OLD | NEW |
| (Empty) |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "components/encryptor/encryptor.h" | |
6 | |
7 #include <CommonCrypto/CommonCryptor.h> // for kCCBlockSizeAES128 | |
8 | |
9 #include "base/command_line.h" | |
10 #include "base/logging.h" | |
11 #include "base/memory/scoped_ptr.h" | |
12 #include "base/strings/utf_string_conversions.h" | |
13 #include "components/encryptor/encryptor_password_mac.h" | |
14 #include "components/encryptor/encryptor_switches.h" | |
15 #include "crypto/apple_keychain.h" | |
16 #include "crypto/encryptor.h" | |
17 #include "crypto/symmetric_key.h" | |
18 | |
19 using crypto::AppleKeychain; | |
20 | |
21 namespace { | |
22 | |
23 // Salt for Symmetric key derivation. | |
24 const char kSalt[] = "saltysalt"; | |
25 | |
26 // Key size required for 128 bit AES. | |
27 const size_t kDerivedKeySizeInBits = 128; | |
28 | |
29 // Constant for Symmetic key derivation. | |
30 const size_t kEncryptionIterations = 1003; | |
31 | |
32 // TODO(dhollowa): Refactor to allow dependency injection of Keychain. | |
33 static bool use_mock_keychain = false; | |
34 | |
35 // Prefix for cypher text returned by current encryption version. We prefix | |
36 // the cypher text with this string so that future data migration can detect | |
37 // this and migrate to different encryption without data loss. | |
38 const char kEncryptionVersionPrefix[] = "v10"; | |
39 | |
40 // Generates a newly allocated SymmetricKey object based on the password found | |
41 // in the Keychain. The generated key is for AES encryption. Ownership of the | |
42 // key is passed to the caller. Returns NULL key in the case password access | |
43 // is denied or key generation error occurs. | |
44 crypto::SymmetricKey* GetEncryptionKey() { | |
45 static bool mock_keychain_command_line_flag = | |
46 CommandLine::ForCurrentProcess()->HasSwitch( | |
47 encryptor::switches::kUseMockKeychain); | |
48 | |
49 std::string password; | |
50 if (use_mock_keychain || mock_keychain_command_line_flag) { | |
51 password = "mock_password"; | |
52 } else { | |
53 AppleKeychain keychain; | |
54 EncryptorPassword encryptor_password(keychain); | |
55 password = encryptor_password.GetEncryptorPassword(); | |
56 } | |
57 | |
58 if (password.empty()) | |
59 return NULL; | |
60 | |
61 std::string salt(kSalt); | |
62 | |
63 // Create an encryption key from our password and salt. | |
64 scoped_ptr<crypto::SymmetricKey> encryption_key( | |
65 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES, | |
66 password, | |
67 salt, | |
68 kEncryptionIterations, | |
69 kDerivedKeySizeInBits)); | |
70 DCHECK(encryption_key.get()); | |
71 | |
72 return encryption_key.release(); | |
73 } | |
74 | |
75 } // namespace | |
76 | |
77 bool Encryptor::EncryptString16(const base::string16& plaintext, | |
78 std::string* ciphertext) { | |
79 return EncryptString(base::UTF16ToUTF8(plaintext), ciphertext); | |
80 } | |
81 | |
82 bool Encryptor::DecryptString16(const std::string& ciphertext, | |
83 base::string16* plaintext) { | |
84 std::string utf8; | |
85 if (!DecryptString(ciphertext, &utf8)) | |
86 return false; | |
87 | |
88 *plaintext = base::UTF8ToUTF16(utf8); | |
89 return true; | |
90 } | |
91 | |
92 bool Encryptor::EncryptString(const std::string& plaintext, | |
93 std::string* ciphertext) { | |
94 if (plaintext.empty()) { | |
95 *ciphertext = std::string(); | |
96 return true; | |
97 } | |
98 | |
99 scoped_ptr<crypto::SymmetricKey> encryption_key(GetEncryptionKey()); | |
100 if (!encryption_key.get()) | |
101 return false; | |
102 | |
103 std::string iv(kCCBlockSizeAES128, ' '); | |
104 crypto::Encryptor encryptor; | |
105 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) | |
106 return false; | |
107 | |
108 if (!encryptor.Encrypt(plaintext, ciphertext)) | |
109 return false; | |
110 | |
111 // Prefix the cypher text with version information. | |
112 ciphertext->insert(0, kEncryptionVersionPrefix); | |
113 return true; | |
114 } | |
115 | |
116 bool Encryptor::DecryptString(const std::string& ciphertext, | |
117 std::string* plaintext) { | |
118 if (ciphertext.empty()) { | |
119 *plaintext = std::string(); | |
120 return true; | |
121 } | |
122 | |
123 // Check that the incoming cyphertext was indeed encrypted with the expected | |
124 // version. If the prefix is not found then we'll assume we're dealing with | |
125 // old data saved as clear text and we'll return it directly. | |
126 // Credit card numbers are current legacy data, so false match with prefix | |
127 // won't happen. | |
128 if (ciphertext.find(kEncryptionVersionPrefix) != 0) { | |
129 *plaintext = ciphertext; | |
130 return true; | |
131 } | |
132 | |
133 // Strip off the versioning prefix before decrypting. | |
134 std::string raw_ciphertext = | |
135 ciphertext.substr(strlen(kEncryptionVersionPrefix)); | |
136 | |
137 scoped_ptr<crypto::SymmetricKey> encryption_key(GetEncryptionKey()); | |
138 if (!encryption_key.get()) | |
139 return false; | |
140 | |
141 std::string iv(kCCBlockSizeAES128, ' '); | |
142 crypto::Encryptor encryptor; | |
143 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) | |
144 return false; | |
145 | |
146 if (!encryptor.Decrypt(raw_ciphertext, plaintext)) | |
147 return false; | |
148 | |
149 return true; | |
150 } | |
151 | |
152 void Encryptor::UseMockKeychain(bool use_mock) { | |
153 use_mock_keychain = use_mock; | |
154 } | |
155 | |
OLD | NEW |