Add method GetKeyFromSystem to WiFiService on Windows and Mac.

components/wifi/wifi_service_win.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/wifi/wifi_service.h"
 
 #include <iphlpapi.h>
 #include <objbase.h>
 #include <wlanapi.h>
 
 #include <set>
 
 #include "base/base_paths_win.h"
 #include "base/bind.h"
 #include "base/files/file_path.h"
 #include "base/memory/ref_counted.h"
 #include "base/message_loop/message_loop.h"
 #include "base/path_service.h"
 #include "base/strings/string16.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/win/registry.h"
 #include "components/onc/onc_constants.h"
 #include "third_party/libxml/chromium/libxml_utils.h"
 
 namespace {
 const char kWiFiServiceError[] = "Error.WiFiService";
+const char kWiFiServiceErrorNotImplemented[] =
+    "Error.WiFiService.NotImplemented";
 const wchar_t kNwCategoryWizardRegKey[] =
     L"Software\\Microsoft\\Windows NT\\CurrentVersion\\Network\\"
     L"NwCategoryWizard";
 const wchar_t kNwCategoryWizardRegValue[] = L"Show";
 const wchar_t kNwCategoryWizardSavedRegValue[] = L"ShowSaved";
 const wchar_t kNwCategoryWizardDeleteRegValue[] = L"ShowDelete";
 const wchar_t kWlanApiDll[] = L"wlanapi.dll";
 
 // WlanApi function names
 const char kWlanConnect[] = "WlanConnect";
@@ skipping 163 matching lines @@
                                    base::ListValue* network_list) OVERRIDE;
 
   virtual void RequestNetworkScan() OVERRIDE;
 
   virtual void StartConnect(const std::string& network_guid,
                             std::string* error) OVERRIDE;
 
   virtual void StartDisconnect(const std::string& network_guid,
                                std::string* error) OVERRIDE;
 
+  virtual void GetKeyFromSystem(const std::string& network_guid,
+                                bool get_plaintext_key,
+                                std::string* key_data,
+                                std::string* error) OVERRIDE;
+
   virtual void SetEventObservers(
       scoped_refptr<base::MessageLoopProxy> message_loop_proxy,
       const NetworkGuidListCallback& networks_changed_observer,
       const NetworkGuidListCallback& network_list_changed_observer) OVERRIDE;
 
   virtual void RequestConnectedNetworkUpdate() OVERRIDE {}
 
  private:
   // Static callback for Windows WLAN_NOTIFICATION. Calls OnWlanNotification
   // on WiFiServiceImpl passed back as |context|.
@@ skipping 132 matching lines @@
   Frequency GetNormalizedFrequency(int frequency_in_mhz) const;
 
   // Create |profile_xml| based on |network_properties|.
   bool CreateProfile(const NetworkProperties& network_properties,
                      std::string* profile_xml);
 
   // Save temporary wireless profile for |network_guid|.
   DWORD SaveTempProfile(const std::string& network_guid);
 
   // Get previously stored |profile_xml| for |network_guid|.
-  DWORD GetProfile(const std::string& network_guid, std::string* profile_xml);
+  // If |get_plaintext_key| is true, and process has sufficient privileges, then
+  // <sharedKey> data in |profile_xml| will be unprotected.
+  DWORD GetProfile(const std::string& network_guid,
+                   bool get_plaintext_key,
+                   std::string* profile_xml);
 
   // Return true if there is previously stored profile xml for |network_guid|.
   bool HaveProfile(const std::string& network_guid);
 
   // Notify |network_list_changed_observer_| that list of visible networks has
   // changed to |networks|.
   void NotifyNetworkListChanged(const NetworkList& networks);
 
   // Notify |networks_changed_observer_| that network |network_guid| status has
   // changed.
@@ skipping 256 matching lines @@
       error_code = Disconnect();
       if (error_code == ERROR_SUCCESS) {
         NotifyNetworkChanged(network_guid);
         return;
       }
     }
   }
   CheckError(error_code, kWiFiServiceError, error);
 }
 
+void WiFiServiceImpl::GetKeyFromSystem(const std::string& network_guid,
+                                       bool get_plaintext_key,
+                                       std::string* key_data,
+                                       std::string* error) {

[afontan, 2014/02/12 09:17:28]

I assume that the caller will have a way to pass the plaintext key encrypted
from the elevated process to the non-elevated process?

[mef, 2014/02/12 16:29:38]

Yes, see https://codereview.chromium.org/102993002/ for the framework around it.

+  DWORD error_code = EnsureInitialized();
+  if (CheckError(error_code, kWiFiServiceError, error))
+    return;
+
+  std::string profile_xml;
+  error_code = GetProfile(network_guid, get_plaintext_key, &profile_xml);
+  if (CheckError(error_code, kWiFiServiceError, error))
+    return;
+
+  const char kSharedKeyElement[] = "sharedKey";
+  const char kProtectedElement[] = "protected";
+  const char kKeyMaterialElement[] = "keyMaterial";
+
+  // Quick check to verify presence of <sharedKey> element.
+  if (profile_xml.find(kSharedKeyElement) == std::string::npos) {
+    *error = kWiFiServiceError;
+    return;
+  }
+
+  XmlReader reader;
+  if (reader.Load(profile_xml)) {
+    while(reader.Read()) {
+      reader.SkipToElement();
+      if (reader.NodeName() == kSharedKeyElement) {
+        while(reader.Read()) {
+          reader.SkipToElement();
+          if (reader.NodeName() == kKeyMaterialElement) {
+            reader.ReadElementContent(key_data);

[afontan, 2014/02/12 09:29:28]

if !get_plaintext_key we are done, we could break.

[mef, 2014/02/12 16:29:38]

Done.

+          }
+          if (reader.NodeName() == kProtectedElement) {

[afontan, 2014/02/12 09:17:28]

else if?

[mef, 2014/02/12 16:29:38]

Done.

+            std::string protected_data;
+            reader.ReadElementContent(&protected_data);
+            if (get_plaintext_key && protected_data != "false")
+              *error = kWiFiServiceError;

[afontan, 2014/02/12 09:29:28]

Can this ever happen? Do we need to protect against it? It would mean the call
to GetProfile has not properly succeeded, right?

[mef, 2014/02/12 16:29:38]

In my testing without UAC privilege escalation call to GetProfile with
WLAN_PROFILE_GET_PLAINTEXT_KEY flag returns success, but has protected
keyMaterial. This shouldn't happen as we always call it from elevated process,
but seems like a good safety measure.

+          }
+        }
+        return;
+      }
+    }
+  }
+
+  // Did not find passphrase in the profile.
+  *error = kWiFiServiceError;
+}
+
 void WiFiServiceImpl::SetEventObservers(
     scoped_refptr<base::MessageLoopProxy> message_loop_proxy,
     const NetworkGuidListCallback& networks_changed_observer,
     const NetworkGuidListCallback& network_list_changed_observer) {
   message_loop_proxy_.swap(message_loop_proxy);
   networks_changed_observer_ = networks_changed_observer;
   network_list_changed_observer_ = network_list_changed_observer;
 }
 
 void WiFiServiceImpl::OnWlanNotificationCallback(
@@ skipping 98 matching lines @@
 }
 
 DWORD WiFiServiceImpl::SaveCurrentConnectedNetwork(
     std::string* connected_network_guid) {
   // Find currently connected network.
   DWORD error = FindConnectedNetwork(connected_network_guid);
   if (error == ERROR_SUCCESS && !connected_network_guid->empty()) {
     if (error == ERROR_SUCCESS) {
       SaveTempProfile(*connected_network_guid);
       std::string profile_xml;
-      error = GetProfile(*connected_network_guid, &profile_xml);
+      error = GetProfile(*connected_network_guid, false, &profile_xml);
       if (error == ERROR_SUCCESS) {
         saved_profiles_xml_[*connected_network_guid] = profile_xml;
       }
     }
   }
   return error;
 }
 
 void WiFiServiceImpl::SortNetworks(NetworkList* networks) {
   networks->sort(NetworkProperties::OrderByType);
@@ skipping 666 matching lines @@
                                                WLAN_PROFILE_USER,
                                                true,
                                                NULL);
   } else {
     error = ERROR_NOT_SUPPORTED;
   }
   return error;
 }
 
 DWORD WiFiServiceImpl::GetProfile(const std::string& network_guid,
+                                  bool get_plaintext_key,
                                   std::string* profile_xml) {
   if (client_ == NULL) {
     NOTREACHED();
     return ERROR_NOINTERFACE;
   }
 
   DWORD error = ERROR_SUCCESS;
   base::string16 profile_name = ProfileNameFromGUID(network_guid);
+  DWORD flags = get_plaintext_key ? WLAN_PROFILE_GET_PLAINTEXT_KEY : 0;
   LPWSTR str_profile_xml = NULL;
   error = WlanGetProfile_function_(client_,
                                    &interface_guid_,
                                    profile_name.c_str(),
                                    NULL,
                                    &str_profile_xml,
-                                   NULL,
+                                   &flags,
                                    NULL);
 
   if (error == ERROR_SUCCESS && str_profile_xml != NULL) {
     *profile_xml = base::UTF16ToUTF8(str_profile_xml);
   }
   // Clean up.
   if (str_profile_xml != NULL) {
     WlanFreeMemory_function_(str_profile_xml);
   }
 
   return error;
 }
 
 bool WiFiServiceImpl::HaveProfile(const std::string& network_guid) {
   DWORD error = ERROR_SUCCESS;
   std::string profile_xml;
-  return GetProfile(network_guid, &profile_xml) == ERROR_SUCCESS;
+  return GetProfile(network_guid, false, &profile_xml) == ERROR_SUCCESS;
 }
 
 bool WiFiServiceImpl::AuthEncryptionFromSecurity(
     const std::string& security,
     std::string* authentication,
     std::string* encryption,
     std::string* key_type) const {
   if (security == onc::wifi::kNone) {
     *authentication = kAuthenticationOpen;
     *encryption = kEncryptionNone;
@@ skipping 93 matching lines @@
     NetworkGuidList changed_networks(1, network_guid);
     message_loop_proxy_->PostTask(
         FROM_HERE,
         base::Bind(networks_changed_observer_, changed_networks));
   }
 }
 
 WiFiService* WiFiService::Create() { return new WiFiServiceImpl(); }
 
 }  // namespace wifi