Expose trusted vault APIs in SyncUserSettings

This allows upper layers (UI) to know whether user action is needed and provides a way to inject trusted vault encryption keys once they are available. Bug: 1010189 Change-Id: Ic5eb9f0c8e525f30ad0401b65a7a5c7d42cd9a7a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1840097 Commit-Queue: Mikel Astiz <mastiz@chromium.org> Reviewed-by: Marc Treib <treib@chromium.org> Cr-Commit-Position: refs/heads/master@{#702822}

Expose trusted vault APIs in SyncUserSettings
This allows upper layers (UI) to know whether user action is needed and provides a way to inject trusted vault encryption keys once they are available. Bug: 1010189 Change-Id: Ic5eb9f0c8e525f30ad0401b65a7a5c7d42cd9a7a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1840097 Commit-Queue: Mikel Astiz <mastiz@chromium.org> Reviewed-by: Marc Treib <treib@chromium.org> Cr-Commit-Position: refs/heads/master@{#702822}
7c8a0bf4 · Mikel Astiz · Commit Bot · 01369246 · 7c8a0bf4 · 7c8a0bf4
Commit 7c8a0bf4 authored Oct 04, 2019 by Mikel Astiz Committed by Commit Bot Oct 04, 2019
8 changed files
--- a/components/sync/driver/sync_service_crypto.cc
+++ b/components/sync/driver/sync_service_crypto.cc
@@ -169,17 +169,17 @@ base::Time SyncServiceCrypto::GetExplicitPassphraseTime() const {

 bool SyncServiceCrypto::IsPassphraseRequired() const {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+
  switch (state_.required_user_action) {
    case RequiredUserAction::kNone:
-      break;
+    case RequiredUserAction::kTrustedVaultKeyRequired:
+      return false;
    case RequiredUserAction::kPassphraseRequiredForDecryption:
    case RequiredUserAction::kPassphraseRequiredForEncryption:
      return true;
-    case RequiredUserAction::kTrustedVaultKeyRequired:
-      // TODO(crbug.com/1010189): This should return false and get exposed
-      // differently to upper layers.
-      return true;
  }
+
+  NOTREACHED();
  return false;
 }

@@ -188,6 +188,12 @@ bool SyncServiceCrypto::IsUsingSecondaryPassphrase() const {
  return IsExplicitPassphrase(state_.cached_passphrase_type);
 }

+bool SyncServiceCrypto::IsTrustedVaultKeyRequired() const {
+  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+  return state_.required_user_action ==
+         RequiredUserAction::kTrustedVaultKeyRequired;
+}
+
 void SyncServiceCrypto::EnableEncryptEverything() {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  DCHECK(state_.engine);
@@ -238,13 +244,6 @@ void SyncServiceCrypto::SetEncryptionPassphrase(const std::string& passphrase) {
 bool SyncServiceCrypto::SetDecryptionPassphrase(const std::string& passphrase) {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);

-  // TODO(crbug.com/1010189): Move this logic to a separate function.
-  if (state_.required_user_action ==
-      RequiredUserAction::kTrustedVaultKeyRequired) {
-    state_.engine->AddTrustedVaultDecryptionKeys({passphrase});
-    return true;
-  }
-
  // We should never be called with an empty passphrase.
  DCHECK(!passphrase.empty());

@@ -284,6 +283,11 @@ bool SyncServiceCrypto::SetDecryptionPassphrase(const std::string& passphrase) {
  return true;
 }

+void SyncServiceCrypto::AddTrustedVaultDecryptionKeys(
+    const std::vector<std::string>& keys) {
+  state_.engine->AddTrustedVaultDecryptionKeys(keys);
+}
+
 PassphraseType SyncServiceCrypto::GetPassphraseType() const {
  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
  return state_.cached_passphrase_type;

--- a/components/sync/driver/sync_service_crypto.h
+++ b/components/sync/driver/sync_service_crypto.h
@@ -38,6 +38,7 @@ class SyncServiceCrypto : public SyncEncryptionHandler::Observer {
  base::Time GetExplicitPassphraseTime() const;
  bool IsPassphraseRequired() const;
  bool IsUsingSecondaryPassphrase() const;
+  bool IsTrustedVaultKeyRequired() const;
  void EnableEncryptEverything();
  bool IsEncryptEverythingEnabled() const;
  void SetEncryptionPassphrase(const std::string& passphrase);

--- a/components/sync/driver/sync_user_settings.h
+++ b/components/sync/driver/sync_user_settings.h
@@ -6,6 +6,7 @@
 #define COMPONENTS_SYNC_DRIVER_SYNC_USER_SETTINGS_H_

 #include <string>
+#include <vector>

 #include "base/compiler_specific.h"
 #include "base/time/time.h"
@@ -94,6 +95,9 @@ class SyncUserSettings : public syncer::DataTypeEncryptionHandler {
  // Whether a passphrase is required to decrypt the data for any currently
  // enabled data type.
  virtual bool IsPassphraseRequiredForPreferredDataTypes() const = 0;
+  // Whether trusted vault keys are required for encryption or decryption to
+  // proceed for any currently enabled data type.
+  virtual bool IsTrustedVaultKeyRequiredForPreferredDataTypes() const = 0;
  // Whether a "secondary" passphrase is in use (aka explicit passphrase), which
  // means either a custom or a frozen implicit passphrase.
  virtual bool IsUsingSecondaryPassphrase() const = 0;
@@ -108,10 +112,13 @@ class SyncUserSettings : public syncer::DataTypeEncryptionHandler {
  // Asynchronously decrypts pending keys using |passphrase|. Returns false
  // immediately if the passphrase could not be used to decrypt a locally cached
  // copy of encrypted keys; returns true otherwise.
-  // TODO(crbug.com/1010189): Introduce a dedicated API for trusted vault
-  // decryption keys.
  virtual bool SetDecryptionPassphrase(const std::string& passphrase)
      WARN_UNUSED_RESULT = 0;
+  // Analogous to SetDecryptionPassphrase but specifically for
+  // TRUSTED_VAULT_PASSPHRASE: it provides new decryption keys that could
+  // allow decrypting pending Nigori keys.
+  virtual void AddTrustedVaultDecryptionKeys(
+      const std::vector<std::string>& keys) = 0;
 };

 }  // namespace syncer

--- a/components/sync/driver/sync_user_settings_impl.cc
+++ b/components/sync/driver/sync_user_settings_impl.cc
@@ -135,6 +135,11 @@ bool SyncUserSettingsImpl::IsPassphraseRequiredForPreferredDataTypes() const {
  return IsEncryptedDatatypeEnabled() && IsPassphraseRequired();
 }

+bool SyncUserSettingsImpl::IsTrustedVaultKeyRequiredForPreferredDataTypes()
+    const {
+  return IsEncryptedDatatypeEnabled() && crypto_->IsTrustedVaultKeyRequired();
+}
+
 bool SyncUserSettingsImpl::IsUsingSecondaryPassphrase() const {
  return crypto_->IsUsingSecondaryPassphrase();
 }
@@ -165,6 +170,12 @@ bool SyncUserSettingsImpl::SetDecryptionPassphrase(
  return result;
 }

+void SyncUserSettingsImpl::AddTrustedVaultDecryptionKeys(
+    const std::vector<std::string>& keys) {
+  DVLOG(1) << "Adding trusted vault decryption keys.";
+  crypto_->AddTrustedVaultDecryptionKeys(keys);
+}
+
 void SyncUserSettingsImpl::SetSyncRequestedIfNotSetExplicitly() {
  prefs_->SetSyncRequestedIfNotSetExplicitly();
 }

--- a/components/sync/driver/sync_user_settings_impl.h
+++ b/components/sync/driver/sync_user_settings_impl.h
@@ -6,6 +6,7 @@
 #define COMPONENTS_SYNC_DRIVER_SYNC_USER_SETTINGS_IMPL_H_

 #include <string>
+#include <vector>

 #include "base/callback.h"
 #include "components/sync/base/model_type.h"
@@ -54,12 +55,15 @@ class SyncUserSettingsImpl : public SyncUserSettings {
  ModelTypeSet GetEncryptedDataTypes() const override;
  bool IsPassphraseRequired() const override;
  bool IsPassphraseRequiredForPreferredDataTypes() const override;
+  bool IsTrustedVaultKeyRequiredForPreferredDataTypes() const override;
  bool IsUsingSecondaryPassphrase() const override;
  base::Time GetExplicitPassphraseTime() const override;
  PassphraseType GetPassphraseType() const override;

  void SetEncryptionPassphrase(const std::string& passphrase) override;
  bool SetDecryptionPassphrase(const std::string& passphrase) override;
+  void AddTrustedVaultDecryptionKeys(
+      const std::vector<std::string>& keys) override;

  void SetSyncRequestedIfNotSetExplicitly();


--- a/components/sync/driver/sync_user_settings_mock.h
+++ b/components/sync/driver/sync_user_settings_mock.h
@@ -6,6 +6,7 @@
 #define COMPONENTS_SYNC_DRIVER_SYNC_USER_SETTINGS_MOCK_H_

 #include <string>
+#include <vector>

 #include "components/sync/driver/sync_user_settings.h"
 #include "testing/gmock/include/gmock/gmock.h"
@@ -39,12 +40,15 @@ class SyncUserSettingsMock : public SyncUserSettings {
  MOCK_CONST_METHOD0(GetEncryptedDataTypes, ModelTypeSet());
  MOCK_CONST_METHOD0(IsPassphraseRequired, bool());
  MOCK_CONST_METHOD0(IsPassphraseRequiredForPreferredDataTypes, bool());
+  MOCK_CONST_METHOD0(IsTrustedVaultKeyRequiredForPreferredDataTypes, bool());
  MOCK_CONST_METHOD0(IsUsingSecondaryPassphrase, bool());
  MOCK_CONST_METHOD0(GetExplicitPassphraseTime, base::Time());
  MOCK_CONST_METHOD0(GetPassphraseType, PassphraseType());

  MOCK_METHOD1(SetEncryptionPassphrase, void(const std::string&));
  MOCK_METHOD1(SetDecryptionPassphrase, bool(const std::string&));
+  MOCK_METHOD1(AddTrustedVaultDecryptionKeys,
+               void(const std::vector<std::string>&));
 };

 }  // namespace syncer

--- a/components/sync/driver/test_sync_user_settings.cc
+++ b/components/sync/driver/test_sync_user_settings.cc
@@ -126,6 +126,11 @@ bool TestSyncUserSettings::IsPassphraseRequiredForPreferredDataTypes() const {
  return passphrase_required_for_preferred_data_types_;
 }

+bool TestSyncUserSettings::IsTrustedVaultKeyRequiredForPreferredDataTypes()
+    const {
+  return trusted_vault_key_required_for_preferred_data_types_;
+}
+
 bool TestSyncUserSettings::IsUsingSecondaryPassphrase() const {
  return using_secondary_passphrase_;
 }
@@ -147,6 +152,9 @@ bool TestSyncUserSettings::SetDecryptionPassphrase(
  return false;
 }

+void TestSyncUserSettings::AddTrustedVaultDecryptionKeys(
+    const std::vector<std::string>& keys) {}
+
 void TestSyncUserSettings::SetFirstSetupComplete() {
  first_setup_complete_ = true;
 }
@@ -164,6 +172,11 @@ void TestSyncUserSettings::SetPassphraseRequiredForPreferredDataTypes(
  passphrase_required_for_preferred_data_types_ = required;
 }

+void TestSyncUserSettings::SetTrustedVaultKeyRequiredForPreferredDataTypes(
+    bool required) {
+  trusted_vault_key_required_for_preferred_data_types_ = required;
+}
+
 void TestSyncUserSettings::SetIsUsingSecondaryPassphrase(bool enabled) {
  using_secondary_passphrase_ = enabled;
 }

--- a/components/sync/driver/test_sync_user_settings.h
+++ b/components/sync/driver/test_sync_user_settings.h
@@ -6,6 +6,7 @@
 #define COMPONENTS_SYNC_DRIVER_TEST_SYNC_USER_SETTINGS_H_

 #include <string>
+#include <vector>

 #include "components/sync/driver/sync_user_settings.h"

@@ -43,18 +44,22 @@ class TestSyncUserSettings : public SyncUserSettings {
  syncer::ModelTypeSet GetEncryptedDataTypes() const override;
  bool IsPassphraseRequired() const override;
  bool IsPassphraseRequiredForPreferredDataTypes() const override;
+  bool IsTrustedVaultKeyRequiredForPreferredDataTypes() const override;
  bool IsUsingSecondaryPassphrase() const override;
  base::Time GetExplicitPassphraseTime() const override;
  PassphraseType GetPassphraseType() const override;

  void SetEncryptionPassphrase(const std::string& passphrase) override;
  bool SetDecryptionPassphrase(const std::string& passphrase) override;
+  void AddTrustedVaultDecryptionKeys(
+      const std::vector<std::string>& keys) override;

  void SetFirstSetupComplete();
  void ClearFirstSetupComplete();
  void SetEncryptEverythingAllowed(bool allowed);
  void SetPassphraseRequired(bool required);
  void SetPassphraseRequiredForPreferredDataTypes(bool required);
+  void SetTrustedVaultKeyRequiredForPreferredDataTypes(bool required);
  void SetIsUsingSecondaryPassphrase(bool enabled);

 private:
@@ -65,6 +70,7 @@ class TestSyncUserSettings : public SyncUserSettings {

  bool passphrase_required_ = false;
  bool passphrase_required_for_preferred_data_types_ = false;
+  bool trusted_vault_key_required_for_preferred_data_types_ = false;
  bool using_secondary_passphrase_ = false;
 };