| OLD | NEW |
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/login/owner_key_utils.h" | |
| 6 | |
| 7 #include <limits> | |
| 8 | |
| 9 #include "base/file_path.h" | |
| 10 #include "base/file_util.h" | |
| 11 #include "base/logging.h" | |
| 12 #include "base/memory/scoped_ptr.h" | |
| 13 #include "base/string_util.h" | |
| 14 #include "crypto/rsa_private_key.h" | |
| 15 #include "crypto/signature_creator.h" | |
| 16 #include "crypto/signature_verifier.h" | |
| 17 #include "chrome/browser/chromeos/cros/cros_library.h" | |
| 18 #include "chrome/common/extensions/extension_constants.h" | |
| 19 | |
| 20 using extension_misc::kSignatureAlgorithm; | |
| 21 | |
| 22 namespace chromeos { | |
| 23 | |
| 24 /////////////////////////////////////////////////////////////////////////// | |
| 25 // OwnerKeyUtils | |
| 26 | |
| 27 // static | |
| 28 OwnerKeyUtils::Factory* OwnerKeyUtils::factory_ = NULL; | |
| 29 | |
| 30 OwnerKeyUtils::OwnerKeyUtils() {} | |
| 31 | |
| 32 OwnerKeyUtils::~OwnerKeyUtils() {} | |
| 33 | |
| 34 /////////////////////////////////////////////////////////////////////////// | |
| 35 // OwnerKeyUtilsImpl | |
| 36 | |
| 37 class OwnerKeyUtilsImpl : public OwnerKeyUtils { | |
| 38 public: | |
| 39 OwnerKeyUtilsImpl(); | |
| 40 | |
| 41 bool ImportPublicKey(const FilePath& key_file, | |
| 42 std::vector<uint8>* output); | |
| 43 | |
| 44 bool Verify(const std::string& data, | |
| 45 const std::vector<uint8> signature, | |
| 46 const std::vector<uint8> public_key); | |
| 47 | |
| 48 bool Sign(const std::string& data, | |
| 49 std::vector<uint8>* OUT_signature, | |
| 50 crypto::RSAPrivateKey* key); | |
| 51 | |
| 52 crypto::RSAPrivateKey* FindPrivateKey(const std::vector<uint8>& key); | |
| 53 | |
| 54 FilePath GetOwnerKeyFilePath(); | |
| 55 | |
| 56 protected: | |
| 57 virtual ~OwnerKeyUtilsImpl(); | |
| 58 | |
| 59 bool ExportPublicKeyToFile(crypto::RSAPrivateKey* pair, | |
| 60 const FilePath& key_file); | |
| 61 | |
| 62 private: | |
| 63 // The file outside the owner's encrypted home directory where her | |
| 64 // key will live. | |
| 65 static const char kOwnerKeyFile[]; | |
| 66 | |
| 67 DISALLOW_COPY_AND_ASSIGN(OwnerKeyUtilsImpl); | |
| 68 }; | |
| 69 | |
| 70 // Defined here, instead of up above, because we need OwnerKeyUtilsImpl. | |
| 71 OwnerKeyUtils* OwnerKeyUtils::Create() { | |
| 72 if (!factory_) | |
| 73 return new OwnerKeyUtilsImpl(); | |
| 74 else | |
| 75 return factory_->CreateOwnerKeyUtils(); | |
| 76 } | |
| 77 | |
| 78 // static | |
| 79 const char OwnerKeyUtilsImpl::kOwnerKeyFile[] = "/var/lib/whitelist/owner.key"; | |
| 80 | |
| 81 OwnerKeyUtilsImpl::OwnerKeyUtilsImpl() {} | |
| 82 | |
| 83 OwnerKeyUtilsImpl::~OwnerKeyUtilsImpl() {} | |
| 84 | |
| 85 bool OwnerKeyUtilsImpl::ExportPublicKeyToFile(crypto::RSAPrivateKey* pair, | |
| 86 const FilePath& key_file) { | |
| 87 DCHECK(pair); | |
| 88 bool ok = false; | |
| 89 int safe_file_size = 0; | |
| 90 | |
| 91 std::vector<uint8> to_export; | |
| 92 if (!pair->ExportPublicKey(&to_export)) { | |
| 93 LOG(ERROR) << "Formatting key for export failed!"; | |
| 94 return false; | |
| 95 } | |
| 96 | |
| 97 if (to_export.size() > static_cast<uint>(INT_MAX)) { | |
| 98 LOG(ERROR) << "key is too big! " << to_export.size(); | |
| 99 } else { | |
| 100 safe_file_size = static_cast<int>(to_export.size()); | |
| 101 | |
| 102 ok = (safe_file_size == | |
| 103 file_util::WriteFile(key_file, | |
| 104 reinterpret_cast<char*>(&to_export.front()), | |
| 105 safe_file_size)); | |
| 106 } | |
| 107 return ok; | |
| 108 } | |
| 109 | |
| 110 bool OwnerKeyUtilsImpl::ImportPublicKey(const FilePath& key_file, | |
| 111 std::vector<uint8>* output) { | |
| 112 // Get the file size (must fit in a 32 bit int for NSS). | |
| 113 int64 file_size; | |
| 114 if (!file_util::GetFileSize(key_file, &file_size)) { | |
| 115 LOG(ERROR) << "Could not get size of " << key_file.value(); | |
| 116 return false; | |
| 117 } | |
| 118 if (file_size > static_cast<int64>(std::numeric_limits<int>::max())) { | |
| 119 LOG(ERROR) << key_file.value() << "is " | |
| 120 << file_size << "bytes!!! Too big!"; | |
| 121 return false; | |
| 122 } | |
| 123 int32 safe_file_size = static_cast<int32>(file_size); | |
| 124 | |
| 125 output->resize(safe_file_size); | |
| 126 | |
| 127 if (safe_file_size == 0) { | |
| 128 LOG(WARNING) << "Public key file is empty. This seems wrong."; | |
| 129 return false; | |
| 130 } | |
| 131 | |
| 132 // Get the key data off of disk | |
| 133 int data_read = file_util::ReadFile(key_file, | |
| 134 reinterpret_cast<char*>(&(output->at(0))), | |
| 135 safe_file_size); | |
| 136 return data_read == safe_file_size; | |
| 137 } | |
| 138 | |
| 139 bool OwnerKeyUtilsImpl::Verify(const std::string& data, | |
| 140 const std::vector<uint8> signature, | |
| 141 const std::vector<uint8> public_key) { | |
| 142 crypto::SignatureVerifier verifier; | |
| 143 if (!verifier.VerifyInit(kSignatureAlgorithm, sizeof(kSignatureAlgorithm), | |
| 144 &signature[0], signature.size(), | |
| 145 &public_key[0], public_key.size())) { | |
| 146 return false; | |
| 147 } | |
| 148 | |
| 149 verifier.VerifyUpdate(reinterpret_cast<const uint8*>(data.c_str()), | |
| 150 data.length()); | |
| 151 return (verifier.VerifyFinal()); | |
| 152 } | |
| 153 | |
| 154 bool OwnerKeyUtilsImpl::Sign(const std::string& data, | |
| 155 std::vector<uint8>* OUT_signature, | |
| 156 crypto::RSAPrivateKey* key) { | |
| 157 scoped_ptr<crypto::SignatureCreator> signer( | |
| 158 crypto::SignatureCreator::Create(key)); | |
| 159 if (!signer->Update(reinterpret_cast<const uint8*>(data.c_str()), | |
| 160 data.length())) { | |
| 161 return false; | |
| 162 } | |
| 163 return signer->Final(OUT_signature); | |
| 164 } | |
| 165 | |
| 166 crypto::RSAPrivateKey* OwnerKeyUtilsImpl::FindPrivateKey( | |
| 167 const std::vector<uint8>& key) { | |
| 168 return crypto::RSAPrivateKey::FindFromPublicKeyInfo(key); | |
| 169 } | |
| 170 | |
| 171 FilePath OwnerKeyUtilsImpl::GetOwnerKeyFilePath() { | |
| 172 return FilePath(OwnerKeyUtilsImpl::kOwnerKeyFile); | |
| 173 } | |
| 174 | |
| 175 } // namespace chromeos | |
| OLD | NEW |