Chromium Code Reviews Chromium Code Reviews
Issue 14522013:
Separate cert loading code from CertLibrary and move to src/chromeos (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/cryptohome/cryptohome_library.h" | 5 #include "chromeos/cryptohome/cryptohome_library.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/chromeos/chromeos_version.h" | 10 #include "base/chromeos/chromeos_version.h" |
| 11 #include "base/memory/weak_ptr.h" | 11 #include "base/memory/weak_ptr.h" |
| 12 #include "base/string_util.h" | 12 #include "base/string_util.h" |
| 13 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
| 14 #include "chromeos/dbus/cryptohome_client.h" | 14 #include "chromeos/dbus/cryptohome_client.h" |
| 15 #include "chromeos/dbus/dbus_thread_manager.h" | 15 #include "chromeos/dbus/dbus_thread_manager.h" |
| 16 #include "crypto/encryptor.h" | 16 #include "crypto/encryptor.h" |
| 17 #include "crypto/nss_util.h" | 17 #include "crypto/nss_util.h" |
| 18 #include "crypto/sha2.h" | 18 #include "crypto/sha2.h" |
| 19 #include "crypto/symmetric_key.h" | 19 #include "crypto/symmetric_key.h" |
| 20 | 20 |
| 21 namespace chromeos { | 21 namespace chromeos { |
| 22 | 22 |
| 23 namespace { | 23 namespace { |
| 24 | 24 |
| 25 const char kStubSystemSalt[] = "stub_system_salt"; | 25 const char kStubSystemSalt[] = "stub_system_salt"; |
| 26 const size_t kKeySize = 16; | 26 const size_t kNonceSize = 16; |
| 27 | 27 |
| 28 // Does nothing. Used as a Cryptohome::VoidMethodCallback. | 28 // Does nothing. Used as a Cryptohome::VoidMethodCallback. |
| 29 void DoNothing(DBusMethodCallStatus call_status) {} | 29 void DoNothing(DBusMethodCallStatus call_status) {} |
| 30 | 30 |
| 31 } // namespace | 31 } // namespace |
| 32 | 32 |
| 33 // This class handles the interaction with the ChromeOS cryptohome library APIs. | 33 // This class handles the interaction with the ChromeOS cryptohome library APIs. |
| 34 class CryptohomeLibraryImpl : public CryptohomeLibrary { | 34 class CryptohomeLibraryImpl : public CryptohomeLibrary { |
| 35 public: | 35 public: |
| 36 CryptohomeLibraryImpl() : weak_ptr_factory_(this) { | 36 CryptohomeLibraryImpl() : weak_ptr_factory_(this) { |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 162 } | 162 } |
| 163 | 163 |
| 164 // TODO: should this use the system salt for both the password and the salt | 164 // TODO: should this use the system salt for both the password and the salt |
| 165 // value, or should this use a separate salt value? | 165 // value, or should this use a separate salt value? |
| 166 bool LoadSystemSaltKey() { | 166 bool LoadSystemSaltKey() { |
| 167 if (!system_salt_key_.get()) | 167 if (!system_salt_key_.get()) |
| 168 system_salt_key_.reset(PassphraseToKey(GetSystemSalt(), GetSystemSalt())); | 168 system_salt_key_.reset(PassphraseToKey(GetSystemSalt(), GetSystemSalt())); |
| 169 return system_salt_key_.get(); | 169 return system_salt_key_.get(); |
| 170 } | 170 } |
| 171 | 171 |
| 172 crypto::SymmetricKey* PassphraseToKey(const std::string& passprhase, | 172 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, |
| 173 const std::string& salt) { | 173 const std::string& salt) { |
| 174 return crypto::SymmetricKey::DeriveKeyFromPassword( | 174 return crypto::SymmetricKey::DeriveKeyFromPassword( |
| 175 crypto::SymmetricKey::AES, passprhase, salt, 1000, 256); | 175 crypto::SymmetricKey::AES, passphrase, salt, 1000, 256); |
| 176 } | 176 } |
| 177 | 177 |
| 178 | 178 |
| 179 // Encrypts (AES) the token given |key| and |salt|. | 179 // Encrypts (AES) the token given |key| and |salt|. |
| 180 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, | 180 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, |
| 181 const std::string& salt, | 181 const std::string& salt, |
| 182 const std::string& token) { | 182 const std::string& token) { |
| 183 crypto::Encryptor encryptor; | 183 crypto::Encryptor encryptor; |
| 184 if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) { | 184 if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) { |
| 185 LOG(WARNING) << "Failed to initialize Encryptor."; | 185 LOG(WARNING) << "Failed to initialize Encryptor."; |
| 186 return std::string(); | 186 return std::string(); |
| 187 } | 187 } |
| 188 std::string nonce = salt.substr(0, kKeySize); | 188 std::string nonce = salt.substr(0, kNonceSize); |
| 189 std::string encoded_token; | 189 std::string encoded_token; |
| 190 CHECK(encryptor.SetCounter(nonce)); | 190 CHECK(encryptor.SetCounter(nonce)); |
| 191 if (!encryptor.Encrypt(token, &encoded_token)) { | 191 if (!encryptor.Encrypt(token, &encoded_token)) { |
| 192 LOG(WARNING) << "Failed to encrypt token."; | 192 LOG(WARNING) << "Failed to encrypt token."; |
| 193 return std::string(); | 193 return std::string(); |
| 194 } | 194 } |
| 195 | 195 |
| 196 return StringToLowerASCII(base::HexEncode( | 196 return StringToLowerASCII(base::HexEncode( |
| 197 reinterpret_cast<const void*>(encoded_token.data()), | 197 reinterpret_cast<const void*>(encoded_token.data()), |
| 198 encoded_token.size())); | 198 encoded_token.size())); |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 210 | 210 |
| 211 std::string encrypted_token( | 211 std::string encrypted_token( |
| 212 reinterpret_cast<char*>(encrypted_token_bytes.data()), | 212 reinterpret_cast<char*>(encrypted_token_bytes.data()), |
| 213 encrypted_token_bytes.size()); | 213 encrypted_token_bytes.size()); |
| 214 crypto::Encryptor encryptor; | 214 crypto::Encryptor encryptor; |
| 215 if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) { | 215 if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) { |
| 216 LOG(WARNING) << "Failed to initialize Encryptor."; | 216 LOG(WARNING) << "Failed to initialize Encryptor."; |
| 217 return std::string(); | 217 return std::string(); |
| 218 } | 218 } |
| 219 | 219 |
| 220 std::string nonce = salt.substr(0, kKeySize); | 220 std::string nonce = salt.substr(0, kNonceSize); |
|
Ryan Sleevi
2013/05/01 18:16:18
seems like unrelated cleanups from your local tree
| |
| 221 std::string token; | 221 std::string token; |
| 222 CHECK(encryptor.SetCounter(nonce)); | 222 CHECK(encryptor.SetCounter(nonce)); |
| 223 if (!encryptor.Decrypt(encrypted_token, &token)) { | 223 if (!encryptor.Decrypt(encrypted_token, &token)) { |
| 224 LOG(WARNING) << "Failed to decrypt token."; | 224 LOG(WARNING) << "Failed to decrypt token."; |
| 225 return std::string(); | 225 return std::string(); |
| 226 } | 226 } |
| 227 return token; | 227 return token; |
| 228 } | 228 } |
| 229 | 229 |
| 230 base::WeakPtrFactory<CryptohomeLibraryImpl> weak_ptr_factory_; | 230 base::WeakPtrFactory<CryptohomeLibraryImpl> weak_ptr_factory_; |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 346 CHECK(!g_test_cryptohome_library || !impl); | 346 CHECK(!g_test_cryptohome_library || !impl); |
| 347 g_test_cryptohome_library = impl; | 347 g_test_cryptohome_library = impl; |
| 348 } | 348 } |
| 349 | 349 |
| 350 // static | 350 // static |
| 351 CryptohomeLibrary* CryptohomeLibrary::GetTestImpl() { | 351 CryptohomeLibrary* CryptohomeLibrary::GetTestImpl() { |
| 352 return new CryptohomeLibraryStubImpl(); | 352 return new CryptohomeLibraryStubImpl(); |
| 353 } | 353 } |
| 354 | 354 |
| 355 } // namespace chromeos | 355 } // namespace chromeos |
| OLD | NEW |
