1// Copyright 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// Various utility methods for nigori-based multi-type encryption.
6
7#ifndef SYNC_SYNCABLE_NIGORI_UTIL_H_
8#define SYNC_SYNCABLE_NIGORI_UTIL_H_
9
10#include "base/compiler_specific.h"
11#include "sync/base/sync_export.h"
12#include "sync/internal_api/public/base/model_type.h"
13#include "sync/protocol/nigori_specifics.pb.h"
14
15namespace sync_pb {
16class EntitySpecifics;
17}
18
19namespace syncer {
20class Cryptographer;
21
22namespace syncable {
23
24const char kEncryptedString[] = "encrypted";
25
26class BaseTransaction;
27class Entry;
28class MutableEntry;
29class WriteTransaction;
30
31// Check if our unsyced changes are encrypted if they need to be based on
32// |encrypted_types|.
33// Returns: true if all unsynced data that should be encrypted is.
34//          false if some unsynced changes need to be encrypted.
35// This method is similar to ProcessUnsyncedChangesForEncryption but does not
36// modify the data and does not care if data is unnecessarily encrypted.
37SYNC_EXPORT_PRIVATE bool VerifyUnsyncedChangesAreEncrypted(
38    BaseTransaction* const trans,
39    ModelTypeSet encrypted_types);
40
41// Processes all unsynced changes and ensures they are appropriately encrypted
42// or unencrypted, based on |encrypted_types|.
43bool ProcessUnsyncedChangesForEncryption(
44    WriteTransaction* const trans);
45
46// Returns true if the entry requires encryption but is not encrypted, false
47// otherwise. Note: this does not check that already encrypted entries are
48// encrypted with the proper key.
49bool EntryNeedsEncryption(ModelTypeSet encrypted_types,
50                          const Entry& entry);
51
52// Same as EntryNeedsEncryption, but looks at specifics.
53SYNC_EXPORT_PRIVATE bool SpecificsNeedsEncryption(
54    ModelTypeSet encrypted_types,
55    const sync_pb::EntitySpecifics& specifics);
56
57// Verifies all data of type |type| is encrypted appropriately.
58SYNC_EXPORT_PRIVATE bool VerifyDataTypeEncryptionForTest(
59    BaseTransaction* const trans,
60    ModelType type,
61    bool is_encrypted) WARN_UNUSED_RESULT;
62
63// Stores |new_specifics| into |entry|, encrypting if necessary.
64// Returns false if an error encrypting occurred (does not modify |entry|).
65// Note: gracefully handles new_specifics aliasing with entry->GetSpecifics().
66bool UpdateEntryWithEncryption(
67    BaseTransaction* const trans,
68    const sync_pb::EntitySpecifics& new_specifics,
69    MutableEntry* entry);
70
71// Updates |nigori| to match the encryption state specified by |encrypted_types|
72// and |encrypt_everything|.
73SYNC_EXPORT_PRIVATE void UpdateNigoriFromEncryptedTypes(
74    ModelTypeSet encrypted_types,
75    bool encrypt_everything,
76    sync_pb::NigoriSpecifics* nigori);
77
78// Extracts the set of encrypted types from a nigori node.
79ModelTypeSet GetEncryptedTypesFromNigori(
80    const sync_pb::NigoriSpecifics& nigori);
81
82}  // namespace syncable
83}  // namespace syncer
84
85#endif  // SYNC_SYNCABLE_NIGORI_UTIL_H_
86