| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/network_settings/onc_utils.h" | |
| 6 | |
| 7 #include "base/base64.h" | |
| 8 #include "base/json/json_reader.h" | |
| 9 #include "base/values.h" | |
| 10 #include "chrome/browser/chromeos/cros/onc_constants.h" | |
| 11 #include "crypto/encryptor.h" | |
| 12 #include "crypto/hmac.h" | |
| 13 #include "crypto/symmetric_key.h" | |
| 14 #include "grit/generated_resources.h" | |
| 15 #include "ui/base/l10n/l10n_util.h" | |
| 16 | |
| 17 namespace chromeos { | |
| 18 namespace onc { | |
| 19 | |
| 20 scoped_ptr<base::DictionaryValue> ReadDictionaryFromJson( | |
| 21 const std::string& json, | |
| 22 std::string* error) { | |
| 23 base::Value* root = base::JSONReader::ReadAndReturnError( | |
| 24 json, base::JSON_ALLOW_TRAILING_COMMAS, NULL, error); | |
| 25 | |
| 26 base::DictionaryValue* dict_ptr = NULL; | |
| 27 if (root != NULL && !root->GetAsDictionary(&dict_ptr)) { | |
| 28 if (error) { | |
| 29 *error = l10n_util::GetStringUTF8( | |
| 30 IDS_NETWORK_CONFIG_ERROR_NETWORK_NOT_A_JSON_DICTIONARY); | |
| 31 } | |
| 32 delete root; | |
| 33 } | |
| 34 | |
| 35 return make_scoped_ptr(dict_ptr); | |
| 36 } | |
| 37 | |
| 38 scoped_ptr<base::DictionaryValue> Decrypt(const std::string& passphrase, | |
| 39 const base::DictionaryValue& root, | |
| 40 std::string* error) { | |
| 41 const int kKeySizeInBits = 256; | |
| 42 const int kMaxIterationCount = 500000; | |
| 43 std::string onc_type; | |
| 44 std::string initial_vector; | |
| 45 std::string salt; | |
| 46 std::string cipher; | |
| 47 std::string stretch_method; | |
| 48 std::string hmac_method; | |
| 49 std::string hmac; | |
| 50 int iterations; | |
| 51 std::string ciphertext; | |
| 52 | |
| 53 if (!root.GetString(encrypted::kCiphertext, &ciphertext) || | |
| 54 !root.GetString(encrypted::kCipher, &cipher) || | |
| 55 !root.GetString(encrypted::kHMAC, &hmac) || | |
| 56 !root.GetString(encrypted::kHMACMethod, &hmac_method) || | |
| 57 !root.GetString(encrypted::kIV, &initial_vector) || | |
| 58 !root.GetInteger(encrypted::kIterations, &iterations) || | |
| 59 !root.GetString(encrypted::kSalt, &salt) || | |
| 60 !root.GetString(encrypted::kStretch, &stretch_method) || | |
| 61 !root.GetString(encrypted::kType, &onc_type) || | |
| 62 onc_type != kEncryptedConfiguration) { | |
| 63 *error = l10n_util::GetStringUTF8( | |
| 64 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_MALFORMED); | |
| 65 return scoped_ptr<base::DictionaryValue>(); | |
| 66 } | |
| 67 | |
| 68 if (hmac_method != encrypted::kSHA1 || | |
| 69 cipher != encrypted::kAES256 || | |
| 70 stretch_method != encrypted::kPBKDF2) { | |
| 71 *error = l10n_util::GetStringUTF8( | |
| 72 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNSUPPORTED_ENCRYPTION); | |
| 73 return scoped_ptr<base::DictionaryValue>(); | |
| 74 } | |
| 75 | |
| 76 // Make sure iterations != 0, since that's not valid. | |
| 77 if (iterations == 0) { | |
| 78 *error = l10n_util::GetStringUTF8( | |
| 79 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT); | |
| 80 return scoped_ptr<base::DictionaryValue>(); | |
| 81 } | |
| 82 | |
| 83 // Simply a sanity check to make sure we can't lock up the machine | |
| 84 // for too long with a huge number (or a negative number). | |
| 85 if (iterations < 0 || iterations > kMaxIterationCount) { | |
| 86 *error = l10n_util::GetStringUTF8( | |
| 87 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_TOO_MANY_ITERATIONS); | |
| 88 return scoped_ptr<base::DictionaryValue>(); | |
| 89 } | |
| 90 | |
| 91 if (!base::Base64Decode(salt, &salt)) { | |
| 92 *error = l10n_util::GetStringUTF8( | |
| 93 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE); | |
| 94 return scoped_ptr<base::DictionaryValue>(); | |
| 95 } | |
| 96 | |
| 97 scoped_ptr<crypto::SymmetricKey> key( | |
| 98 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES, | |
| 99 passphrase, | |
| 100 salt, | |
| 101 iterations, | |
| 102 kKeySizeInBits)); | |
| 103 | |
| 104 if (!base::Base64Decode(initial_vector, &initial_vector)) { | |
| 105 *error = l10n_util::GetStringUTF8( | |
| 106 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE); | |
| 107 return scoped_ptr<base::DictionaryValue>(); | |
| 108 } | |
| 109 if (!base::Base64Decode(ciphertext, &ciphertext)) { | |
| 110 *error = l10n_util::GetStringUTF8( | |
| 111 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE); | |
| 112 return scoped_ptr<base::DictionaryValue>(); | |
| 113 } | |
| 114 if (!base::Base64Decode(hmac, &hmac)) { | |
| 115 *error = l10n_util::GetStringUTF8( | |
| 116 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE); | |
| 117 return scoped_ptr<base::DictionaryValue>(); | |
| 118 } | |
| 119 | |
| 120 crypto::HMAC hmac_verifier(crypto::HMAC::SHA1); | |
| 121 if (!hmac_verifier.Init(key.get()) || | |
| 122 !hmac_verifier.Verify(ciphertext, hmac)) { | |
| 123 *error = l10n_util::GetStringUTF8( | |
| 124 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT); | |
| 125 return scoped_ptr<base::DictionaryValue>(); | |
| 126 } | |
| 127 | |
| 128 crypto::Encryptor decryptor; | |
| 129 if (!decryptor.Init(key.get(), crypto::Encryptor::CBC, initial_vector)) { | |
| 130 *error = l10n_util::GetStringUTF8( | |
| 131 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT); | |
| 132 return scoped_ptr<base::DictionaryValue>(); | |
| 133 } | |
| 134 | |
| 135 std::string plaintext; | |
| 136 if (!decryptor.Decrypt(ciphertext, &plaintext)) { | |
| 137 *error = l10n_util::GetStringUTF8( | |
| 138 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT); | |
| 139 return scoped_ptr<base::DictionaryValue>(); | |
| 140 } | |
| 141 | |
| 142 scoped_ptr<base::DictionaryValue> new_root = | |
| 143 ReadDictionaryFromJson(plaintext, error); | |
| 144 if (new_root.get() == NULL && error->empty()) { | |
| 145 *error = l10n_util::GetStringUTF8( | |
| 146 IDS_NETWORK_CONFIG_ERROR_NETWORK_PROP_DICT_MALFORMED); | |
| 147 } | |
| 148 return new_root.Pass(); | |
| 149 } | |
| 150 | |
| 151 } // chromeos | |
| 152 } // onc | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11299236:
This moves the ONC parsing code into chromeos/network/onc (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src