[sync::proto] Add key derivation method field

Add a field to NigoriSpecifics (part of the Sync protocol) to signify
the derivation method used to derive the key from a user's custom
passphrase.

Add accompanying enum which enumerates the possible options. Currently,
only one such method is available.

Also enable detection of the case when the method is not known, e.g.
when an old client tries to access data committed and encrypted by a new
client using a new key derivation method.

TBRing dschuyler@ for chrome/browser/webui/settings/people_handler.cc
because the change is a trivial file rename change.

TBR=dschuyler@chromium.org

Bug: 876297
Change-Id: I7b603664a152f4999c8e0a3e1453b3edf611649a
Reviewed-on: https://chromium-review.googlesource.com/1183667
Commit-Queue: David Davidović <davidovic@google.com>
Reviewed-by: Marc Treib <treib@chromium.org>
Reviewed-by: vitaliii <vitaliii@chromium.org>
Cr-Commit-Position: refs/heads/master@{#586285}

chrome/browser/ui/webui/settings/people_handler.cc

@@ -49,7 +49,7 @@
 #include "components/signin/core/browser/signin_metrics.h"
 #include "components/signin/core/browser/signin_pref_names.h"
 #include "components/strings/grit/components_strings.h"
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/base/sync_prefs.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"

components/browser_sync/profile_sync_service.cc

@@ -28,7 +28,7 @@
 #include "components/signin/core/browser/signin_metrics.h"
 #include "components/sync/base/bind_to_task_runner.h"
 #include "components/sync/base/cryptographer.h"
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/base/report_unrecoverable_error.h"
 #include "components/sync/base/stop_source.h"
 #include "components/sync/base/system_encryptor.h"

components/sync/BUILD.gn

@@ -51,8 +51,8 @@ jumbo_static_library("sync") {
     "base/node_ordinal.cc",
     "base/node_ordinal.h",
     "base/ordinal.h",
-    "base/passphrase_type.cc",
-    "base/passphrase_type.h",
+    "base/passphrase_enums.cc",
+    "base/passphrase_enums.h",
     "base/pref_names.cc",
     "base/pref_names.h",
     "base/progress_marker_map.cc",

components/sync/base/passphrase_enums.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/sync/base/passphrase_enums.h"
+
+#include "base/logging.h"
+
+namespace syncer {
+
+bool IsExplicitPassphrase(PassphraseType type) {
+  return type == PassphraseType::CUSTOM_PASSPHRASE ||
+         type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
+}
+
+PassphraseType ProtoPassphraseTypeToEnum(
+    sync_pb::NigoriSpecifics::PassphraseType type) {
+  switch (type) {
+    case sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE:
+      return PassphraseType::IMPLICIT_PASSPHRASE;
+    case sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE:
+      return PassphraseType::KEYSTORE_PASSPHRASE;
+    case sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE:
+      return PassphraseType::CUSTOM_PASSPHRASE;
+    case sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE:
+      return PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
+    case sync_pb::NigoriSpecifics::UNKNOWN:
+      // It is expected that this value will never be encountered, as the
+      // protocol does not consider it valid.
+      break;
+  }
+
+  NOTREACHED();
+  return PassphraseType::IMPLICIT_PASSPHRASE;
+}
+
+sync_pb::NigoriSpecifics::PassphraseType EnumPassphraseTypeToProto(
+    PassphraseType type) {
+  switch (type) {
+    case PassphraseType::IMPLICIT_PASSPHRASE:
+      return sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE;
+    case PassphraseType::KEYSTORE_PASSPHRASE:
+      return sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE;
+    case PassphraseType::CUSTOM_PASSPHRASE:
+      return sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE;
+    case PassphraseType::FROZEN_IMPLICIT_PASSPHRASE:
+      return sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE;
+    case PassphraseType::PASSPHRASE_TYPE_SIZE:
+      break;
+  }
+
+  NOTREACHED();
+  return sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE;
+}
+
+KeyDerivationMethod ProtoKeyDerivationMethodToEnum(
+    ::google::protobuf::int32 method) {
+  DCHECK_GE(method, 0);
+
+  switch (method) {
+    case sync_pb::NigoriSpecifics::UNSPECIFIED:
+      // This is the default value; it comes from an old client (<M70) which
+      // does not know about this field. These old clients all use PBKDF2.
+      return KeyDerivationMethod::PBKDF2_HMAC_SHA1_1003;
+    case sync_pb::NigoriSpecifics::PBKDF2_HMAC_SHA1_1003:
+      return KeyDerivationMethod::PBKDF2_HMAC_SHA1_1003;
+  }
+
+  // We do not know about this value. It is likely a method added in a newer
+  // version of Chrome.
+  return KeyDerivationMethod::UNKNOWN;
+}
+
+sync_pb::NigoriSpecifics::KeyDerivationMethod EnumKeyDerivationMethodToProto(
+    KeyDerivationMethod method) {
+  switch (method) {
+    case KeyDerivationMethod::PBKDF2_HMAC_SHA1_1003:
+      return sync_pb::NigoriSpecifics::PBKDF2_HMAC_SHA1_1003;
+    case KeyDerivationMethod::UNKNOWN:
+      // This value does not have a counterpart in the protocol proto enum,
+      // because it is just a client side abstraction.
+      break;
+  }
+
+  NOTREACHED();
+  return sync_pb::NigoriSpecifics::UNSPECIFIED;
+}
+
+}  // namespace syncer

components/sync/base/passphrase_type.h → components/sync/base/passphrase_enums.h

-// Copyright 2016 The Chromium Authors. All rights reserved.
+// Copyright 2018 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef COMPONENTS_SYNC_BASE_PASSPHRASE_TYPE_H_
-#define COMPONENTS_SYNC_BASE_PASSPHRASE_TYPE_H_
+#ifndef COMPONENTS_SYNC_BASE_PASSPHRASE_ENUMS_H_
+#define COMPONENTS_SYNC_BASE_PASSPHRASE_ENUMS_H_
+
+#include "components/sync/protocol/nigori_specifics.pb.h"
 
 namespace syncer {
 
@@ -20,7 +22,29 @@ enum class PassphraseType {
 };
 
 bool IsExplicitPassphrase(PassphraseType type);
+PassphraseType ProtoPassphraseTypeToEnum(
+    sync_pb::NigoriSpecifics::PassphraseType type);
+sync_pb::NigoriSpecifics::PassphraseType EnumPassphraseTypeToProto(
+    PassphraseType type);
+
+// Different key derivation methods. Used for deriving the encryption key from a
+// user's custom passphrase.
+enum class KeyDerivationMethod {
+  PBKDF2_HMAC_SHA1_1003 = 0,  // PBKDF2-HMAC-SHA1 with 1003 iterations.
+  UNKNOWN = 1,                // Unknown method, likely from a future version.
+};
+
+// This function accepts an integer and not KeyDerivationMethod from the proto
+// in order to be able to handle new, unknown values.
+KeyDerivationMethod ProtoKeyDerivationMethodToEnum(
+    ::google::protobuf::int32 method);
+// Note that KeyDerivationMethod::UNKNOWN is an invalid input for this function,
+// since it corresponds to a method that we are not aware of and so cannot
+// meaningfully convert. The caller is responsible for ensuring that
+// KeyDerivationMethod::UNKNOWN is never passed to this function.
+sync_pb::NigoriSpecifics::KeyDerivationMethod EnumKeyDerivationMethodToProto(
+    KeyDerivationMethod method);
 
 }  // namespace syncer
 
-#endif  // COMPONENTS_SYNC_BASE_PASSPHRASE_TYPE_H_
+#endif  // COMPONENTS_SYNC_BASE_PASSPHRASE_ENUMS_H_

components/sync/base/passphrase_type.cc

-// Copyright 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/sync/base/passphrase_type.h"
-
-namespace syncer {
-
-bool IsExplicitPassphrase(PassphraseType type) {
-  return type == PassphraseType::CUSTOM_PASSPHRASE ||
-         type == PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
-}
-
-}  // namespace syncer

components/sync/engine/sync_status.h

@@ -10,7 +10,7 @@
 
 #include "base/time/time.h"
 #include "components/sync/base/model_type.h"
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/engine/sync_encryption_handler.h"
 #include "components/sync/protocol/sync_protocol_error.h"
 

components/sync/engine/sync_string_conversions.cc

@@ -3,7 +3,6 @@
 // found in the LICENSE file.
 
 #include "components/sync/engine/sync_string_conversions.h"
-#include "components/sync/base/passphrase_type.h"
 
 #define ENUM_CASE(x) \
   case x:            \
@@ -13,13 +12,14 @@ namespace syncer {
 
 const char* ConnectionStatusToString(ConnectionStatus status) {
   switch (status) {
+    ENUM_CASE(CONNECTION_NOT_ATTEMPTED);
     ENUM_CASE(CONNECTION_OK);
     ENUM_CASE(CONNECTION_AUTH_ERROR);
     ENUM_CASE(CONNECTION_SERVER_ERROR);
-    default:
-      NOTREACHED();
-      return "INVALID_CONNECTION_STATUS";
   }
+
+  NOTREACHED();
+  return "INVALID_CONNECTION_STATUS";
 }
 
 // Helper function that converts a PassphraseRequiredReason value to a string.
@@ -28,10 +28,10 @@ const char* PassphraseRequiredReasonToString(PassphraseRequiredReason reason) {
     ENUM_CASE(REASON_PASSPHRASE_NOT_REQUIRED);
     ENUM_CASE(REASON_ENCRYPTION);
     ENUM_CASE(REASON_DECRYPTION);
-    default:
-      NOTREACHED();
-      return "INVALID_REASON";
   }
+
+  NOTREACHED();
+  return "INVALID_REASON";
 }
 
 const char* PassphraseTypeToString(PassphraseType type) {
@@ -40,20 +40,32 @@ const char* PassphraseTypeToString(PassphraseType type) {
     ENUM_CASE(PassphraseType::KEYSTORE_PASSPHRASE);
     ENUM_CASE(PassphraseType::FROZEN_IMPLICIT_PASSPHRASE);
     ENUM_CASE(PassphraseType::CUSTOM_PASSPHRASE);
-    default:
-      NOTREACHED();
-      return "INVALID_PASSPHRASE_TYPE";
+    case PassphraseType::PASSPHRASE_TYPE_SIZE:
+      break;
   }
+
+  NOTREACHED();
+  return "INVALID_PASSPHRASE_TYPE";
 }
 
 const char* BootstrapTokenTypeToString(BootstrapTokenType type) {
   switch (type) {
     ENUM_CASE(PASSPHRASE_BOOTSTRAP_TOKEN);
     ENUM_CASE(KEYSTORE_BOOTSTRAP_TOKEN);
-    default:
-      NOTREACHED();
-      return "INVALID_BOOTSTRAP_TOKEN_TYPE";
   }
+
+  NOTREACHED();
+  return "INVALID_BOOTSTRAP_TOKEN_TYPE";
+}
+
+const char* KeyDerivationMethodToString(KeyDerivationMethod method) {
+  switch (method) {
+    ENUM_CASE(KeyDerivationMethod::PBKDF2_HMAC_SHA1_1003);
+    ENUM_CASE(KeyDerivationMethod::UNKNOWN);
+  }
+
+  NOTREACHED();
+  return "INVALID_KEY_DERIVATION_METHOD";
 }
 
 #undef ENUM_CASE

components/sync/engine/sync_string_conversions.h

@@ -5,6 +5,7 @@
 #ifndef COMPONENTS_SYNC_ENGINE_SYNC_STRING_CONVERSIONS_H_
 #define COMPONENTS_SYNC_ENGINE_SYNC_STRING_CONVERSIONS_H_
 
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/engine/connection_status.h"
 #include "components/sync/engine/sync_encryption_handler.h"
 
@@ -20,6 +21,9 @@ const char* PassphraseRequiredReasonToString(PassphraseRequiredReason reason);
 const char* PassphraseTypeToString(PassphraseType type);
 
 const char* BootstrapTokenTypeToString(BootstrapTokenType type);
+
+const char* KeyDerivationMethodToString(KeyDerivationMethod method);
+
 }  // namespace syncer
 
 #endif  // COMPONENTS_SYNC_ENGINE_SYNC_STRING_CONVERSIONS_H_

components/sync/engine_impl/js_sync_encryption_handler_observer_unittest.cc

@@ -14,7 +14,7 @@
 #include "components/sync/base/cryptographer.h"
 #include "components/sync/base/fake_encryptor.h"
 #include "components/sync/base/model_type.h"
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/base/time.h"
 #include "components/sync/engine/sync_string_conversions.h"
 #include "components/sync/js/js_event_details.h"

components/sync/engine_impl/sync_encryption_handler_impl.cc

@@ -19,7 +19,7 @@
 #include "base/threading/sequenced_task_runner_handle.h"
 #include "components/sync/base/encryptor.h"
 #include "components/sync/base/experiments.h"
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/base/time.h"
 #include "components/sync/engine/sync_string_conversions.h"
 #include "components/sync/protocol/encryption.pb.h"
@@ -90,40 +90,6 @@ bool IsNigoriMigratedToKeystore(const sync_pb::NigoriSpecifics& nigori) {
   return true;
 }
 
-PassphraseType ProtoPassphraseTypeToEnum(
-    sync_pb::NigoriSpecifics::PassphraseType type) {
-  switch (type) {
-    case sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE:
-      return PassphraseType::IMPLICIT_PASSPHRASE;
-    case sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE:
-      return PassphraseType::KEYSTORE_PASSPHRASE;
-    case sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE:
-      return PassphraseType::CUSTOM_PASSPHRASE;
-    case sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE:
-      return PassphraseType::FROZEN_IMPLICIT_PASSPHRASE;
-    default:
-      NOTREACHED();
-      return PassphraseType::IMPLICIT_PASSPHRASE;
-  }
-}
-
-sync_pb::NigoriSpecifics::PassphraseType EnumPassphraseTypeToProto(
-    PassphraseType type) {
-  switch (type) {
-    case PassphraseType::IMPLICIT_PASSPHRASE:
-      return sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE;
-    case PassphraseType::KEYSTORE_PASSPHRASE:
-      return sync_pb::NigoriSpecifics::KEYSTORE_PASSPHRASE;
-    case PassphraseType::CUSTOM_PASSPHRASE:
-      return sync_pb::NigoriSpecifics::CUSTOM_PASSPHRASE;
-    case PassphraseType::FROZEN_IMPLICIT_PASSPHRASE:
-      return sync_pb::NigoriSpecifics::FROZEN_IMPLICIT_PASSPHRASE;
-    default:
-      NOTREACHED();
-      return sync_pb::NigoriSpecifics::IMPLICIT_PASSPHRASE;
-  }
-}
-
 // Keystore Bootstrap Token helper methods.
 // The bootstrap is a base64 encoded, encrypted, ListValue of keystore key
 // strings, with the current keystore key as the last value in the list.

components/sync/engine_impl/sync_encryption_handler_impl_unittest.cc

@@ -14,7 +14,7 @@
 #include "base/test/scoped_task_environment.h"
 #include "components/sync/base/fake_encryptor.h"
 #include "components/sync/base/model_type_test_util.h"
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/protocol/nigori_specifics.pb.h"
 #include "components/sync/protocol/sync.pb.h"
 #include "components/sync/syncable/entry.h"

components/sync/protocol/nigori_specifics.proto

@@ -151,4 +151,22 @@ message NigoriSpecifics {
 
   // Boolean corresponding to whether mountain shares should be encrypted.
   optional bool encrypt_mountain_shares = 44;
+
+  enum KeyDerivationMethod {
+    // This comes from a <= M69 client, who does not know about the field
+    // (but implicitly uses PBKDF2_HMAC_SHA1_1003).
+    UNSPECIFIED = 0;
+    // PBKDF2-HMAC-SHA1 with 1003 iterations and constant hardcoded salt. Was
+    // implicitly used in <= M69.
+    PBKDF2_HMAC_SHA1_1003 = 1;
+  }
+
+  // ID of the method used to derive the encryption key from a custom
+  // passphrase. Should be set only when |passphrase_type| is CUSTOM_PASSPHRASE
+  // and only based on CustomPassphraseKeyDerivationMethod. This field has been
+  // added in M70. All previous versions just ignore it, attempt to use
+  // PBKDF2_HMAC_SHA1_1003 and, thus, reject any passphrase if a different
+  // method has been used. The default corresponds to UNSPECIFIED. An |int|
+  // field is used so we can detect unknown values coming from later versions.
+  optional int32 custom_passphrase_key_derivation_method = 45 [default = 0];
 }

components/sync/protocol/proto_visitors.h

@@ -633,6 +633,7 @@ VISIT_PROTO_FIELDS(const sync_pb::NigoriSpecifics& proto) {
   VISIT(keystore_decryptor_token);
   VISIT(keystore_migration_time);
   VISIT(custom_passphrase_time);
+  VISIT(custom_passphrase_key_derivation_method);
 }
 
 VISIT_PROTO_FIELDS(const sync_pb::PasswordSpecifics& proto) {

components/sync/syncable/base_transaction.cc

@@ -4,7 +4,7 @@
 
 #include "components/sync/syncable/base_transaction.h"
 
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/syncable/directory.h"
 #include "components/sync/syncable/nigori_handler.h"
 

components/sync/syncable/nigori_util.cc

@@ -14,7 +14,7 @@
 #include "base/containers/queue.h"
 #include "base/json/json_writer.h"
 #include "components/sync/base/cryptographer.h"
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/syncable/directory.h"
 #include "components/sync/syncable/entry.h"
 #include "components/sync/syncable/mutable_entry.h"

components/sync/syncable/write_node.cc

@@ -11,7 +11,7 @@
 #include "base/values.h"
 #include "components/sync/base/cryptographer.h"
 #include "components/sync/base/hash_util.h"
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/engine/engine_util.h"
 #include "components/sync/protocol/bookmark_specifics.pb.h"
 #include "components/sync/protocol/typed_url_specifics.pb.h"

components/sync/test/fake_sync_encryption_handler.cc

@@ -4,7 +4,7 @@
 
 #include "components/sync/test/fake_sync_encryption_handler.h"
 
-#include "components/sync/base/passphrase_type.h"
+#include "components/sync/base/passphrase_enums.h"
 #include "components/sync/protocol/nigori_specifics.pb.h"
 #include "components/sync/syncable/nigori_util.h"