Chromium Code Reviews| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/login/owner_key_util.h" | |
| 6 | |
| 7 #include <limits> | |
| 8 | |
| 9 #include "base/file_util.h" | |
| 10 #include "base/logging.h" | |
| 11 #include "base/memory/scoped_ptr.h" | |
| 12 #include "base/string_util.h" | |
| 13 #include "chrome/browser/chromeos/cros/cros_library.h" | |
| 14 #include "chrome/common/extensions/extension_constants.h" | |
| 15 #include "crypto/rsa_private_key.h" | |
| 16 #include "crypto/signature_creator.h" | |
| 17 #include "crypto/signature_verifier.h" | |
| 18 | |
| 19 using extension_misc::kSignatureAlgorithm; | |
| 20 | |
| 21 namespace chromeos { | |
| 22 | |
| 23 /////////////////////////////////////////////////////////////////////////// | |
| 24 // OwnerKeyUtil | |
| 25 | |
| 26 OwnerKeyUtil* OwnerKeyUtil::Create() { | |
| 27 return new OwnerKeyUtilImpl(FilePath(OwnerKeyUtilImpl::kOwnerKeyFile)); | |
| 28 } | |
| 29 | |
| 30 bool OwnerKeyUtil::Verify(const std::string& data, | |
| 31 const std::vector<uint8> signature, | |
| 32 const std::vector<uint8> public_key) { | |
| 33 crypto::SignatureVerifier verifier; | |
| 34 if (!verifier.VerifyInit(kSignatureAlgorithm, sizeof(kSignatureAlgorithm), | |
| 35 &signature[0], signature.size(), | |
| 36 &public_key[0], public_key.size())) { | |
| 37 return false; | |
| 38 } | |
| 39 | |
| 40 verifier.VerifyUpdate(reinterpret_cast<const uint8*>(data.c_str()), | |
| 41 data.length()); | |
| 42 return (verifier.VerifyFinal()); | |
| 43 } | |
| 44 | |
| 45 bool OwnerKeyUtil::Sign(const std::string& data, | |
| 46 std::vector<uint8>* OUT_signature, | |
| 47 crypto::RSAPrivateKey* key) { | |
| 48 scoped_ptr<crypto::SignatureCreator> signer( | |
| 49 crypto::SignatureCreator::Create(key)); | |
| 50 if (!signer->Update(reinterpret_cast<const uint8*>(data.c_str()), | |
| 51 data.length())) { | |
| 52 return false; | |
| 53 } | |
| 54 return signer->Final(OUT_signature); | |
| 55 } | |
| 56 | |
| 57 OwnerKeyUtil::OwnerKeyUtil() {} | |
| 58 | |
| 59 OwnerKeyUtil::~OwnerKeyUtil() {} | |
| 60 | |
| 61 /////////////////////////////////////////////////////////////////////////// | |
| 62 // OwnerKeyUtilImpl | |
| 63 | |
| 64 // static | |
| 65 const char OwnerKeyUtilImpl::kOwnerKeyFile[] = "/var/lib/whitelist/owner.key"; | |
| 66 | |
| 67 OwnerKeyUtilImpl::OwnerKeyUtilImpl(const FilePath& key_file) | |
| 68 : key_file_(key_file) {} | |
| 69 | |
| 70 OwnerKeyUtilImpl::~OwnerKeyUtilImpl() {} | |
| 71 | |
| 72 bool OwnerKeyUtilImpl::ExportPublicKey(crypto::RSAPrivateKey* pair) { | |
| 73 DCHECK(pair); | |
| 74 bool ok = false; | |
| 75 int safe_file_size = 0; | |
| 76 | |
| 77 std::vector<uint8> to_export; | |
| 78 if (!pair->ExportPublicKey(&to_export)) { | |
| 79 LOG(ERROR) << "Formatting key for export failed!"; | |
| 80 return false; | |
| 81 } | |
| 82 | |
| 83 if (to_export.size() > static_cast<uint>(INT_MAX)) { | |
| 84 LOG(ERROR) << "key is too big! " << to_export.size(); | |
| 85 } else { | |
| 86 safe_file_size = static_cast<int>(to_export.size()); | |
| 87 | |
| 88 ok = (safe_file_size == | |
| 89 file_util::WriteFile(key_file_, | |
| 90 reinterpret_cast<char*>(&to_export.front()), | |
| 91 safe_file_size)); | |
| 92 } | |
| 93 return ok; | |
| 94 } | |
| 95 | |
| 96 bool OwnerKeyUtilImpl::ImportPublicKey(std::vector<uint8>* output) { | |
| 97 // Get the file size (must fit in a 32 bit int for NSS). | |
| 98 int64 file_size; | |
| 99 if (!file_util::GetFileSize(key_file_, &file_size)) { | |
| 100 LOG(ERROR) << "Could not get size of " << key_file_.value(); | |
| 101 return false; | |
| 102 } | |
| 103 if (file_size > static_cast<int64>(std::numeric_limits<int>::max())) { | |
| 104 LOG(ERROR) << key_file_.value() << "is " | |
| 105 << file_size << "bytes!!! Too big!"; | |
| 106 return false; | |
| 107 } | |
| 108 int32 safe_file_size = static_cast<int32>(file_size); | |
| 109 | |
| 110 output->resize(safe_file_size); | |
| 111 | |
| 112 if (safe_file_size == 0) { | |
| 113 LOG(WARNING) << "Public key file is empty. This seems wrong."; | |
| 114 return false; | |
| 115 } | |
| 116 | |
| 117 // Get the key data off of disk | |
| 118 int data_read = file_util::ReadFile(key_file_, | |
| 119 reinterpret_cast<char*>(&(output->at(0))), | |
| 120 safe_file_size); | |
| 121 return data_read == safe_file_size; | |
| 122 } | |
| 123 | |
| 124 crypto::RSAPrivateKey* OwnerKeyUtilImpl::FindPrivateKey( | |
| 125 const std::vector<uint8>& key) { | |
| 126 return crypto::RSAPrivateKey::FindFromPublicKeyInfo(key); | |
| 127 } | |
| 128 | |
| 129 bool OwnerKeyUtilImpl::IsPublicKeyPresent() { | |
| 130 return file_util::PathExists(FilePath(OwnerKeyUtilImpl::kOwnerKeyFile)); | |
|
pastarmovj
2012/07/30 12:19:19
Given that an empty file will fail import I think
Mattias Nissler (ping if slow)
2012/07/31 13:02:15
This is intentional. If the file is present, there
| |
| 131 } | |
| 132 | |
| 133 } // namespace chromeos | |
| OLD | NEW |