| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.
h" | 5 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.
h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <keyhi.h> | 8 #include <keyhi.h> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 177 } // namespace | 177 } // namespace |
| 178 | 178 |
| 179 // static | 179 // static |
| 180 void EasyUnlockTpmKeyManager::RegisterLocalStatePrefs( | 180 void EasyUnlockTpmKeyManager::RegisterLocalStatePrefs( |
| 181 PrefRegistrySimple* registry) { | 181 PrefRegistrySimple* registry) { |
| 182 registry->RegisterDictionaryPref(prefs::kEasyUnlockLocalStateTpmKeys); | 182 registry->RegisterDictionaryPref(prefs::kEasyUnlockLocalStateTpmKeys); |
| 183 } | 183 } |
| 184 | 184 |
| 185 // static | 185 // static |
| 186 void EasyUnlockTpmKeyManager::ResetLocalStateForUser( | 186 void EasyUnlockTpmKeyManager::ResetLocalStateForUser( |
| 187 const std::string& user_id) { | 187 const user_manager::UserID& user_id) { |
| 188 if (!g_browser_process) | 188 if (!g_browser_process) |
| 189 return; | 189 return; |
| 190 PrefService* local_state = g_browser_process->local_state(); | 190 PrefService* local_state = g_browser_process->local_state(); |
| 191 if (!local_state) | 191 if (!local_state) |
| 192 return; | 192 return; |
| 193 | 193 |
| 194 DictionaryPrefUpdate update(local_state, prefs::kEasyUnlockLocalStateTpmKeys); | 194 DictionaryPrefUpdate update(local_state, prefs::kEasyUnlockLocalStateTpmKeys); |
| 195 update->RemoveWithoutPathExpansion(user_id, NULL); | 195 update->RemoveWithoutPathExpansion(user_id.GetUserEmail(), NULL); |
| 196 } | 196 } |
| 197 | 197 |
| 198 EasyUnlockTpmKeyManager::EasyUnlockTpmKeyManager( | 198 EasyUnlockTpmKeyManager::EasyUnlockTpmKeyManager( |
| 199 const std::string& user_id, | 199 const user_manager::UserID& user_id, |
| 200 const std::string& username_hash, | 200 const std::string& username_hash, |
| 201 PrefService* local_state) | 201 PrefService* local_state) |
| 202 : user_id_(user_id), | 202 : user_id_(user_id), |
| 203 username_hash_(username_hash), | 203 username_hash_(username_hash), |
| 204 local_state_(local_state), | 204 local_state_(local_state), |
| 205 create_tpm_key_state_(CREATE_TPM_KEY_NOT_STARTED), | 205 create_tpm_key_state_(CREATE_TPM_KEY_NOT_STARTED), |
| 206 get_tpm_slot_weak_ptr_factory_(this), | 206 get_tpm_slot_weak_ptr_factory_(this), |
| 207 weak_ptr_factory_(this) { | 207 weak_ptr_factory_(this) { |
| 208 } | 208 } |
| 209 | 209 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 250 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | 250 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( |
| 251 FROM_HERE, | 251 FROM_HERE, |
| 252 base::Bind(&EasyUnlockTpmKeyManager::OnTpmKeyCreated, | 252 base::Bind(&EasyUnlockTpmKeyManager::OnTpmKeyCreated, |
| 253 get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), | 253 get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), |
| 254 std::string()), | 254 std::string()), |
| 255 base::TimeDelta::FromMilliseconds(timeout_ms)); | 255 base::TimeDelta::FromMilliseconds(timeout_ms)); |
| 256 return true; | 256 return true; |
| 257 } | 257 } |
| 258 | 258 |
| 259 std::string EasyUnlockTpmKeyManager::GetPublicTpmKey( | 259 std::string EasyUnlockTpmKeyManager::GetPublicTpmKey( |
| 260 const std::string& user_id) { | 260 const user_manager::UserID& user_id) { |
| 261 if (!local_state_) | 261 if (!local_state_) |
| 262 return std::string(); | 262 return std::string(); |
| 263 const base::DictionaryValue* dict = | 263 const base::DictionaryValue* dict = |
| 264 local_state_->GetDictionary(prefs::kEasyUnlockLocalStateTpmKeys); | 264 local_state_->GetDictionary(prefs::kEasyUnlockLocalStateTpmKeys); |
| 265 std::string key; | 265 std::string key; |
| 266 if (dict) | 266 if (dict) |
| 267 dict->GetStringWithoutPathExpansion(user_id, &key); | 267 dict->GetStringWithoutPathExpansion(user_id.GetUserEmail(), &key); |
| 268 std::string decoded; | 268 std::string decoded; |
| 269 base::Base64Decode(key, &decoded); | 269 base::Base64Decode(key, &decoded); |
| 270 return decoded; | 270 return decoded; |
| 271 } | 271 } |
| 272 | 272 |
| 273 void EasyUnlockTpmKeyManager::SignUsingTpmKey( | 273 void EasyUnlockTpmKeyManager::SignUsingTpmKey( |
| 274 const std::string& user_id, | 274 const user_manager::UserID& user_id, |
| 275 const std::string& data, | 275 const std::string& data, |
| 276 const base::Callback<void(const std::string& data)> callback) { | 276 const base::Callback<void(const std::string& data)> callback) { |
| 277 std::string key = GetPublicTpmKey(user_id); | 277 std::string key = GetPublicTpmKey(user_id); |
| 278 if (key.empty()) { | 278 if (key.empty()) { |
| 279 callback.Run(std::string()); | 279 callback.Run(std::string()); |
| 280 return; | 280 return; |
| 281 } | 281 } |
| 282 | 282 |
| 283 base::Callback<void(crypto::ScopedPK11Slot)> sign_with_system_slot = | 283 base::Callback<void(crypto::ScopedPK11Slot)> sign_with_system_slot = |
| 284 base::Bind(&EasyUnlockTpmKeyManager::SignDataWithSystemSlot, | 284 base::Bind(&EasyUnlockTpmKeyManager::SignDataWithSystemSlot, |
| 285 weak_ptr_factory_.GetWeakPtr(), | 285 weak_ptr_factory_.GetWeakPtr(), |
| 286 key, data, callback); | 286 key, data, callback); |
| 287 | 287 |
| 288 content::BrowserThread::PostTask( | 288 content::BrowserThread::PostTask( |
| 289 content::BrowserThread::IO, | 289 content::BrowserThread::IO, |
| 290 FROM_HERE, | 290 FROM_HERE, |
| 291 base::Bind(&GetSystemSlotOnIOThread, | 291 base::Bind(&GetSystemSlotOnIOThread, |
| 292 base::ThreadTaskRunnerHandle::Get(), | 292 base::ThreadTaskRunnerHandle::Get(), |
| 293 sign_with_system_slot)); | 293 sign_with_system_slot)); |
| 294 } | 294 } |
| 295 | 295 |
| 296 bool EasyUnlockTpmKeyManager::StartedCreatingTpmKeys() const { | 296 bool EasyUnlockTpmKeyManager::StartedCreatingTpmKeys() const { |
| 297 return create_tpm_key_state_ == CREATE_TPM_KEY_GOT_SYSTEM_SLOT || | 297 return create_tpm_key_state_ == CREATE_TPM_KEY_GOT_SYSTEM_SLOT || |
| 298 create_tpm_key_state_ == CREATE_TPM_KEY_DONE; | 298 create_tpm_key_state_ == CREATE_TPM_KEY_DONE; |
| 299 } | 299 } |
| 300 | 300 |
| 301 void EasyUnlockTpmKeyManager::SetKeyInLocalState(const std::string& user_id, | 301 void EasyUnlockTpmKeyManager::SetKeyInLocalState(const user_manager::UserID& use
r_id, |
| 302 const std::string& value) { | 302 const std::string& value) { |
| 303 if (!local_state_) | 303 if (!local_state_) |
| 304 return; | 304 return; |
| 305 | 305 |
| 306 std::string encoded; | 306 std::string encoded; |
| 307 base::Base64Encode(value, &encoded); | 307 base::Base64Encode(value, &encoded); |
| 308 DictionaryPrefUpdate update(local_state_, | 308 DictionaryPrefUpdate update(local_state_, |
| 309 prefs::kEasyUnlockLocalStateTpmKeys); | 309 prefs::kEasyUnlockLocalStateTpmKeys); |
| 310 update->SetStringWithoutPathExpansion(user_id, encoded); | 310 update->SetStringWithoutPathExpansion(user_id.GetUserEmail(), encoded); |
| 311 } | 311 } |
| 312 | 312 |
| 313 void EasyUnlockTpmKeyManager::OnUserTPMInitialized( | 313 void EasyUnlockTpmKeyManager::OnUserTPMInitialized( |
| 314 const std::string& public_key) { | 314 const std::string& public_key) { |
| 315 create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT; | 315 create_tpm_key_state_ = CREATE_TPM_KEY_WAITING_FOR_SYSTEM_SLOT; |
| 316 | 316 |
| 317 base::Callback<void(crypto::ScopedPK11Slot)> create_key_with_system_slot = | 317 base::Callback<void(crypto::ScopedPK11Slot)> create_key_with_system_slot = |
| 318 base::Bind(&EasyUnlockTpmKeyManager::CreateKeyInSystemSlot, | 318 base::Bind(&EasyUnlockTpmKeyManager::CreateKeyInSystemSlot, |
| 319 get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), public_key); | 319 get_tpm_slot_weak_ptr_factory_.GetWeakPtr(), public_key); |
| 320 | 320 |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 390 // If key creation failed, reset the state machine. | 390 // If key creation failed, reset the state machine. |
| 391 create_tpm_key_state_ = | 391 create_tpm_key_state_ = |
| 392 public_key.empty() ? CREATE_TPM_KEY_NOT_STARTED : CREATE_TPM_KEY_DONE; | 392 public_key.empty() ? CREATE_TPM_KEY_NOT_STARTED : CREATE_TPM_KEY_DONE; |
| 393 } | 393 } |
| 394 | 394 |
| 395 void EasyUnlockTpmKeyManager::OnDataSigned( | 395 void EasyUnlockTpmKeyManager::OnDataSigned( |
| 396 const base::Callback<void(const std::string&)>& callback, | 396 const base::Callback<void(const std::string&)>& callback, |
| 397 const std::string& signature) { | 397 const std::string& signature) { |
| 398 callback.Run(signature); | 398 callback.Run(signature); |
| 399 } | 399 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1165323004:
We should use UserID object to identify users instead of username.
Base URL: https://chromium.googlesource.com/chromium/src.git@master