| Index: chrome/browser/chromeos/login/parallel_authenticator.cc
|
| ===================================================================
|
| --- chrome/browser/chromeos/login/parallel_authenticator.cc (revision 95832)
|
| +++ chrome/browser/chromeos/login/parallel_authenticator.cc (working copy)
|
| @@ -12,9 +12,10 @@
|
| #include "base/file_util.h"
|
| #include "base/logging.h"
|
| #include "base/path_service.h"
|
| +#include "base/rand_util.h"
|
| +#include "base/string_number_conversions.h"
|
| #include "base/string_util.h"
|
| #include "base/synchronization/lock.h"
|
| -#include "crypto/sha2.h"
|
| #include "chrome/browser/chromeos/cros/cryptohome_library.h"
|
| #include "chrome/browser/chromeos/login/auth_response_handler.h"
|
| #include "chrome/browser/chromeos/login/authentication_notification_details.h"
|
| @@ -30,6 +31,9 @@
|
| #include "chrome/common/net/gaia/gaia_constants.h"
|
| #include "content/browser/browser_thread.h"
|
| #include "content/common/notification_service.h"
|
| +#include "crypto/encryptor.h"
|
| +#include "crypto/sha2.h"
|
| +#include "crypto/symmetric_key.h"
|
| #include "net/base/load_flags.h"
|
| #include "net/base/net_errors.h"
|
| #include "net/url_request/url_request_status.h"
|
| @@ -53,6 +57,7 @@
|
| const int ParallelAuthenticator::kLocalaccountRetryIntervalMs = 20;
|
|
|
| const int kPassHashLen = 32;
|
| +const size_t kKeySize = 16;
|
|
|
| ParallelAuthenticator::ParallelAuthenticator(LoginStatusConsumer* consumer)
|
| : Authenticator(consumer),
|
| @@ -130,13 +135,15 @@
|
| BrowserThread::UI, FROM_HERE,
|
| NewRunnableMethod(mounter_.get(), &CryptohomeOp::Initiate));
|
|
|
| - // For login completion, we just need to resolve the current auth,
|
| - // attempt state.
|
| - // TODO(zelidrag): Investigate if this business be moved to UI thread instead.
|
| - BrowserThread::PostTask(
|
| - BrowserThread::IO, FROM_HERE,
|
| - NewRunnableMethod(this,
|
| - &ParallelAuthenticator::ResolveLoginCompletionStatus));
|
| + // For login completion of a new user, we just need to resolve the current
|
| + // auth attempt state, the rest of OAuth related tasks will be done in
|
| + // parallel.
|
| + if (!UserManager::Get()->IsKnownUser(canonicalized)) {
|
| + BrowserThread::PostTask(
|
| + BrowserThread::IO, FROM_HERE,
|
| + NewRunnableMethod(this,
|
| + &ParallelAuthenticator::ResolveLoginCompletionStatus));
|
| + }
|
|
|
| BrowserThread::PostTask(
|
| BrowserThread::FILE, FROM_HERE,
|
| @@ -675,52 +682,79 @@
|
| }
|
| }
|
|
|
| +std::string ParallelAuthenticator::EncryptToken(const std::string& token) {
|
| + // TODO(zelidrag): Replace salt with
|
| + scoped_ptr<crypto::SymmetricKey> key(
|
| + crypto::SymmetricKey::DeriveKeyFromPassword(
|
| + crypto::SymmetricKey::AES, UserSupplementalKeyAsAscii(),
|
| + SaltAsAscii(), 1000, 256));
|
| + crypto::Encryptor encryptor;
|
| + if (!encryptor.Init(key.get(), crypto::Encryptor::CTR, std::string()))
|
| + return std::string();
|
|
|
| + std::string nonce = SaltAsAscii().substr(0, kKeySize);
|
| + std::string encoded_token;
|
| + CHECK(encryptor.SetCounter(nonce));
|
| + if (!encryptor.Encrypt(token, &encoded_token))
|
| + return std::string();
|
| +
|
| + return StringToLowerASCII(base::HexEncode(
|
| + reinterpret_cast<const void*>(encoded_token.data()),
|
| + encoded_token.size()));
|
| +}
|
| +
|
| +std::string ParallelAuthenticator::DecryptToken(
|
| + const std::string& encrypted_token_hex) {
|
| + std::vector<uint8> encrypted_token_bytes;
|
| + if (!base::HexStringToBytes(encrypted_token_hex, &encrypted_token_bytes))
|
| + return std::string();
|
| +
|
| + std::string encrypted_token(
|
| + reinterpret_cast<char*>(encrypted_token_bytes.data()),
|
| + encrypted_token_bytes.size());
|
| + scoped_ptr<crypto::SymmetricKey> key(
|
| + crypto::SymmetricKey::DeriveKeyFromPassword(
|
| + crypto::SymmetricKey::AES, UserSupplementalKeyAsAscii(),
|
| + SaltAsAscii(), 1000, 256));
|
| + crypto::Encryptor encryptor;
|
| + if (!encryptor.Init(key.get(), crypto::Encryptor::CTR, std::string()))
|
| + return std::string();
|
| +
|
| + std::string nonce = SaltAsAscii().substr(0, kKeySize);
|
| + std::string token;
|
| + CHECK(encryptor.SetCounter(nonce));
|
| + if (!encryptor.Decrypt(encrypted_token, &token))
|
| + return std::string();
|
| + return token;
|
| +}
|
| +
|
| +
|
| std::string ParallelAuthenticator::HashPassword(const std::string& password) {
|
| // Get salt, ascii encode, update sha with that, then update with ascii
|
| // of password, then end.
|
| std::string ascii_salt = SaltAsAscii();
|
| - unsigned char passhash_buf[kPassHashLen];
|
| - char ascii_buf[kPassHashLen + 1];
|
| + char passhash_buf[kPassHashLen];
|
|
|
| // Hash salt and password
|
| crypto::SHA256HashString(ascii_salt + password,
|
| &passhash_buf, sizeof(passhash_buf));
|
|
|
| - std::vector<unsigned char> passhash(passhash_buf,
|
| - passhash_buf + sizeof(passhash_buf));
|
| - BinaryToHex(passhash,
|
| - passhash.size() / 2, // only want top half, at least for now.
|
| - ascii_buf,
|
| - sizeof(ascii_buf));
|
| - return std::string(ascii_buf, sizeof(ascii_buf) - 1);
|
| + return StringToLowerASCII(base::HexEncode(
|
| + reinterpret_cast<const void*>(passhash_buf),
|
| + sizeof(passhash_buf) / 2));
|
| }
|
|
|
| std::string ParallelAuthenticator::SaltAsAscii() {
|
| LoadSystemSalt(); // no-op if it's already loaded.
|
| - unsigned int salt_len = system_salt_.size();
|
| - char ascii_salt[2 * salt_len + 1];
|
| - if (ParallelAuthenticator::BinaryToHex(system_salt_,
|
| - salt_len,
|
| - ascii_salt,
|
| - sizeof(ascii_salt))) {
|
| - return std::string(ascii_salt, sizeof(ascii_salt) - 1);
|
| - }
|
| - return std::string();
|
| + return StringToLowerASCII(base::HexEncode(
|
| + reinterpret_cast<const void*>(system_salt_.data()),
|
| + system_salt_.size()));
|
| }
|
|
|
| -// static
|
| -bool ParallelAuthenticator::BinaryToHex(
|
| - const std::vector<unsigned char>& binary,
|
| - const unsigned int binary_len,
|
| - char* hex_string,
|
| - const unsigned int len) {
|
| - if (len < 2*binary_len)
|
| - return false;
|
| - memset(hex_string, 0, len);
|
| - for (uint i = 0, j = 0; i < binary_len; i++, j+=2)
|
| - snprintf(hex_string + j, len - j, "%02x", binary[i]);
|
| - return true;
|
| +std::string ParallelAuthenticator::UserSupplementalKeyAsAscii() {
|
| + // TODO(zelidrag, wad): http://crosbug.com/18633 - Replace this with the real
|
| + // user suplemental key gets exposed in from cryptolib.
|
| + return SaltAsAscii();
|
| }
|
|
|
| void ParallelAuthenticator::ResolveLoginCompletionStatus() {
|
|
|
Chromium Code Reviews
Issue 7584026:
Encrypted OAuth1 all access token and secret with system salt for now, will replace this with use... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/