OLD | NEW |
1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "login_manager/nss_util.h" | 5 #include "login_manager/nss_util.h" |
6 | 6 |
7 #include <base/basictypes.h> | 7 #include <base/basictypes.h> |
8 #include <base/crypto/rsa_private_key.h> | 8 #include <base/crypto/rsa_private_key.h> |
9 #include <base/crypto/signature_creator.h> | 9 #include <base/crypto/signature_creator.h> |
10 #include <base/crypto/signature_verifier.h> | 10 #include <base/crypto/signature_verifier.h> |
11 #include <base/file_path.h> | 11 #include <base/file_path.h> |
| 12 #include <base/file_util.h> |
12 #include <base/logging.h> | 13 #include <base/logging.h> |
13 #include <base/nss_util.h> | 14 #include <base/nss_util.h> |
14 #include <base/scoped_ptr.h> | 15 #include <base/scoped_ptr.h> |
15 #include <cros/chromeos_login.h> | 16 #include <cros/chromeos_login.h> |
16 | 17 |
17 namespace login_manager { | 18 namespace login_manager { |
18 /////////////////////////////////////////////////////////////////////////// | 19 /////////////////////////////////////////////////////////////////////////// |
19 // NssUtil | 20 // NssUtil |
20 | 21 |
21 // static | 22 // static |
22 NssUtil::Factory* NssUtil::factory_ = NULL; | 23 NssUtil::Factory* NssUtil::factory_ = NULL; |
23 | 24 |
24 NssUtil::NssUtil() {} | 25 NssUtil::NssUtil() {} |
25 | 26 |
26 NssUtil::~NssUtil() {} | 27 NssUtil::~NssUtil() {} |
27 | 28 |
28 /////////////////////////////////////////////////////////////////////////// | 29 /////////////////////////////////////////////////////////////////////////// |
29 // NssUtilImpl | 30 // NssUtilImpl |
30 | 31 |
31 class NssUtilImpl : public NssUtil { | 32 class NssUtilImpl : public NssUtil { |
32 public: | 33 public: |
33 NssUtilImpl(); | 34 NssUtilImpl(); |
34 virtual ~NssUtilImpl(); | 35 virtual ~NssUtilImpl(); |
35 | 36 |
| 37 bool MightHaveKeys(); |
| 38 |
36 bool OpenUserDB(); | 39 bool OpenUserDB(); |
37 | 40 |
38 base::RSAPrivateKey* GetPrivateKey(const std::vector<uint8>& public_key_der); | 41 base::RSAPrivateKey* GetPrivateKey(const std::vector<uint8>& public_key_der); |
39 | 42 |
40 base::RSAPrivateKey* GenerateKeyPair(); | 43 base::RSAPrivateKey* GenerateKeyPair(); |
41 | 44 |
42 FilePath GetOwnerKeyFilePath(); | 45 FilePath GetOwnerKeyFilePath(); |
43 | 46 |
44 bool Verify(const uint8* algorithm, int algorithm_len, | 47 bool Verify(const uint8* algorithm, int algorithm_len, |
45 const uint8* signature, int signature_len, | 48 const uint8* signature, int signature_len, |
46 const uint8* data, int data_len, | 49 const uint8* data, int data_len, |
47 const uint8* public_key, int public_key_len); | 50 const uint8* public_key, int public_key_len); |
48 | 51 |
49 bool Sign(const uint8* data, int data_len, | 52 bool Sign(const uint8* data, int data_len, |
50 std::vector<uint8>* OUT_signature, | 53 std::vector<uint8>* OUT_signature, |
51 base::RSAPrivateKey* key); | 54 base::RSAPrivateKey* key); |
52 private: | 55 private: |
53 static const uint16 kKeySizeInBits; | 56 static const uint16 kKeySizeInBits; |
| 57 // Hardcoded path of the user's NSS key database. |
| 58 // TODO(cmasone): get rid of this once http://crosbug.com/14007 is fixed. |
| 59 static const char kUserDbPath[]; |
| 60 |
54 DISALLOW_COPY_AND_ASSIGN(NssUtilImpl); | 61 DISALLOW_COPY_AND_ASSIGN(NssUtilImpl); |
55 }; | 62 }; |
56 | 63 |
57 // Defined here, instead of up above, because we need NssUtilImpl. | 64 // Defined here, instead of up above, because we need NssUtilImpl. |
58 // static | 65 // static |
59 NssUtil* NssUtil::Create() { | 66 NssUtil* NssUtil::Create() { |
60 if (!factory_) { | 67 if (!factory_) { |
61 return new NssUtilImpl; | 68 return new NssUtilImpl; |
62 base::EnsureNSSInit(); | 69 base::EnsureNSSInit(); |
63 } else { | 70 } else { |
64 return factory_->CreateNssUtil(); | 71 return factory_->CreateNssUtil(); |
65 } | 72 } |
66 } | 73 } |
67 | 74 |
68 // static | 75 // static |
69 void NssUtil::BlobFromBuffer(const std::string& buf, std::vector<uint8>* out) { | 76 void NssUtil::BlobFromBuffer(const std::string& buf, std::vector<uint8>* out) { |
70 out->resize(buf.length()); | 77 out->resize(buf.length()); |
71 if (out->size() == 0) | 78 if (out->size() == 0) |
72 return; | 79 return; |
73 memcpy(&(out->at(0)), buf.c_str(), out->size()); | 80 memcpy(&(out->at(0)), buf.c_str(), out->size()); |
74 } | 81 } |
75 | 82 |
76 // We're generating and using 2048-bit RSA keys. | 83 // We're generating and using 2048-bit RSA keys. |
77 // static | 84 // static |
78 const uint16 NssUtilImpl::kKeySizeInBits = 2048; | 85 const uint16 NssUtilImpl::kKeySizeInBits = 2048; |
| 86 // static |
| 87 const char NssUtilImpl::kUserDbPath[] = "/home/chronos/user/.pki/nssdb/key4.db"; |
79 | 88 |
80 NssUtilImpl::NssUtilImpl() {} | 89 NssUtilImpl::NssUtilImpl() {} |
81 | 90 |
82 NssUtilImpl::~NssUtilImpl() {} | 91 NssUtilImpl::~NssUtilImpl() {} |
83 | 92 |
| 93 bool NssUtilImpl::MightHaveKeys() { |
| 94 return file_util::PathExists(FilePath(NssUtilImpl::kUserDbPath)); |
| 95 } |
| 96 |
84 bool NssUtilImpl::OpenUserDB() { | 97 bool NssUtilImpl::OpenUserDB() { |
85 // TODO(cmasone): If we ever try to keep the session_manager alive across | 98 // TODO(cmasone): If we ever try to keep the session_manager alive across |
86 // user sessions, we'll need to deal with the fact that we have no way to | 99 // user sessions, we'll need to deal with the fact that we have no way to |
87 // close this persistent DB. | 100 // close this persistent DB. |
88 base::OpenPersistentNSSDB(); | 101 base::OpenPersistentNSSDB(); |
89 return true; | 102 return true; |
90 } | 103 } |
91 | 104 |
92 base::RSAPrivateKey* NssUtilImpl::GetPrivateKey( | 105 base::RSAPrivateKey* NssUtilImpl::GetPrivateKey( |
93 const std::vector<uint8>& public_key_der) { | 106 const std::vector<uint8>& public_key_der) { |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
131 std::vector<uint8>* OUT_signature, | 144 std::vector<uint8>* OUT_signature, |
132 base::RSAPrivateKey* key) { | 145 base::RSAPrivateKey* key) { |
133 scoped_ptr<base::SignatureCreator> signer( | 146 scoped_ptr<base::SignatureCreator> signer( |
134 base::SignatureCreator::Create(key)); | 147 base::SignatureCreator::Create(key)); |
135 if (!signer->Update(data, data_len)) | 148 if (!signer->Update(data, data_len)) |
136 return false; | 149 return false; |
137 return signer->Final(OUT_signature); | 150 return signer->Final(OUT_signature); |
138 } | 151 } |
139 | 152 |
140 } // namespace login_manager | 153 } // namespace login_manager |
OLD | NEW |