OSCrypt for POSIX uses libsecret to store a randomised encryption key.

components/os_crypt/key_storage_libsecret.cc

Index: components/os_crypt/key_storage_libsecret.cc
diff --git a/components/os_crypt/key_storage_libsecret.cc b/components/os_crypt/key_storage_libsecret.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a875cb88db2202aea53e91960354feff7e440e0d
--- /dev/null
+++ b/components/os_crypt/key_storage_libsecret.cc
@@ -0,0 +1,66 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <components/os_crypt/key_storage_libsecret.h>

[Lei Zhang, 2016/05/18 22:38:15]

Use quotes.

[cfroussios, 2016/05/19 21:18:17]

Done.

+
+#include "base/base64.h"
+#include "base/rand_util.h"
+#include "base/strings/string_number_conversions.h"
+#include "components/os_crypt/libsecret_util_linux.h"
+
+namespace {
+
+#ifdef OFFICIAL_BUILD

[Lei Zhang, 2016/05/18 22:38:15]

if defined()

[cfroussios, 2016/05/19 21:18:17]

Done.

+const char kKeyStorageEntryName[] = "Chrome Safe Storage";
+#else
+const char kKeyStorageEntryName[] = "Chromium Safe Storage";
+#endif
+
+const SecretSchema kKeystoreSchema = {
+    "chrome_libsecret_os_crypt_password",
+    SECRET_SCHEMA_NONE,
+    {
+        {nullptr, SECRET_SCHEMA_ATTRIBUTE_STRING},
+    }};
+
+std::string AddRandomPasswordInLibsecret() {
+  std::string password;
+  base::Base64Encode(base::RandBytesAsString(128 / 8), &password);

[Lei Zhang, 2016/05/18 22:38:15]

Is there a benefit to writing out "128 / 8" ?

[cfroussios, 2016/05/19 21:18:17]

Explicitness about the number of bits used? The mac implementation does it, so I
assumed someone cares.

+  GError* error = nullptr;
+  LibsecretLoader::secret_password_store_sync(
+      &kKeystoreSchema, nullptr, kKeyStorageEntryName, password.c_str(),
+      nullptr, &error, nullptr);
+
+  if (error) {
+    VLOG(1) << "Libsecret lookup failed: " << error->message;
+    return std::string();
+  }
+  return password;
+}
+
+}  // namespace
+
+std::string KeyStorageLibsecret::GetKey() {
+  GError* error = nullptr;
+  LibsecretAttributesBuilder attrs;
+  SecretValue* password_libsecret = LibsecretLoader::secret_service_lookup_sync(
+      nullptr, &kKeystoreSchema, attrs.Get(), nullptr, &error);
+
+  if (error) {

[Lei Zhang, 2016/05/18 22:38:15]

Is |password_libsecret| guaranteed to be a nullptr if |error| is not?

[cfroussios, 2016/05/19 21:18:17]

The examples on the official site make that assumption. The documentation is not
explicit.

+    VLOG(1) << "Libsecret lookup failed: " << error->message;
+    g_error_free(error);
+    return std::string();
+  } else if (password_libsecret == nullptr) {

[Lei Zhang, 2016/05/18 22:38:15]

foo == nullptr -> !foo

[Lei Zhang, 2016/05/18 22:38:15]

There's no need for else / else-if after a return.

if (cond) {
  ...
  return;
}

// carry on.

[cfroussios, 2016/05/19 21:18:17]

Done.

[cfroussios, 2016/05/19 21:18:17]

Done.

+    return AddRandomPasswordInLibsecret();
+  } else {
+    std::string password(
+        LibsecretLoader::secret_value_get_text(password_libsecret));
+    LibsecretLoader::secret_value_unref(password_libsecret);
+    return password;
+  }
+}
+
+bool KeyStorageLibsecret::Init() {
+  return LibsecretLoader::EnsureLibsecretLoaded();
+}