chrome/browser/chromeos/network_settings/onc_utils.cc - Issue 11299236: This moves the ONC parsing code into chromeos/network/onc

Side by Side Diff: chrome/browser/chromeos/network_settings/onc_utils.cc

Issue 11299236: This moves the ONC parsing code into chromeos/network/onc (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: fix unit tests Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "chrome/browser/chromeos/network_settings/onc_utils.h"

6

7 #include "base/base64.h"

8 #include "base/json/json_reader.h"

9 #include "base/values.h"

10 #include "chrome/browser/chromeos/cros/onc_constants.h"

11 #include "crypto/encryptor.h"

12 #include "crypto/hmac.h"

13 #include "crypto/symmetric_key.h"

14 #include "grit/generated_resources.h"

15 #include "ui/base/l10n/l10n_util.h"

16

17 namespace chromeos {

18 namespace onc {

19

20 scoped_ptr<base::DictionaryValue> ReadDictionaryFromJson(

21 const std::string& json,

22 std::string* error) {

23 base::Value* root = base::JSONReader::ReadAndReturnError(

24 json, base::JSON_ALLOW_TRAILING_COMMAS, NULL, error);

25

26 base::DictionaryValue* dict_ptr = NULL;

27 if (root != NULL && !root->GetAsDictionary(&dict_ptr)) {

28 if (error) {

29 *error = l10n_util::GetStringUTF8(

30 IDS_NETWORK_CONFIG_ERROR_NETWORK_NOT_A_JSON_DICTIONARY);

31 }

32 delete root;

33 }

34

35 return make_scoped_ptr(dict_ptr);

36 }

37

38 scoped_ptr<base::DictionaryValue> Decrypt(const std::string& passphrase,

39 const base::DictionaryValue& root,

40 std::string* error) {

41 const int kKeySizeInBits = 256;

42 const int kMaxIterationCount = 500000;

43 std::string onc_type;

44 std::string initial_vector;

45 std::string salt;

46 std::string cipher;

47 std::string stretch_method;

48 std::string hmac_method;

49 std::string hmac;

50 int iterations;

51 std::string ciphertext;

52

53 if (!root.GetString(encrypted::kCiphertext, &ciphertext) \|\|

54 !root.GetString(encrypted::kCipher, &cipher) \|\|

55 !root.GetString(encrypted::kHMAC, &hmac) \|\|

56 !root.GetString(encrypted::kHMACMethod, &hmac_method) \|\|

57 !root.GetString(encrypted::kIV, &initial_vector) \|\|

58 !root.GetInteger(encrypted::kIterations, &iterations) \|\|

59 !root.GetString(encrypted::kSalt, &salt) \|\|

60 !root.GetString(encrypted::kStretch, &stretch_method) \|\|

61 !root.GetString(encrypted::kType, &onc_type) \|\|

62 onc_type != kEncryptedConfiguration) {

63 *error = l10n_util::GetStringUTF8(

64 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_MALFORMED);

65 return scoped_ptr<base::DictionaryValue>();

66 }

67

68 if (hmac_method != encrypted::kSHA1 \|\|

69 cipher != encrypted::kAES256 \|\|

70 stretch_method != encrypted::kPBKDF2) {

71 *error = l10n_util::GetStringUTF8(

72 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNSUPPORTED_ENCRYPTION);

73 return scoped_ptr<base::DictionaryValue>();

74 }

75

76 // Make sure iterations != 0, since that's not valid.

77 if (iterations == 0) {

78 *error = l10n_util::GetStringUTF8(

79 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT);

80 return scoped_ptr<base::DictionaryValue>();

81 }

82

83 // Simply a sanity check to make sure we can't lock up the machine

84 // for too long with a huge number (or a negative number).

85 if (iterations < 0 \|\| iterations > kMaxIterationCount) {

86 *error = l10n_util::GetStringUTF8(

87 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_TOO_MANY_ITERATIONS);

88 return scoped_ptr<base::DictionaryValue>();

89 }

90

91 if (!base::Base64Decode(salt, &salt)) {

92 *error = l10n_util::GetStringUTF8(

93 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE);

94 return scoped_ptr<base::DictionaryValue>();

95 }

96

97 scoped_ptr<crypto::SymmetricKey> key(

98 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES,

99 passphrase,

100 salt,

101 iterations,

102 kKeySizeInBits));

103

104 if (!base::Base64Decode(initial_vector, &initial_vector)) {

105 *error = l10n_util::GetStringUTF8(

106 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE);

107 return scoped_ptr<base::DictionaryValue>();

108 }

109 if (!base::Base64Decode(ciphertext, &ciphertext)) {

110 *error = l10n_util::GetStringUTF8(

111 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE);

112 return scoped_ptr<base::DictionaryValue>();

113 }

114 if (!base::Base64Decode(hmac, &hmac)) {

115 *error = l10n_util::GetStringUTF8(

116 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECODE);

117 return scoped_ptr<base::DictionaryValue>();

118 }

119

120 crypto::HMAC hmac_verifier(crypto::HMAC::SHA1);

121 if (!hmac_verifier.Init(key.get()) \|\|

122 !hmac_verifier.Verify(ciphertext, hmac)) {

123 *error = l10n_util::GetStringUTF8(

124 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT);

125 return scoped_ptr<base::DictionaryValue>();

126 }

127

128 crypto::Encryptor decryptor;

129 if (!decryptor.Init(key.get(), crypto::Encryptor::CBC, initial_vector)) {

130 *error = l10n_util::GetStringUTF8(

131 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT);

132 return scoped_ptr<base::DictionaryValue>();

133 }

134

135 std::string plaintext;

136 if (!decryptor.Decrypt(ciphertext, &plaintext)) {

137 *error = l10n_util::GetStringUTF8(

138 IDS_NETWORK_CONFIG_ERROR_ENCRYPTED_ONC_UNABLE_TO_DECRYPT);

139 return scoped_ptr<base::DictionaryValue>();

140 }

141

142 scoped_ptr<base::DictionaryValue> new_root =

143 ReadDictionaryFromJson(plaintext, error);

144 if (new_root.get() == NULL && error->empty()) {

145 *error = l10n_util::GetStringUTF8(

146 IDS_NETWORK_CONFIG_ERROR_NETWORK_PROP_DICT_MALFORMED);

147 }

148 return new_root.Pass();

149 }

150

151 } // chromeos

152 } // onc

OLD	NEW