[sync::nigori] Add feature to use scrypt for new custom passphrases

Add a feature that controls whether scrypt key derivation should be used when a user sets a new custom passphrase. If the feature is disabled, PBKDF2 will be used (i.e. old behavior). Bug: 877933 Change-Id: I2009c8d8cfc7cef57743fbf8f3c9a6ec48ef07a4 Reviewed-on: https://chromium-review.googlesource.com/1193855 Commit-Queue: David Davidović <davidovic@google.com> Reviewed-by: Marc Treib <treib@chromium.org> Reviewed-by: vitaliii <vitaliii@chromium.org> Cr-Commit-Position: refs/heads/master@{#587702}

[sync::nigori] Add feature to use scrypt for new custom passphrases
Add a feature that controls whether scrypt key derivation should be used when a user sets a new custom passphrase. If the feature is disabled, PBKDF2 will be used (i.e. old behavior). Bug: 877933 Change-Id: I2009c8d8cfc7cef57743fbf8f3c9a6ec48ef07a4 Reviewed-on: https://chromium-review.googlesource.com/1193855 Commit-Queue: David Davidović <davidovic@google.com> Reviewed-by: Marc Treib <treib@chromium.org> Reviewed-by: vitaliii <vitaliii@chromium.org> Cr-Commit-Position: refs/heads/master@{#587702}
cabdc5f1 · David Davidović · Commit Bot · 86258312 · cabdc5f1 · cabdc5f1
Commit cabdc5f1 authored Aug 30, 2018 by David Davidović Committed by Commit Bot Aug 30, 2018
4 changed files
--- a/components/sync/engine/sync_engine_switches.cc
+++ b/components/sync/engine/sync_engine_switches.cc
@@ -9,4 +9,12 @@ namespace switches {
 const base::Feature kSyncResetPollIntervalOnStart{
    "SyncResetPollIntervalOnStart", base::FEATURE_DISABLED_BY_DEFAULT};
+// Whether encryption keys should be derived using scrypt when a new custom
+// passphrase is set. If disabled, the old PBKDF2 key derivation method will be
+// used instead. Note that disabling this feature does not disable deriving keys
+// via scrypt when we receive a remote Nigori node that specifies it as the key
+// derivation method.
+const base::Feature kSyncUseScryptForNewCustomPassphrases{
+    "SyncUseScryptForNewCustomPassphrases", base::FEATURE_DISABLED_BY_DEFAULT};
 }  // namespace switches
--- a/components/sync/engine/sync_engine_switches.h
+++ b/components/sync/engine/sync_engine_switches.h
@@ -10,6 +10,7 @@
 namespace switches {
 extern const base::Feature kSyncResetPollIntervalOnStart;
+extern const base::Feature kSyncUseScryptForNewCustomPassphrases;
 }  // namespace switches

--- a/components/sync/engine_impl/sync_encryption_handler_impl.cc
+++ b/components/sync/engine_impl/sync_encryption_handler_impl.cc
@@ -23,6 +23,7 @@
 #include "components/sync/base/passphrase_enums.h"
 #include "components/sync/base/sync_base_switches.h"
 #include "components/sync/base/time.h"
+#include "components/sync/engine/sync_engine_switches.h"
 #include "components/sync/engine/sync_string_conversions.h"
 #include "components/sync/protocol/encryption.pb.h"
 #include "components/sync/protocol/nigori_specifics.pb.h"
@@ -159,8 +160,13 @@ bool UnpackKeystoreBootstrapToken(const std::string& keystore_bootstrap_token,
 // Returns the key derivation method to be used when a user sets a new
 // custom passphrase.
 KeyDerivationMethod GetDefaultKeyDerivationMethodForCustomPassphrase() {
-  // TODO(davidovic): When scrypt is introduced, check if the feature is enabled
+  if (base::FeatureList::IsEnabled(
-  // and return scrypt if so.
+          switches::kSyncUseScryptForNewCustomPassphrases) &&
+      !base::FeatureList::IsEnabled(
+          switches::kSyncForceDisableScryptForCustomPassphrase)) {
+    return KeyDerivationMethod::SCRYPT_8192_8_11_CONST_SALT;
+  }
  return KeyDerivationMethod::PBKDF2_HMAC_SHA1_1003;
 }

--- a/components/sync/engine_impl/sync_encryption_handler_impl_unittest.cc
+++ b/components/sync/engine_impl/sync_encryption_handler_impl_unittest.cc