Index: components/os_crypt/os_crypt_linux.cc |
diff --git a/components/os_crypt/os_crypt_linux.cc b/components/os_crypt/os_crypt_linux.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..d5f8fd764df0fb6be027122cb738114748275866 |
--- /dev/null |
+++ b/components/os_crypt/os_crypt_linux.cc |
@@ -0,0 +1,233 @@ |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "components/os_crypt/os_crypt.h" |
+ |
+#include <stddef.h> |
+ |
+#include <functional> |
Lei Zhang
2016/05/18 22:38:16
What's this used for?
cfroussios
2016/05/19 21:18:18
Done.
|
+#include <memory> |
+ |
+#include "base/lazy_instance.h" |
+#include "base/logging.h" |
+#include "base/strings/string_util.h" |
+#include "base/strings/utf_string_conversions.h" |
+#include "components/os_crypt/key_storage_linux.h" |
+#include "crypto/encryptor.h" |
+#include "crypto/symmetric_key.h" |
+ |
+namespace { |
+ |
+// Salt for Symmetric key derivation. |
+const char kSalt[] = "saltysalt"; |
+ |
+// Key size required for 128 bit AES. |
+const size_t kDerivedKeySizeInBits = 128; |
+ |
+// Constant for Symmetic key derivation. |
+const size_t kEncryptionIterations = 1; |
+ |
+// Size of initialization vector for AES 128-bit. |
+const size_t kIVBlockSizeAES128 = 16; |
+ |
+// Used for array indexing |
+enum Version { |
+ V10 = 0, |
+ V11 = 1, |
+}; |
+ |
+// Prefix for cypher text returned by obfuscation version. We prefix the |
+// cyphertext with this string so that future data migration can detect |
+// this and migrate to full encryption without data loss. |
+const char* kObfuscationPrefix[] = { |
Lei Zhang
2016/05/18 22:38:16
const char kObfuscationPrefix[][4]
cfroussios
2016/05/19 21:18:18
Done.
|
+ "v10", "v11", |
+}; |
+ |
+struct Cache { |
+ std::unique_ptr<KeyStorage> key_storage_cache; |
+ std::unique_ptr<std::string> password_v10_cache; |
+ std::unique_ptr<std::string> password_v11_cache; |
+ bool is_key_storage_cached; |
+ bool is_password_v11_cached; |
+}; |
+ |
+base::LazyInstance<Cache>::Leaky g_cache = LAZY_INSTANCE_INITIALIZER; |
+ |
+// Lazy acquisition and caching of a KeyStorage. Will be null if no service is |
+// found. |
+KeyStorage* GetKeyStorage() { |
+ if (!g_cache.Get().is_key_storage_cached) { |
+ g_cache.Get().is_key_storage_cached = true; |
+ g_cache.Get().key_storage_cache.reset( |
+ KeyStorage::CreateService().release()); |
Lei Zhang
2016/05/18 22:38:16
foo.reset(bar.release()) -> foo = bar?
cfroussios
2016/05/19 21:18:18
Done.
|
+ } |
+ return g_cache.Get().key_storage_cache.get(); |
+} |
+ |
+// Returns a cached string of "peanuts" |
+std::string* GetPasswordV10() { |
+ if (!g_cache.Get().password_v10_cache.get()) |
+ g_cache.Get().password_v10_cache.reset(new std::string("peanuts")); |
+ return g_cache.Get().password_v10_cache.get(); |
+} |
+ |
+// Caches and returns the password from the KeyStorage or null if there is no |
+// service. |
+std::string* GetPasswordV11() { |
+ if (!g_cache.Get().is_password_v11_cached) { |
+ g_cache.Get().is_password_v11_cached = true; |
+ g_cache.Get().password_v11_cache.reset( |
+ GetKeyStorage() ? new std::string(GetKeyStorage()->GetKey()) : nullptr); |
+ } |
+ return g_cache.Get().password_v11_cache.get(); |
+} |
+ |
+KeyStorage* (*g_key_storage_provider)() = &GetKeyStorage; |
+ |
+std::string* (*get_password[])() = { |
+ &GetPasswordV10, &GetPasswordV11, |
+}; |
+ |
+// Generates a newly allocated SymmetricKey object based a hard-coded password. |
+// Ownership of the key is passed to the caller. Returns NULL key if a key |
+// generation error occurs. |
+std::unique_ptr<crypto::SymmetricKey> GetEncryptionKey(Version version) { |
+ std::string salt(kSalt); |
+ |
+ std::string* password = get_password[version](); |
+ if (password == nullptr) |
Lei Zhang
2016/05/18 22:38:16
!password
cfroussios
2016/05/19 21:18:19
Done.
|
+ return nullptr; |
+ |
+ // Create an encryption key from our password and salt. |
+ std::unique_ptr<crypto::SymmetricKey> encryption_key( |
+ crypto::SymmetricKey::DeriveKeyFromPassword( |
+ crypto::SymmetricKey::AES, *password, salt, kEncryptionIterations, |
+ kDerivedKeySizeInBits)); |
+ DCHECK(encryption_key.get()); |
+ |
+ return encryption_key; |
+} |
+ |
+} // namespace |
+ |
+// static |
+bool OSCrypt::EncryptString16(const base::string16& plaintext, |
+ std::string* ciphertext) { |
+ return EncryptString(base::UTF16ToUTF8(plaintext), ciphertext); |
+} |
+ |
+// static |
+bool OSCrypt::DecryptString16(const std::string& ciphertext, |
+ base::string16* plaintext) { |
+ std::string utf8; |
+ if (!DecryptString(ciphertext, &utf8)) |
+ return false; |
+ |
+ *plaintext = base::UTF8ToUTF16(utf8); |
+ return true; |
+} |
+ |
+// static |
+bool OSCrypt::EncryptString(const std::string& plaintext, |
+ std::string* ciphertext) { |
+ if (plaintext.empty()) { |
+ *ciphertext = std::string(); |
+ return true; |
+ } |
+ |
+ // If a |KeyStorage| is available, use a password backed by the |KeyStorage|. |
+ // Otherwise use the hardcoded password. |
+ Version version = g_key_storage_provider() ? Version::V11 : Version::V10; |
+ |
+ std::unique_ptr<crypto::SymmetricKey> encryption_key( |
+ GetEncryptionKey(version)); |
+ if (!encryption_key.get()) |
+ return false; |
+ |
+ std::string iv(kIVBlockSizeAES128, ' '); |
+ crypto::Encryptor encryptor; |
+ if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) |
+ return false; |
+ |
+ if (!encryptor.Encrypt(plaintext, ciphertext)) |
+ return false; |
+ |
+ // Prefix the cypher text with version information. |
+ ciphertext->insert(0, kObfuscationPrefix[version]); |
+ return true; |
+} |
+ |
+// static |
+bool OSCrypt::DecryptString(const std::string& ciphertext, |
+ std::string* plaintext) { |
+ if (ciphertext.empty()) { |
+ *plaintext = std::string(); |
+ return true; |
+ } |
+ |
+ // Check that the incoming cyphertext was encrypted and with what version. |
+ // Credit card numbers are current legacy unencrypted data, so false match |
+ // with prefix won't happen. |
+ Version version; |
+ if (ciphertext.find(kObfuscationPrefix[Version::V10]) == 0) { |
Lei Zhang
2016/05/18 22:38:16
Use base::StartsWith() for readability?
cfroussios
2016/05/19 21:18:18
Done.
|
+ version = Version::V10; |
+ } else if (ciphertext.find(kObfuscationPrefix[Version::V11]) == 0) { |
+ version = Version::V11; |
+ } else { |
+ // If the prefix is not found then we'll assume we're dealing with |
+ // old data saved as clear text and we'll return it directly. |
+ *plaintext = ciphertext; |
+ return true; |
+ } |
+ |
+ // Strip off the versioning prefix before decrypting. |
+ std::string raw_ciphertext = |
Lei Zhang
2016/05/18 22:38:16
Can you defer this until you use it?
cfroussios
2016/05/19 21:18:18
Done.
|
+ ciphertext.substr(strlen(kObfuscationPrefix[version])); |
+ |
+ std::unique_ptr<crypto::SymmetricKey> encryption_key( |
+ GetEncryptionKey(version)); |
+ if (!encryption_key.get()) |
+ return false; |
+ |
+ std::string iv(kIVBlockSizeAES128, ' '); |
+ crypto::Encryptor encryptor; |
+ if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) |
+ return false; |
+ |
+ if (!encryptor.Decrypt(raw_ciphertext, plaintext)) |
+ return false; |
+ |
+ return true; |
+} |
+ |
+namespace { |
+ |
+base::LazyInstance<KeyStorageMock>::Leaky key_storage_mock = |
Lei Zhang
2016/05/18 22:38:16
g_var_name_for_globals
cfroussios
2016/05/19 21:18:19
Done.
|
+ LAZY_INSTANCE_INITIALIZER; |
+ |
+std::string* get_password_v11_mock() { |
+ return key_storage_mock.Get().GetKeyPtr(); |
+} |
+ |
+KeyStorage* get_key_storage_mock() { |
+ return key_storage_mock.Pointer(); |
+} |
+ |
+} // namespace |
+ |
+// static |
+KeyStorageMock* OSCrypt::UseMockKeyStorage(bool use) { |
+ if (use) { |
+ // Bypass loading a |KeyStorage| and caching of the key for V11 |
+ get_password[Version::V11] = &get_password_v11_mock; |
+ // OSCrypt will determine the encryption version by checking if a |
+ // |KeyStorage| can be found. Enable V11 by returning the mock. |
+ g_key_storage_provider = &get_key_storage_mock; |
+ } else { |
+ get_password[Version::V11] = &GetPasswordV11; |
+ g_key_storage_provider = &GetKeyStorage; |
+ } |
+ |
+ return key_storage_mock.Pointer(); |
+} |