Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(307)

Side by Side Diff: components/encryptor/encryptor_mac.mm

Issue 183953005: Rename components's Encryptor to OSEncrypt. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/encryptor/encryptor.h"
6
7 #include <CommonCrypto/CommonCryptor.h> // for kCCBlockSizeAES128
8
9 #include "base/command_line.h"
10 #include "base/logging.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/strings/utf_string_conversions.h"
13 #include "components/encryptor/encryptor_password_mac.h"
14 #include "components/encryptor/encryptor_switches.h"
15 #include "crypto/apple_keychain.h"
16 #include "crypto/encryptor.h"
17 #include "crypto/symmetric_key.h"
18
19 using crypto::AppleKeychain;
20
21 namespace {
22
23 // Salt for Symmetric key derivation.
24 const char kSalt[] = "saltysalt";
25
26 // Key size required for 128 bit AES.
27 const size_t kDerivedKeySizeInBits = 128;
28
29 // Constant for Symmetic key derivation.
30 const size_t kEncryptionIterations = 1003;
31
32 // TODO(dhollowa): Refactor to allow dependency injection of Keychain.
33 static bool use_mock_keychain = false;
34
35 // Prefix for cypher text returned by current encryption version. We prefix
36 // the cypher text with this string so that future data migration can detect
37 // this and migrate to different encryption without data loss.
38 const char kEncryptionVersionPrefix[] = "v10";
39
40 // Generates a newly allocated SymmetricKey object based on the password found
41 // in the Keychain. The generated key is for AES encryption. Ownership of the
42 // key is passed to the caller. Returns NULL key in the case password access
43 // is denied or key generation error occurs.
44 crypto::SymmetricKey* GetEncryptionKey() {
45 static bool mock_keychain_command_line_flag =
46 CommandLine::ForCurrentProcess()->HasSwitch(
47 encryptor::switches::kUseMockKeychain);
48
49 std::string password;
50 if (use_mock_keychain || mock_keychain_command_line_flag) {
51 password = "mock_password";
52 } else {
53 AppleKeychain keychain;
54 EncryptorPassword encryptor_password(keychain);
55 password = encryptor_password.GetEncryptorPassword();
56 }
57
58 if (password.empty())
59 return NULL;
60
61 std::string salt(kSalt);
62
63 // Create an encryption key from our password and salt.
64 scoped_ptr<crypto::SymmetricKey> encryption_key(
65 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES,
66 password,
67 salt,
68 kEncryptionIterations,
69 kDerivedKeySizeInBits));
70 DCHECK(encryption_key.get());
71
72 return encryption_key.release();
73 }
74
75 } // namespace
76
77 bool Encryptor::EncryptString16(const base::string16& plaintext,
78 std::string* ciphertext) {
79 return EncryptString(base::UTF16ToUTF8(plaintext), ciphertext);
80 }
81
82 bool Encryptor::DecryptString16(const std::string& ciphertext,
83 base::string16* plaintext) {
84 std::string utf8;
85 if (!DecryptString(ciphertext, &utf8))
86 return false;
87
88 *plaintext = base::UTF8ToUTF16(utf8);
89 return true;
90 }
91
92 bool Encryptor::EncryptString(const std::string& plaintext,
93 std::string* ciphertext) {
94 if (plaintext.empty()) {
95 *ciphertext = std::string();
96 return true;
97 }
98
99 scoped_ptr<crypto::SymmetricKey> encryption_key(GetEncryptionKey());
100 if (!encryption_key.get())
101 return false;
102
103 std::string iv(kCCBlockSizeAES128, ' ');
104 crypto::Encryptor encryptor;
105 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv))
106 return false;
107
108 if (!encryptor.Encrypt(plaintext, ciphertext))
109 return false;
110
111 // Prefix the cypher text with version information.
112 ciphertext->insert(0, kEncryptionVersionPrefix);
113 return true;
114 }
115
116 bool Encryptor::DecryptString(const std::string& ciphertext,
117 std::string* plaintext) {
118 if (ciphertext.empty()) {
119 *plaintext = std::string();
120 return true;
121 }
122
123 // Check that the incoming cyphertext was indeed encrypted with the expected
124 // version. If the prefix is not found then we'll assume we're dealing with
125 // old data saved as clear text and we'll return it directly.
126 // Credit card numbers are current legacy data, so false match with prefix
127 // won't happen.
128 if (ciphertext.find(kEncryptionVersionPrefix) != 0) {
129 *plaintext = ciphertext;
130 return true;
131 }
132
133 // Strip off the versioning prefix before decrypting.
134 std::string raw_ciphertext =
135 ciphertext.substr(strlen(kEncryptionVersionPrefix));
136
137 scoped_ptr<crypto::SymmetricKey> encryption_key(GetEncryptionKey());
138 if (!encryption_key.get())
139 return false;
140
141 std::string iv(kCCBlockSizeAES128, ' ');
142 crypto::Encryptor encryptor;
143 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv))
144 return false;
145
146 if (!encryptor.Decrypt(raw_ciphertext, plaintext))
147 return false;
148
149 return true;
150 }
151
152 void Encryptor::UseMockKeychain(bool use_mock) {
153 use_mock_keychain = use_mock;
154 }
155
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698