Changed OAuth token+secret encryption to use supplemental user key.

chrome/browser/chromeos/login/parallel_authenticator.cc

Index: chrome/browser/chromeos/login/parallel_authenticator.cc
===================================================================
--- chrome/browser/chromeos/login/parallel_authenticator.cc	(revision 99168)
+++ chrome/browser/chromeos/login/parallel_authenticator.cc	(working copy)
@@ -16,6 +16,7 @@
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
 #include "base/synchronization/lock.h"
+#include "chrome/browser/chromeos/cros/cert_library.h"
 #include "chrome/browser/chromeos/cros/cryptohome_library.h"
 #include "chrome/browser/chromeos/login/auth_response_handler.h"
 #include "chrome/browser/chromeos/login/authentication_notification_details.h"
@@ -691,23 +692,12 @@
     checked_for_localaccount_ = true;
   }
 }
-
 std::string ParallelAuthenticator::EncryptToken(const std::string& token) {
-  // TODO(zelidrag): Replace salt with
-  scoped_ptr<crypto::SymmetricKey> key(
-      crypto::SymmetricKey::DeriveKeyFromPassword(
-          crypto::SymmetricKey::AES, UserSupplementalKeyAsAscii(),
-          SaltAsAscii(), 1000, 256));
-  crypto::Encryptor encryptor;
-  if (!encryptor.Init(key.get(), crypto::Encryptor::CTR, std::string()))
-    return std::string();
-
-  std::string nonce = SaltAsAscii().substr(0, kKeySize);
   std::string encoded_token;
-  CHECK(encryptor.SetCounter(nonce));
-  if (!encryptor.Encrypt(token, &encoded_token))
+  if (!CrosLibrary::Get()->GetCertLibrary()->EncryptWithSupplementalUserKey(
+      token, &encoded_token)) {
     return std::string();
-
+  }
   return StringToLowerASCII(base::HexEncode(
       reinterpret_cast<const void*>(encoded_token.data()),
       encoded_token.size()));
@@ -718,7 +708,23 @@
   std::vector<uint8> encrypted_token_bytes;
   if (!base::HexStringToBytes(encrypted_token_hex, &encrypted_token_bytes))
     return std::string();
+  std::string encrypted_token(
+      reinterpret_cast<char*>(encrypted_token_bytes.data()),
+                              encrypted_token_bytes.size());

[wtc, 2011/09/02 22:31:08]

Nit: this argument should be left-aligned with the
"reinterpret_cast" above.

[zel, 2011/09/03 01:52:22]

Done.

+  std::string token;
+  if (!CrosLibrary::Get()->GetCertLibrary()->DecryptWithSupplementalUserKey(
+      encrypted_token, &token)) {
+    return std::string();
+  }
+  return token;
+}
 
+std::string ParallelAuthenticator::DecryptLegacyToken(
+    const std::string& encrypted_token_hex) {
+  std::vector<uint8> encrypted_token_bytes;
+  if (!base::HexStringToBytes(encrypted_token_hex, &encrypted_token_bytes))
+    return std::string();
+
   std::string encrypted_token(
       reinterpret_cast<char*>(encrypted_token_bytes.data()),
                               encrypted_token_bytes.size());