Chromium Code Reviews Chromium Code Reviews
Issue 8761016:
Shaving parallel authenticator yak to remove unnecessary dependency on this class from OAuth spec... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: chrome/browser/chromeos/cros/cryptohome_library.cc |
| =================================================================== |
| --- chrome/browser/chromeos/cros/cryptohome_library.cc (revision 112243) |
| +++ chrome/browser/chromeos/cros/cryptohome_library.cc (working copy) |
| @@ -8,16 +8,48 @@ |
| #include "base/command_line.h" |
| #include "base/hash_tables.h" |
| #include "base/message_loop.h" |
| +#include "base/string_number_conversions.h" |
| +#include "base/string_util.h" |
| #include "chrome/browser/chromeos/cros/cros_library.h" |
| #include "chrome/common/chrome_switches.h" |
| #include "content/public/browser/browser_thread.h" |
| +#include "crypto/encryptor.h" |
| +#include "crypto/sha2.h" |
| using content::BrowserThread; |
| namespace { |
| - const char kStubSystemSalt[] = "stub_system_salt"; |
| + |
| +const char kStubSystemSalt[] = "stub_system_salt"; |
| +const int kPassHashLen = 32; |
| +const size_t kKeySize = 16; |
| + |
| +// Decrypts (AES) hex encoded encrypted token given |key| and |salt|. |
| +std::string DecryptTokenWithKey( |
|
Nikita (slow)
2011/12/01 14:34:13
DecryptTokenWithKey() should be moved to some comm
zel
2011/12/02 02:35:23
CryptohomeLibrary does not need to have this one.
|
| + crypto::SymmetricKey* key, |
| + const std::string& salt, |
| + const std::string& encrypted_token_hex) { |
| + std::vector<uint8> encrypted_token_bytes; |
| + if (!base::HexStringToBytes(encrypted_token_hex, &encrypted_token_bytes)) |
| + return std::string(); |
| + |
| + std::string encrypted_token( |
| + reinterpret_cast<char*>(encrypted_token_bytes.data()), |
| + encrypted_token_bytes.size()); |
| + crypto::Encryptor encryptor; |
| + if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) |
| + return std::string(); |
| + |
| + std::string nonce = salt.substr(0, kKeySize); |
| + std::string token; |
| + CHECK(encryptor.SetCounter(nonce)); |
| + if (!encryptor.Decrypt(encrypted_token, &token)) |
| + return std::string(); |
| + return token; |
| } |
| +} |
| + |
| namespace chromeos { |
| // This class handles the interaction with the ChromeOS cryptohome library APIs. |
| @@ -84,23 +116,6 @@ |
| return chromeos::CryptohomeIsMounted(); |
| } |
| - virtual CryptohomeBlob GetSystemSalt() OVERRIDE { |
| - CryptohomeBlob system_salt; |
| - char* salt_buf; |
| - int salt_len; |
| - bool result = chromeos::CryptohomeGetSystemSaltSafe(&salt_buf, &salt_len); |
| - if (result) { |
| - system_salt.resize(salt_len); |
| - if ((int)system_salt.size() == salt_len) { |
| - memcpy(&system_salt[0], static_cast<const void*>(salt_buf), |
| - salt_len); |
| - } else { |
| - system_salt.clear(); |
| - } |
| - } |
| - return system_salt; |
| - } |
| - |
| virtual bool AsyncSetOwnerUser( |
| const std::string& username, Delegate* d) OVERRIDE { |
| return CacheCallback( |
| @@ -184,7 +199,31 @@ |
| return chromeos::CryptohomePkcs11IsTpmTokenReady(); |
| } |
| + virtual std::string HashPassword(const std::string& password) OVERRIDE { |
| + // Get salt, ascii encode, update sha with that, then update with ascii |
| + // of password, then end. |
| + std::string ascii_salt = GetSystemSalt(); |
| + char passhash_buf[kPassHashLen]; |
| + |
| + // Hash salt and password |
| + crypto::SHA256HashString(ascii_salt + password, |
| + &passhash_buf, sizeof(passhash_buf)); |
| + |
| + return StringToLowerASCII(base::HexEncode( |
| + reinterpret_cast<const void*>(passhash_buf), |
| + sizeof(passhash_buf) / 2)); |
| + } |
| + |
| + virtual std::string GetSystemSalt() OVERRIDE { |
| + LoadSystemSalt(); // no-op if it's already loaded. |
| + return StringToLowerASCII(base::HexEncode( |
| + reinterpret_cast<const void*>(system_salt_.data()), |
| + system_salt_.size())); |
| + } |
| + |
| private: |
| + typedef base::hash_map<int, Delegate*> CallbackMap; |
| + |
| static void Handler(const chromeos::CryptohomeAsyncCallStatus& event, |
| void* cryptohome_library) { |
| CryptohomeLibraryImpl* library = |
| @@ -213,7 +252,25 @@ |
| return true; |
| } |
| - typedef base::hash_map<int, Delegate*> CallbackMap; |
| + void LoadSystemSalt() { |
| + if (!system_salt_.empty()) |
| + return; |
| + |
| + char* salt_buf; |
| + int salt_len; |
| + bool result = chromeos::CryptohomeGetSystemSaltSafe(&salt_buf, &salt_len); |
| + if (result) { |
| + system_salt_.resize(salt_len); |
| + if (static_cast<int>(system_salt_.size()) == salt_len) |
| + memcpy(&system_salt_[0], static_cast<const void*>(salt_buf), salt_len); |
| + else |
| + system_salt_.clear(); |
| + } |
| + CHECK(!system_salt_.empty()); |
| + CHECK_EQ(system_salt_.size() % 2, 0U); |
| + } |
| + |
| + chromeos::CryptohomeBlob system_salt_; |
| mutable CallbackMap callback_map_; |
| void* cryptohome_connection_; |
| @@ -277,14 +334,6 @@ |
| return true; |
| } |
| - virtual CryptohomeBlob GetSystemSalt() OVERRIDE { |
| - CryptohomeBlob salt = CryptohomeBlob(); |
| - for (size_t i = 0; i < strlen(kStubSystemSalt); i++) |
| - salt.push_back(static_cast<unsigned char>(kStubSystemSalt[i])); |
| - |
| - return salt; |
| - } |
| - |
| virtual bool AsyncSetOwnerUser( |
| const std::string& username, Delegate* callback) OVERRIDE { |
| BrowserThread::PostTask( |
| @@ -360,6 +409,16 @@ |
| virtual bool Pkcs11IsTpmTokenReady() OVERRIDE { return true; } |
| + virtual std::string HashPassword(const std::string& password) OVERRIDE { |
| + return StringToLowerASCII(base::HexEncode( |
| + reinterpret_cast<const void*>(password.data()), |
| + password.length())); |
| + } |
| + |
| + virtual std::string GetSystemSalt() OVERRIDE { |
| + return kStubSystemSalt; |
| + } |
| + |
| private: |
| static void DoStubCallback(Delegate* callback) { |
| if (callback) |
