographer.AddKey(keystore_key);
1239 sync_pb::EncryptedData keystore_encrypted;
1240 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1241 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1242 }
1243
1244 // Test that if we have a migrated nigori with a custom passphrase, then receive
1245 // and old implicit passphrase nigori, we properly overwrite it with the current
1246 // state.
TEST_F(SyncEncryptionHandlerImplTest,ReceiveUnmigratedNigoriAfterMigration)1247 TEST_F(SyncEncryptionHandlerImplTest, ReceiveUnmigratedNigoriAfterMigration) {
1248 const char kOldKey[] = "old";
1249 const char kCurKey[] = "cur";
1250 sync_pb::EncryptedData encrypted;
1251 KeyParams old_key = {"localhost", "dummy", kOldKey};
1252 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1253 GetCryptographer()->AddKey(old_key);
1254 GetCryptographer()->AddKey(cur_key);
1255
1256 // Build a migrated nigori with full encryption.
1257 {
1258 WriteTransaction trans(FROM_HERE, user_share());
1259 WriteNode nigori_node(&trans);
1260 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1261 sync_pb::NigoriSpecifics nigori;
1262 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag());
1263 nigori.set_keybag_is_frozen(true);
1264 nigori.set_keystore_migration_time(1);
1265 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1266 nigori.set_encrypt_everything(true);
1267 nigori_node.SetNigoriSpecifics(nigori);
1268 }
1269
1270 EXPECT_CALL(*observer(),
1271 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1272 EXPECT_CALL(*observer(),
1273 OnCryptographerStateChanged(_)).Times(AnyNumber());
1274 EXPECT_CALL(*observer(),
1275 OnEncryptedTypesChanged(_, true)).Times(2);
1276 EXPECT_CALL(*observer(),
1277 OnEncryptionComplete());
1278 encryption_handler()->Init();
1279 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1280 EXPECT_TRUE(GetCryptographer()->is_ready());
1281 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1282 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1283 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1284
1285 {
1286 EXPECT_CALL(*observer(),
1287 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1288 ReadTransaction trans(FROM_HERE, user_share());
1289 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1290 kRawKeystoreKey),
1291 trans.GetWrappedTrans());
1292 }
1293 Mock::VerifyAndClearExpectations(observer());
1294
1295 // Now build an old unmigrated nigori node with old encrypted types. We should
1296 // properly overwrite it with the migrated + encrypt everything state.
1297 EXPECT_CALL(*observer(),
1298 OnCryptographerStateChanged(_)).Times(AnyNumber());
1299 EXPECT_CALL(*observer(), OnEncryptionComplete());
1300 {
1301 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1302 other_cryptographer.AddKey(old_key);
1303 WriteTransaction trans(FROM_HERE, user_share());
1304 WriteNode nigori_node(&trans);
1305 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1306 sync_pb::NigoriSpecifics nigori;
1307 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1308 nigori.set_keybag_is_frozen(false);
1309 nigori.set_encrypt_everything(false);
1310 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1311 nigori_node.SetNigoriSpecifics(nigori);
1312 }
1313 PumpLoop();
1314
1315 // Verify we're still migrated and have proper encryption state.
1316 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1317 EXPECT_TRUE(GetCryptographer()->is_ready());
1318 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1319 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1320 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1321 }
1322
1323 // Test that if we have a migrated nigori with a custom passphrase, then receive
1324 // a migrated nigori with a keystore passphrase, we properly overwrite it with
1325 // the current state.
TEST_F(SyncEncryptionHandlerImplTest,ReceiveOldMigratedNigori)1326 TEST_F(SyncEncryptionHandlerImplTest, ReceiveOldMigratedNigori) {
1327 const char kOldKey[] = "old";
1328 const char kCurKey[] = "cur";
1329 sync_pb::EncryptedData encrypted;
1330 KeyParams old_key = {"localhost", "dummy", kOldKey};
1331 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1332 GetCryptographer()->AddKey(old_key);
1333 GetCryptographer()->AddKey(cur_key);
1334
1335 // Build a migrated nigori with full encryption.
1336 {
1337 WriteTransaction trans(FROM_HERE, user_share());
1338 WriteNode nigori_node(&trans);
1339 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1340 sync_pb::NigoriSpecifics nigori;
1341 GetCryptographer()->GetKeys(nigori.mutable_encryption_keybag());
1342 nigori.set_keybag_is_frozen(true);
1343 nigori.set_keystore_migration_time(1);
1344 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE);
1345 nigori.set_encrypt_everything(true);
1346 nigori_node.SetNigoriSpecifics(nigori);
1347 }
1348
1349 EXPECT_CALL(*observer(),
1350 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1351 EXPECT_CALL(*observer(),
1352 OnCryptographerStateChanged(_)).Times(AnyNumber());
1353 EXPECT_CALL(*observer(),
1354 OnEncryptedTypesChanged(_, true)).Times(2);
1355 EXPECT_CALL(*observer(),
1356 OnEncryptionComplete());
1357 encryption_handler()->Init();
1358 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1359 EXPECT_TRUE(GetCryptographer()->is_ready());
1360 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1361 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1362 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1363
1364 {
1365 EXPECT_CALL(*observer(),
1366 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1367 ReadTransaction trans(FROM_HERE, user_share());
1368 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1369 kRawKeystoreKey),
1370 trans.GetWrappedTrans());
1371 }
1372 Mock::VerifyAndClearExpectations(observer());
1373
1374 // Now build an old keystore nigori node with old encrypted types. We should
1375 // properly overwrite it with the migrated + encrypt everything state.
1376 EXPECT_CALL(*observer(),
1377 OnCryptographerStateChanged(_)).Times(AnyNumber());
1378 EXPECT_CALL(*observer(), OnEncryptionComplete());
1379 {
1380 WriteTransaction trans(FROM_HERE, user_share());
1381 WriteNode nigori_node(&trans);
1382 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1383 sync_pb::NigoriSpecifics nigori;
1384 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1385 other_cryptographer.AddKey(old_key);
1386 encryption_handler()->GetKeystoreDecryptor(
1387 other_cryptographer,
1388 kKeystoreKey,
1389 nigori.mutable_keystore_decryptor_token());
1390 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1391 nigori.set_keybag_is_frozen(true);
1392 nigori.set_encrypt_everything(false);
1393 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1394 nigori.set_keystore_migration_time(1);
1395 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1396 nigori_node.SetNigoriSpecifics(nigori);
1397 }
1398 PumpLoop();
1399
1400 // Verify we're still migrated and have proper encryption state.
1401 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1402 EXPECT_TRUE(GetCryptographer()->is_ready());
1403 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1404 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1405 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCurKey);
1406 }
1407
1408 // Test that if we receive the keystore key after receiving a migrated nigori
1409 // node, we properly use the keystore decryptor token to decrypt the keybag.
TEST_F(SyncEncryptionHandlerImplTest,SetKeystoreAfterReceivingMigratedNigori)1410 TEST_F(SyncEncryptionHandlerImplTest, SetKeystoreAfterReceivingMigratedNigori) {
1411 const char kCurKey[] = "cur";
1412 sync_pb::EncryptedData keystore_decryptor_token;
1413 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1414 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1415 other_cryptographer.AddKey(cur_key);
1416 EXPECT_TRUE(other_cryptographer.is_ready());
1417 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1418 other_cryptographer,
1419 kKeystoreKey,
1420 &keystore_decryptor_token));
1421 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
1422 EXPECT_FALSE(GetCryptographer()->is_ready());
1423 EXPECT_NE(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1424
1425 // Now build a nigori node with the generated keystore decryptor token and
1426 // initialize the encryption handler with it. The cryptographer should be
1427 // initialized properly to decrypt both kCurKey and kKeystoreKey.
1428 {
1429 WriteTransaction trans(FROM_HERE, user_share());
1430 WriteNode nigori_node(&trans);
1431 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1432 sync_pb::NigoriSpecifics nigori;
1433 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1434 keystore_decryptor_token);
1435 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1436 nigori.set_keybag_is_frozen(true);
1437 nigori.set_keystore_migration_time(1);
1438 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1439
1440 EXPECT_CALL(*observer(),
1441 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1442 EXPECT_CALL(*observer(),
1443 OnCryptographerStateChanged(_)).Times(AnyNumber());
1444 EXPECT_CALL(*observer(),
1445 OnPassphraseRequired(_, _));
1446 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1447 nigori_node.SetNigoriSpecifics(nigori);
1448 }
1449 // Run any tasks posted via AppplyNigoriUpdate.
1450 PumpLoop();
1451 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1452 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1453 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1454 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1455 Mock::VerifyAndClearExpectations(observer());
1456
1457 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1458 EXPECT_CALL(*observer(),
1459 OnCryptographerStateChanged(_)).Times(AnyNumber());
1460 EXPECT_CALL(*observer(),
1461 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1462 {
1463 EXPECT_CALL(*observer(),
1464 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1465 ReadTransaction trans(FROM_HERE, user_share());
1466 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1467 kRawKeystoreKey),
1468 trans.GetWrappedTrans());
1469 }
1470 PumpLoop();
1471 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1472 EXPECT_TRUE(GetCryptographer()->is_ready());
1473 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1474 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1475 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kCurKey);
1476
1477 // Check that the cryptographer still encrypts with the current key.
1478 sync_pb::EncryptedData current_encrypted;
1479 other_cryptographer.EncryptString("string", ¤t_encrypted);
1480 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1481
1482 // Check that the cryptographer can decrypt keystore key based encryption.
1483 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1484 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1485 keystore_cryptographer.AddKey(keystore_key);
1486 sync_pb::EncryptedData keystore_encrypted;
1487 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1488 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1489 }
1490
1491 // Test that after receiving a migrated nigori and decrypting it using the
1492 // keystore key, we can then switch to a custom passphrase. The nigori should
1493 // remain migrated and encrypt everything should be enabled.
TEST_F(SyncEncryptionHandlerImplTest,SetCustomPassAfterMigration)1494 TEST_F(SyncEncryptionHandlerImplTest, SetCustomPassAfterMigration) {
1495 const char kOldKey[] = "old";
1496 sync_pb::EncryptedData keystore_decryptor_token;
1497 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1498 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1499 other_cryptographer.AddKey(cur_key);
1500 EXPECT_TRUE(other_cryptographer.is_ready());
1501 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1502 other_cryptographer,
1503 kKeystoreKey,
1504 &keystore_decryptor_token));
1505
1506 // Build a nigori node with the generated keystore decryptor token and
1507 // initialize the encryption handler with it. The cryptographer should be
1508 // initialized properly to decrypt both kOldKey and kKeystoreKey.
1509 {
1510 WriteTransaction trans(FROM_HERE, user_share());
1511 WriteNode nigori_node(&trans);
1512 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1513 sync_pb::NigoriSpecifics nigori;
1514 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1515 keystore_decryptor_token);
1516 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1517 nigori.set_keybag_is_frozen(true);
1518 nigori.set_keystore_migration_time(1);
1519 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1520 nigori_node.SetNigoriSpecifics(nigori);
1521 EXPECT_CALL(*observer(),
1522 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1523 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1524 kRawKeystoreKey),
1525 trans.GetWrappedTrans());
1526 }
1527
1528 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1529 EXPECT_CALL(*observer(),
1530 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1531 EXPECT_CALL(*observer(),
1532 OnCryptographerStateChanged(_)).Times(AnyNumber());
1533 EXPECT_CALL(*observer(),
1534 OnEncryptedTypesChanged(_, false));
1535 EXPECT_CALL(*observer(),
1536 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1537 EXPECT_CALL(*observer(),
1538 OnEncryptionComplete());
1539 encryption_handler()->Init();
1540 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1541 EXPECT_TRUE(GetCryptographer()->is_ready());
1542 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1543 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1544 Mock::VerifyAndClearExpectations(observer());
1545
1546 const char kNewKey[] = "new_key";
1547 EXPECT_CALL(*observer(),
1548 OnCryptographerStateChanged(_)).Times(AnyNumber());
1549 EXPECT_CALL(*observer(),
1550 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1551 EXPECT_CALL(*observer(),
1552 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1553 EXPECT_CALL(*observer(),
1554 OnPassphraseAccepted());
1555 EXPECT_CALL(*observer(),
1556 OnEncryptedTypesChanged(_, true));
1557 EXPECT_CALL(*observer(),
1558 OnEncryptionComplete()).Times(2);
1559 encryption_handler()->SetEncryptionPassphrase(kNewKey, true);
1560 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1561 EXPECT_TRUE(GetCryptographer()->is_ready());
1562 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1563 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1564 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
1565 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kNewKey);
1566
1567 // Check that the cryptographer can decrypt the old key.
1568 sync_pb::EncryptedData old_encrypted;
1569 other_cryptographer.EncryptString("string", &old_encrypted);
1570 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted));
1571
1572 // Check that the cryptographer can decrypt keystore key based encryption.
1573 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1574 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1575 keystore_cryptographer.AddKey(keystore_key);
1576 sync_pb::EncryptedData keystore_encrypted;
1577 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1578 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1579
1580 // Check the the cryptographer is encrypting with the new key.
1581 KeyParams new_key = {"localhost", "dummy", kNewKey};
1582 Cryptographer new_cryptographer(GetCryptographer()->encryptor());
1583 new_cryptographer.AddKey(new_key);
1584 sync_pb::EncryptedData new_encrypted;
1585 new_cryptographer.EncryptString("string", &new_encrypted);
1586 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted));
1587 }
1588
1589 // Test that if a client without a keystore key (e.g. one without keystore
1590 // encryption enabled) receives a migrated nigori and then attempts to set a
1591 // custom passphrase, it also enables encrypt everything. The nigori node
1592 // should remain migrated.
TEST_F(SyncEncryptionHandlerImplTest,SetCustomPassAfterMigrationNoKeystoreKey)1593 TEST_F(SyncEncryptionHandlerImplTest,
1594 SetCustomPassAfterMigrationNoKeystoreKey) {
1595 const char kOldKey[] = "old";
1596 sync_pb::EncryptedData keystore_decryptor_token;
1597 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1598 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1599 other_cryptographer.AddKey(cur_key);
1600 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1601 other_cryptographer.AddNonDefaultKey(keystore_key);
1602 EXPECT_TRUE(other_cryptographer.is_ready());
1603 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1604 other_cryptographer,
1605 kKeystoreKey,
1606 &keystore_decryptor_token));
1607
1608 // Build a nigori node with the generated keystore decryptor token and
1609 // initialize the encryption handler with it. The cryptographer will have
1610 // pending keys until we provide the decryption passphrase.
1611 {
1612 WriteTransaction trans(FROM_HERE, user_share());
1613 WriteNode nigori_node(&trans);
1614 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1615 sync_pb::NigoriSpecifics nigori;
1616 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1617 keystore_decryptor_token);
1618 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1619 nigori.set_keybag_is_frozen(true);
1620 nigori.set_keystore_migration_time(1);
1621 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1622 nigori_node.SetNigoriSpecifics(nigori);
1623 }
1624
1625 EXPECT_CALL(*observer(),
1626 OnPassphraseRequired(_, _));
1627 EXPECT_CALL(*observer(),
1628 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1629 EXPECT_CALL(*observer(),
1630 OnCryptographerStateChanged(_)).Times(AnyNumber());
1631 EXPECT_CALL(*observer(),
1632 OnEncryptedTypesChanged(_, false));
1633 encryption_handler()->Init();
1634 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1635 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1636 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1637 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1638 Mock::VerifyAndClearExpectations(observer());
1639
1640 EXPECT_CALL(*observer(),
1641 OnPassphraseAccepted());
1642 EXPECT_CALL(*observer(),
1643 OnCryptographerStateChanged(_)).Times(AnyNumber());
1644 EXPECT_CALL(*observer(),
1645 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1646 EXPECT_CALL(*observer(),
1647 OnEncryptionComplete());
1648 encryption_handler()->SetDecryptionPassphrase(kOldKey);
1649 EXPECT_TRUE(GetCryptographer()->is_ready());
1650 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1651 Mock::VerifyAndClearExpectations(observer());
1652
1653 const char kNewKey[] = "new_key";
1654 EXPECT_CALL(*observer(),
1655 OnCryptographerStateChanged(_)).Times(AnyNumber());
1656 EXPECT_CALL(*observer(),
1657 OnPassphraseTypeChanged(CUSTOM_PASSPHRASE, _));
1658 EXPECT_CALL(*observer(),
1659 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1660 EXPECT_CALL(*observer(),
1661 OnPassphraseAccepted());
1662 EXPECT_CALL(*observer(),
1663 OnEncryptedTypesChanged(_, true));
1664 EXPECT_CALL(*observer(),
1665 OnEncryptionComplete()).Times(2);
1666 encryption_handler()->SetEncryptionPassphrase(kNewKey, true);
1667 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1668 EXPECT_TRUE(GetCryptographer()->is_ready());
1669 EXPECT_EQ(encryption_handler()->GetPassphraseType(), CUSTOM_PASSPHRASE);
1670 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1671 EXPECT_FALSE(encryption_handler()->custom_passphrase_time().is_null());
1672 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kNewKey);
1673
1674 // Check that the cryptographer can decrypt the old key.
1675 sync_pb::EncryptedData old_encrypted;
1676 other_cryptographer.EncryptString("string", &old_encrypted);
1677 EXPECT_TRUE(GetCryptographer()->CanDecrypt(old_encrypted));
1678
1679 // Check that the cryptographer can still decrypt keystore key based
1680 // encryption (should have been extracted from the encryption keybag).
1681 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1682 keystore_cryptographer.AddKey(keystore_key);
1683 sync_pb::EncryptedData keystore_encrypted;
1684 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1685 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1686
1687 // Check the the cryptographer is encrypting with the new key.
1688 KeyParams new_key = {"localhost", "dummy", kNewKey};
1689 Cryptographer new_cryptographer(GetCryptographer()->encryptor());
1690 new_cryptographer.AddKey(new_key);
1691 sync_pb::EncryptedData new_encrypted;
1692 new_cryptographer.EncryptString("string", &new_encrypted);
1693 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted));
1694 }
1695
1696 // Test that if a client without a keystore key (e.g. one without keystore
1697 // encryption enabled) receives a migrated nigori and then attempts to set a
1698 // new implicit passphrase, we do not modify the nigori node (the implicit
1699 // passphrase is dropped).
TEST_F(SyncEncryptionHandlerImplTest,SetImplicitPassAfterMigrationNoKeystoreKey)1700 TEST_F(SyncEncryptionHandlerImplTest,
1701 SetImplicitPassAfterMigrationNoKeystoreKey) {
1702 const char kOldKey[] = "old";
1703 sync_pb::EncryptedData keystore_decryptor_token;
1704 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1705 KeyParams cur_key = {"localhost", "dummy", kOldKey};
1706 other_cryptographer.AddKey(cur_key);
1707 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1708 other_cryptographer.AddNonDefaultKey(keystore_key);
1709 EXPECT_TRUE(other_cryptographer.is_ready());
1710 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1711 other_cryptographer,
1712 kKeystoreKey,
1713 &keystore_decryptor_token));
1714
1715 // Build a nigori node with the generated keystore decryptor token and
1716 // initialize the encryption handler with it. The cryptographer will have
1717 // pending keys until we provide the decryption passphrase.
1718 {
1719 WriteTransaction trans(FROM_HERE, user_share());
1720 WriteNode nigori_node(&trans);
1721 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1722 sync_pb::NigoriSpecifics nigori;
1723 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1724 keystore_decryptor_token);
1725 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1726 nigori.set_keybag_is_frozen(true);
1727 nigori.set_keystore_migration_time(1);
1728 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1729 nigori_node.SetNigoriSpecifics(nigori);
1730 }
1731
1732 EXPECT_CALL(*observer(),
1733 OnPassphraseRequired(_, _));
1734 EXPECT_CALL(*observer(),
1735 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1736 EXPECT_CALL(*observer(),
1737 OnCryptographerStateChanged(_)).Times(AnyNumber());
1738 EXPECT_CALL(*observer(),
1739 OnEncryptedTypesChanged(_, false));
1740 encryption_handler()->Init();
1741 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1742 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1743 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1744 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1745 Mock::VerifyAndClearExpectations(observer());
1746
1747 EXPECT_CALL(*observer(),
1748 OnPassphraseAccepted());
1749 EXPECT_CALL(*observer(),
1750 OnCryptographerStateChanged(_)).Times(AnyNumber());
1751 EXPECT_CALL(*observer(),
1752 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1753 EXPECT_CALL(*observer(),
1754 OnEncryptionComplete());
1755 encryption_handler()->SetDecryptionPassphrase(kOldKey);
1756 EXPECT_TRUE(GetCryptographer()->is_ready());
1757 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1758 Mock::VerifyAndClearExpectations(observer());
1759
1760 // Should get dropped on the floor silently.
1761 const char kNewKey[] = "new_key";
1762 encryption_handler()->SetEncryptionPassphrase(kNewKey, false);
1763 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1764 EXPECT_TRUE(GetCryptographer()->is_ready());
1765 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1766 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1767 VerifyMigratedNigoriWithTimestamp(1, KEYSTORE_PASSPHRASE, kOldKey);
1768
1769 // Check that the cryptographer can decrypt the old key.
1770 sync_pb::EncryptedData old_encrypted;
1771 other_cryptographer.EncryptString("string", &old_encrypted);
1772 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(old_encrypted));
1773
1774 // Check that the cryptographer can still decrypt keystore key based
1775 // encryption (due to extracting the keystore key from the encryption keybag).
1776 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1777 keystore_cryptographer.AddKey(keystore_key);
1778 sync_pb::EncryptedData keystore_encrypted;
1779 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1780 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1781
1782 // Check the the cryptographer does not have the new key.
1783 KeyParams new_key = {"localhost", "dummy", kNewKey};
1784 Cryptographer new_cryptographer(GetCryptographer()->encryptor());
1785 new_cryptographer.AddKey(new_key);
1786 sync_pb::EncryptedData new_encrypted;
1787 new_cryptographer.EncryptString("string", &new_encrypted);
1788 EXPECT_FALSE(GetCryptographer()->CanDecryptUsingDefaultKey(new_encrypted));
1789 }
1790
1791 // Test that if a client without a keystore key (e.g. one without keystore
1792 // encryption enabled) receives a migrated nigori in keystore passphrase state
1793 // and then attempts to enable encrypt everything, we switch to a custom
1794 // passphrase. The nigori should remain migrated.
TEST_F(SyncEncryptionHandlerImplTest,MigrateOnEncryptEverythingKeystorePassphrase)1795 TEST_F(SyncEncryptionHandlerImplTest,
1796 MigrateOnEncryptEverythingKeystorePassphrase) {
1797 const char kCurKey[] = "cur";
1798 sync_pb::EncryptedData keystore_decryptor_token;
1799 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1800 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1801 other_cryptographer.AddKey(cur_key);
1802 KeyParams keystore_key = {"localhost", "dummy", kKeystoreKey};
1803 other_cryptographer.AddNonDefaultKey(keystore_key);
1804 EXPECT_TRUE(other_cryptographer.is_ready());
1805 EXPECT_TRUE(encryption_handler()->GetKeystoreDecryptor(
1806 other_cryptographer,
1807 kKeystoreKey,
1808 &keystore_decryptor_token));
1809
1810 // Build a nigori node with the generated keystore decryptor token and
1811 // initialize the encryption handler with it. The cryptographer will have
1812 // pending keys until we provide the decryption passphrase.
1813 {
1814 WriteTransaction trans(FROM_HERE, user_share());
1815 WriteNode nigori_node(&trans);
1816 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1817 sync_pb::NigoriSpecifics nigori;
1818 nigori.mutable_keystore_decryptor_token()->CopyFrom(
1819 keystore_decryptor_token);
1820 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1821 nigori.set_keybag_is_frozen(true);
1822 nigori.set_keystore_migration_time(1);
1823 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1824 nigori_node.SetNigoriSpecifics(nigori);
1825 }
1826 EXPECT_CALL(*observer(),
1827 OnPassphraseRequired(_, _));
1828 EXPECT_CALL(*observer(),
1829 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1830 EXPECT_CALL(*observer(),
1831 OnCryptographerStateChanged(_)).Times(AnyNumber());
1832 EXPECT_CALL(*observer(),
1833 OnEncryptedTypesChanged(_, false));
1834 encryption_handler()->Init();
1835 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1836 EXPECT_TRUE(GetCryptographer()->has_pending_keys());
1837 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1838 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1839 Mock::VerifyAndClearExpectations(observer());
1840
1841 EXPECT_CALL(*observer(),
1842 OnPassphraseAccepted());
1843 EXPECT_CALL(*observer(),
1844 OnCryptographerStateChanged(_)).Times(AnyNumber());
1845 EXPECT_CALL(*observer(),
1846 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
1847 EXPECT_CALL(*observer(),
1848 OnEncryptionComplete());
1849 encryption_handler()->SetDecryptionPassphrase(kCurKey);
1850 Mock::VerifyAndClearExpectations(observer());
1851
1852 EXPECT_CALL(*observer(),
1853 OnPassphraseTypeChanged(FROZEN_IMPLICIT_PASSPHRASE, _));
1854 EXPECT_CALL(*observer(),
1855 OnEncryptionComplete());
1856 EXPECT_CALL(*observer(),
1857 OnEncryptedTypesChanged(_, true));
1858 EXPECT_CALL(*observer(),
1859 OnCryptographerStateChanged(_)).Times(AnyNumber());
1860 encryption_handler()->EnableEncryptEverything();
1861 Mock::VerifyAndClearExpectations(observer());
1862
1863 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1864 EXPECT_TRUE(GetCryptographer()->is_ready());
1865 EXPECT_EQ(FROZEN_IMPLICIT_PASSPHRASE,
1866 encryption_handler()->GetPassphraseType());
1867 EXPECT_TRUE(encryption_handler()->EncryptEverythingEnabled());
1868 VerifyMigratedNigoriWithTimestamp(1, FROZEN_IMPLICIT_PASSPHRASE, kCurKey);
1869
1870 // Check that the cryptographer is encrypting using the frozen current key.
1871 sync_pb::EncryptedData current_encrypted;
1872 other_cryptographer.EncryptString("string", ¤t_encrypted);
1873 EXPECT_TRUE(GetCryptographer()->CanDecryptUsingDefaultKey(current_encrypted));
1874
1875 // Check that the cryptographer can still decrypt keystore key based
1876 // encryption (due to extracting the keystore key from the encryption keybag).
1877 Cryptographer keystore_cryptographer(GetCryptographer()->encryptor());
1878 keystore_cryptographer.AddKey(keystore_key);
1879 sync_pb::EncryptedData keystore_encrypted;
1880 keystore_cryptographer.EncryptString("string", &keystore_encrypted);
1881 EXPECT_TRUE(GetCryptographer()->CanDecrypt(keystore_encrypted));
1882 }
1883
1884 // If we receive a nigori migrated and with a KEYSTORE_PASSPHRASE type, but
1885 // using an old default key (i.e. old GAIA password), we should overwrite the
1886 // nigori, updating the keybag and keystore decryptor.
TEST_F(SyncEncryptionHandlerImplTest,ReceiveMigratedNigoriWithOldPassphrase)1887 TEST_F(SyncEncryptionHandlerImplTest,
1888 ReceiveMigratedNigoriWithOldPassphrase) {
1889 const char kOldKey[] = "old";
1890 const char kCurKey[] = "cur";
1891 sync_pb::EncryptedData encrypted;
1892 KeyParams old_key = {"localhost", "dummy", kOldKey};
1893 KeyParams cur_key = {"localhost", "dummy", kCurKey};
1894 GetCryptographer()->AddKey(old_key);
1895 GetCryptographer()->AddKey(cur_key);
1896
1897 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1898 other_cryptographer.AddKey(old_key);
1899 EXPECT_TRUE(other_cryptographer.is_ready());
1900
1901 EXPECT_CALL(*observer(),
1902 OnCryptographerStateChanged(_)).Times(AnyNumber());
1903 EXPECT_CALL(*observer(),
1904 OnEncryptedTypesChanged(_, false));
1905 EXPECT_CALL(*observer(),
1906 OnEncryptionComplete());
1907 encryption_handler()->Init();
1908 EXPECT_TRUE(GetCryptographer()->is_ready());
1909 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1910
1911 {
1912 EXPECT_CALL(*observer(),
1913 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1914 ReadTransaction trans(FROM_HERE, user_share());
1915 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1916 kRawKeystoreKey),
1917 trans.GetWrappedTrans());
1918 }
1919 EXPECT_CALL(*observer(),
1920 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
1921 PumpLoop();
1922 Mock::VerifyAndClearExpectations(observer());
1923 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1924 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1925 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
1926
1927 // Now build an old keystore passphrase nigori node.
1928 EXPECT_CALL(*observer(),
1929 OnCryptographerStateChanged(_)).Times(AnyNumber());
1930 EXPECT_CALL(*observer(), OnEncryptionComplete());
1931 {
1932 WriteTransaction trans(FROM_HERE, user_share());
1933 WriteNode nigori_node(&trans);
1934 ASSERT_EQ(nigori_node.InitTypeRoot(NIGORI), BaseNode::INIT_OK);
1935 sync_pb::NigoriSpecifics nigori;
1936 Cryptographer other_cryptographer(GetCryptographer()->encryptor());
1937 other_cryptographer.AddKey(old_key);
1938 encryption_handler()->GetKeystoreDecryptor(
1939 other_cryptographer,
1940 kKeystoreKey,
1941 nigori.mutable_keystore_decryptor_token());
1942 other_cryptographer.GetKeys(nigori.mutable_encryption_keybag());
1943 nigori.set_keybag_is_frozen(true);
1944 nigori.set_encrypt_everything(false);
1945 nigori.set_passphrase_type(sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE);
1946 nigori.set_keystore_migration_time(1);
1947 encryption_handler()->ApplyNigoriUpdate(nigori, trans.GetWrappedTrans());
1948 nigori_node.SetNigoriSpecifics(nigori);
1949 }
1950 PumpLoop();
1951
1952 // Verify we're still migrated and have proper encryption state.
1953 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
1954 EXPECT_TRUE(GetCryptographer()->is_ready());
1955 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
1956 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
1957 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kCurKey);
1958 }
1959
1960 // Trigger a key rotation upon receiving new keys if we already had a keystore
1961 // migrated nigori with the gaia key as the default (still in backwards
1962 // compatible mode).
TEST_F(SyncEncryptionHandlerImplTest,RotateKeysGaiaDefault)1963 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefault) {
1964 // Destroy the existing nigori node so we init without a nigori node.
1965 TearDown();
1966 test_user_share_.SetUp();
1967 SetUpEncryption();
1968
1969 const char kOldGaiaKey[] = "old_gaia_key";
1970 const char kRawOldKeystoreKey[] = "old_keystore_key";
1971 std::string old_keystore_key;
1972 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
1973 {
1974 ReadTransaction trans(FROM_HERE, user_share());
1975 EXPECT_CALL(*observer(),
1976 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1977 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
1978 kRawOldKeystoreKey),
1979 trans.GetWrappedTrans());
1980 }
1981 PumpLoop();
1982 Mock::VerifyAndClearExpectations(observer());
1983
1984 // Then init the nigori node with a backwards compatible set of keys.
1985 CreateRootForType(NIGORI);
1986 EXPECT_CALL(*observer(), OnPassphraseAccepted());
1987 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key);
1988
1989 // Now set some new keystore keys.
1990 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
1991 EXPECT_CALL(*observer(), OnEncryptionComplete());
1992 {
1993 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
1994 keys.Add()->assign(kRawOldKeystoreKey);
1995 keys.Add()->assign(kRawKeystoreKey);
1996 EXPECT_CALL(*observer(),
1997 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
1998 ReadTransaction trans(FROM_HERE, user_share());
1999 encryption_handler()->SetKeystoreKeys(keys,
2000 trans.GetWrappedTrans());
2001 }
2002 // Pump for any posted tasks.
2003 PumpLoop();
2004 Mock::VerifyAndClearExpectations(observer());
2005
2006 // Verify we're still migrated and have proper encryption state. We should
2007 // have rotated the keybag so that it's now encrypted with the newest keystore
2008 // key (instead of the old gaia key).
2009 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2010 EXPECT_TRUE(GetCryptographer()->is_ready());
2011 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
2012 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
2013 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2014 }
2015
2016 // Trigger a key rotation upon receiving new keys if we already had a keystore
2017 // migrated nigori with the keystore key as the default.
TEST_F(SyncEncryptionHandlerImplTest,RotateKeysKeystoreDefault)2018 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysKeystoreDefault) {
2019 // Destroy the existing nigori node so we init without a nigori node.
2020 TearDown();
2021 test_user_share_.SetUp();
2022 SetUpEncryption();
2023
2024 const char kRawOldKeystoreKey[] = "old_keystore_key";
2025 std::string old_keystore_key;
2026 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2027 {
2028 ReadTransaction trans(FROM_HERE, user_share());
2029 EXPECT_CALL(*observer(),
2030 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2031 encryption_handler()->SetKeystoreKeys(BuildEncryptionKeyProto(
2032 kRawOldKeystoreKey),
2033 trans.GetWrappedTrans());
2034 }
2035 PumpLoop();
2036 Mock::VerifyAndClearExpectations(observer());
2037
2038 // Then init the nigori node with a non-backwards compatible set of keys.
2039 CreateRootForType(NIGORI);
2040 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2041 InitKeystoreMigratedNigori(1, old_keystore_key, old_keystore_key);
2042
2043 // Now set some new keystore keys.
2044 EXPECT_CALL(*observer(), OnCryptographerStateChanged(_)).Times(AnyNumber());
2045 EXPECT_CALL(*observer(), OnEncryptionComplete());
2046 {
2047 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2048 keys.Add()->assign(kRawOldKeystoreKey);
2049 keys.Add()->assign(kRawKeystoreKey);
2050 EXPECT_CALL(*observer(),
2051 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2052 ReadTransaction trans(FROM_HERE, user_share());
2053 encryption_handler()->SetKeystoreKeys(keys,
2054 trans.GetWrappedTrans());
2055 }
2056 // Pump for any posted tasks.
2057 PumpLoop();
2058 Mock::VerifyAndClearExpectations(observer());
2059
2060 // Verify we're still migrated and have proper encryption state. We should
2061 // have rotated the keybag so that it's now encrypted with the newest keystore
2062 // key (instead of the old gaia key).
2063 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2064 EXPECT_TRUE(GetCryptographer()->is_ready());
2065 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
2066 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
2067 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2068 }
2069
2070 // Trigger a key rotation upon when a pending gaia passphrase is resolved.
TEST_F(SyncEncryptionHandlerImplTest,RotateKeysAfterPendingGaiaResolved)2071 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysAfterPendingGaiaResolved) {
2072 const char kOldGaiaKey[] = "old_gaia_key";
2073 const char kRawOldKeystoreKey[] = "old_keystore_key";
2074
2075 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2076 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE);
2077
2078 {
2079 // Pass multiple keystore keys, signaling a rotation has happened.
2080 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2081 keys.Add()->assign(kRawOldKeystoreKey);
2082 keys.Add()->assign(kRawKeystoreKey);
2083 ReadTransaction trans(FROM_HERE, user_share());
2084 EXPECT_CALL(*observer(),
2085 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2086 encryption_handler()->SetKeystoreKeys(keys,
2087 trans.GetWrappedTrans());
2088 }
2089 PumpLoop();
2090 Mock::VerifyAndClearExpectations(observer());
2091
2092 // Resolve the pending keys. This should trigger the key rotation.
2093 EXPECT_CALL(*observer(),
2094 OnCryptographerStateChanged(_)).Times(AnyNumber());
2095 EXPECT_CALL(*observer(),
2096 OnPassphraseAccepted());
2097 EXPECT_CALL(*observer(),
2098 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2099 EXPECT_CALL(*observer(),
2100 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
2101 EXPECT_CALL(*observer(),
2102 OnEncryptionComplete()).Times(AtLeast(1));
2103 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
2104 encryption_handler()->SetDecryptionPassphrase(kOldGaiaKey);
2105 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2106 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
2107 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2108 }
2109
2110 // When signing in for the first time, make sure we can rotate keys if we
2111 // already have a keystore migrated nigori.
TEST_F(SyncEncryptionHandlerImplTest,RotateKeysGaiaDefaultOnInit)2112 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysGaiaDefaultOnInit) {
2113 // Destroy the existing nigori node so we init without a nigori node.
2114 TearDown();
2115 test_user_share_.SetUp();
2116 SetUpEncryption();
2117
2118 const char kOldGaiaKey[] = "old_gaia_key";
2119 const char kRawOldKeystoreKey[] = "old_keystore_key";
2120 std::string old_keystore_key;
2121 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2122
2123 // Set two keys, signaling that a rotation has been performed. No nigori
2124 // node is present yet, so we can't rotate.
2125 {
2126 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2127 keys.Add()->assign(kRawOldKeystoreKey);
2128 keys.Add()->assign(kRawKeystoreKey);
2129 EXPECT_CALL(*observer(),
2130 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2131 ReadTransaction trans(FROM_HERE, user_share());
2132 encryption_handler()->SetKeystoreKeys(keys,
2133 trans.GetWrappedTrans());
2134 }
2135
2136 // Then init the nigori node with an old set of keys.
2137 CreateRootForType(NIGORI);
2138 EXPECT_CALL(*observer(), OnPassphraseAccepted());
2139 InitKeystoreMigratedNigori(1, kOldGaiaKey, old_keystore_key);
2140 PumpLoop();
2141 Mock::VerifyAndClearExpectations(observer());
2142
2143 // Verify we're still migrated and have proper encryption state. We should
2144 // have rotated the keybag so that it's now encrypted with the newest keystore
2145 // key (instead of the old gaia key).
2146 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2147 EXPECT_TRUE(GetCryptographer()->is_ready());
2148 EXPECT_EQ(encryption_handler()->GetPassphraseType(), KEYSTORE_PASSPHRASE);
2149 EXPECT_FALSE(encryption_handler()->EncryptEverythingEnabled());
2150 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2151 }
2152
2153 // Trigger a key rotation when a migrated nigori (with an old keystore key) is
2154 // applied.
TEST_F(SyncEncryptionHandlerImplTest,RotateKeysWhenMigratedNigoriArrives)2155 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysWhenMigratedNigoriArrives) {
2156 const char kOldGaiaKey[] = "old_gaia_key";
2157 const char kRawOldKeystoreKey[] = "old_keystore_key";
2158 std::string old_keystore_key;
2159 base::Base64Encode(kRawOldKeystoreKey, &old_keystore_key);
2160
2161 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2162 InitUnmigratedNigori(kOldGaiaKey, IMPLICIT_PASSPHRASE);
2163
2164 {
2165 // Pass multiple keystore keys, signaling a rotation has happened.
2166 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2167 keys.Add()->assign(kRawOldKeystoreKey);
2168 keys.Add()->assign(kRawKeystoreKey);
2169 ReadTransaction trans(FROM_HERE, user_share());
2170 EXPECT_CALL(*observer(),
2171 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2172 encryption_handler()->SetKeystoreKeys(keys,
2173 trans.GetWrappedTrans());
2174 }
2175 PumpLoop();
2176 Mock::VerifyAndClearExpectations(observer());
2177
2178 // Now simulate downloading a nigori node that was migrated before the
2179 // keys were rotated, and hence still encrypt with the old gaia key.
2180 EXPECT_CALL(*observer(),
2181 OnCryptographerStateChanged(_)).Times(AnyNumber());
2182 EXPECT_CALL(*observer(),
2183 OnPassphraseAccepted());
2184 EXPECT_CALL(*observer(),
2185 OnPassphraseTypeChanged(KEYSTORE_PASSPHRASE, _));
2186 EXPECT_CALL(*observer(),
2187 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
2188 EXPECT_CALL(*observer(),
2189 OnEncryptionComplete()).Times(AtLeast(1));
2190 {
2191 sync_pb::NigoriSpecifics nigori = BuildMigratedNigori(
2192 KEYSTORE_PASSPHRASE,
2193 1,
2194 kOldGaiaKey,
2195 old_keystore_key);
2196 // Update the encryption handler.
2197 WriteTransaction trans(FROM_HERE, user_share());
2198 encryption_handler()->ApplyNigoriUpdate(
2199 nigori,
2200 trans.GetWrappedTrans());
2201 }
2202 EXPECT_FALSE(encryption_handler()->MigratedToKeystore());
2203 PumpLoop();
2204
2205 EXPECT_TRUE(encryption_handler()->MigratedToKeystore());
2206 EXPECT_EQ(KEYSTORE_PASSPHRASE, encryption_handler()->GetPassphraseType());
2207 VerifyMigratedNigori(KEYSTORE_PASSPHRASE, kKeystoreKey);
2208 }
2209
2210 // Verify that performing a migration while having more than one keystore key
2211 // preserves a custom passphrase.
TEST_F(SyncEncryptionHandlerImplTest,RotateKeysUnmigratedCustomPassphrase)2212 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysUnmigratedCustomPassphrase) {
2213 const char kCustomPass[] = "custom_passphrase";
2214 const char kRawOldKeystoreKey[] = "old_keystore_key";
2215
2216 EXPECT_CALL(*observer(), OnPassphraseRequired(_, _));
2217 InitUnmigratedNigori(kCustomPass, CUSTOM_PASSPHRASE);
2218
2219 {
2220 // Pass multiple keystore keys, signaling a rotation has happened.
2221 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2222 keys.Add()->assign(kRawOldKeystoreKey);
2223 keys.Add()->assign(kRawKeystoreKey);
2224 ReadTransaction trans(FROM_HERE, user_share());
2225 EXPECT_CALL(*observer(),
2226 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2227 encryption_handler()->SetKeystoreKeys(keys,
2228 trans.GetWrappedTrans());
2229 }
2230 PumpLoop();
2231 Mock::VerifyAndClearExpectations(observer());
2232
2233 // Pass the decryption passphrase. This will also trigger the migration,
2234 // but should not overwrite the default key.
2235 EXPECT_CALL(*observer(),
2236 OnCryptographerStateChanged(_)).Times(AnyNumber());
2237 EXPECT_CALL(*observer(),
2238 OnPassphraseAccepted());
2239 EXPECT_CALL(*observer(),
2240 OnEncryptedTypesChanged(_, true));
2241 EXPECT_CALL(*observer(),
2242 OnEncryptionComplete()).Times(AnyNumber());
2243 EXPECT_CALL(*observer(),
2244 OnBootstrapTokenUpdated(_, PASSPHRASE_BOOTSTRAP_TOKEN));
2245 encryption_handler()->SetDecryptionPassphrase(kCustomPass);
2246 Mock::VerifyAndClearExpectations(observer());
2247
2248 VerifyMigratedNigori(CUSTOM_PASSPHRASE, kCustomPass);
2249 }
2250
2251 // Verify that a key rotation done after we've migrated a custom passphrase
2252 // nigori node preserves the custom passphrase.
TEST_F(SyncEncryptionHandlerImplTest,RotateKeysMigratedCustomPassphrase)2253 TEST_F(SyncEncryptionHandlerImplTest, RotateKeysMigratedCustomPassphrase) {
2254 const char kCustomPass[] = "custom_passphrase";
2255 const char kRawOldKeystoreKey[] = "old_keystore_key";
2256
2257 KeyParams custom_key = {"localhost", "dummy", kCustomPass};
2258 GetCryptographer()->AddKey(custom_key);
2259
2260 InitCustomPassMigratedNigori(1, kCustomPass);
2261 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCustomPass);
2262
2263 {
2264 // Pass multiple keystore keys, signaling a rotation has happened.
2265 google::protobuf::RepeatedPtrField<google::protobuf::string> keys;
2266 keys.Add()->assign(kRawOldKeystoreKey);
2267 keys.Add()->assign(kRawKeystoreKey);
2268 ReadTransaction trans(FROM_HERE, user_share());
2269 EXPECT_CALL(*observer(),
2270 OnBootstrapTokenUpdated(_, KEYSTORE_BOOTSTRAP_TOKEN));
2271 EXPECT_CALL(*observer(),
2272 OnCryptographerStateChanged(_)).Times(AnyNumber());
2273 encryption_handler()->SetKeystoreKeys(keys,
2274 trans.GetWrappedTrans());
2275 }
2276 PumpLoop();
2277 Mock::VerifyAndClearExpectations(observer());
2278
2279 VerifyMigratedNigoriWithTimestamp(1, CUSTOM_PASSPHRASE, kCustomPass);
2280 }
2281
2282 } // namespace syncer
2283