Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2818)

Unified Diff: components/os_crypt/os_crypt_linux.cc

Issue 1973483002: OSCrypt for POSIX uses libsecret to store a randomised encryption key. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Recommendations Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: components/os_crypt/os_crypt_linux.cc
diff --git a/components/os_crypt/os_crypt_linux.cc b/components/os_crypt/os_crypt_linux.cc
new file mode 100644
index 0000000000000000000000000000000000000000..484485c4e739f6a3de1d8b669bbd65632b3bced6
--- /dev/null
+++ b/components/os_crypt/os_crypt_linux.cc
@@ -0,0 +1,223 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/os_crypt/os_crypt.h"
+
+#include <stddef.h>
+
+#include <memory>
+
+#include "base/lazy_instance.h"
+#include "base/logging.h"
+#include "base/strings/string_util.h"
+#include "base/strings/utf_string_conversions.h"
+#include "components/os_crypt/key_storage_linux.h"
+#include "crypto/encryptor.h"
+#include "crypto/symmetric_key.h"
+
+namespace {
+
+// Salt for Symmetric key derivation.
+const char kSalt[] = "saltysalt";
+
+// Key size required for 128 bit AES.
+const size_t kDerivedKeySizeInBits = 128;
+
+// Constant for Symmetic key derivation.
+const size_t kEncryptionIterations = 1;
+
+// Size of initialization vector for AES 128-bit.
+const size_t kIVBlockSizeAES128 = 16;
+
+// Password version. V10 means that the hardcoded password will be used.
+// V11 means that a password is/will be stored using an OS-level library (e.g
+// Libsecret). V11 will not be used if such a library is not available.
+// Used for array indexing
vabr (Chromium) 2016/05/23 12:38:33 nit: Full-stop at the end.
cfroussios 2016/05/30 11:50:16 Done.
+enum Version {
+ V10 = 0,
+ V11 = 1,
+};
+
+// Prefix for cypher text returned by obfuscation version. We prefix the
vabr (Chromium) 2016/05/23 12:38:33 The US spelling of cypher seems to be with -i- onl
cfroussios 2016/05/30 11:50:17 Done.
+// cyphertext with this string so that future data migration can detect
+// this and migrate to full encryption without data loss.
+const char kObfuscationPrefix[][4] = {
+ "v10", "v11",
+};
+
+struct Cache {
+ std::unique_ptr<KeyStorageLinux> key_storage_cache;
+ std::unique_ptr<std::string> password_v10_cache;
+ std::unique_ptr<std::string> password_v11_cache;
+ bool is_key_storage_cached;
+ bool is_password_v11_cached;
+};
+
+base::LazyInstance<Cache>::Leaky g_cache = LAZY_INSTANCE_INITIALIZER;
+
+// Lazy acquisition and caching of a KeyStorage. Will be null if no service is
+// found.
+KeyStorageLinux* GetKeyStorage() {
+ if (!g_cache.Get().is_key_storage_cached) {
+ g_cache.Get().is_key_storage_cached = true;
+ g_cache.Get().key_storage_cache = KeyStorageLinux::CreateService();
+ }
+ return g_cache.Get().key_storage_cache.get();
+}
+
+// Returns a cached string of "peanuts"
vabr (Chromium) 2016/05/23 12:38:33 nit: full-stop at the end
cfroussios 2016/05/30 11:50:16 Done.
+std::string* GetPasswordV10() {
+ if (!g_cache.Get().password_v10_cache.get())
+ g_cache.Get().password_v10_cache.reset(new std::string("peanuts"));
+ return g_cache.Get().password_v10_cache.get();
+}
+
+// Caches and returns the password from the KeyStorage or null if there is no
+// service.
+std::string* GetPasswordV11() {
+ if (!g_cache.Get().is_password_v11_cached) {
+ g_cache.Get().is_password_v11_cached = true;
+ g_cache.Get().password_v11_cache.reset(
+ GetKeyStorage() ? new std::string(GetKeyStorage()->GetKey()) : nullptr);
+ }
+ return g_cache.Get().password_v11_cache.get();
+}
+
+// Pointer to a function that creates and returns the |KeyStorage| instance to
+// be used. The function maintains ownership of the pointer.
+KeyStorageLinux* (*g_key_storage_provider)() = &GetKeyStorage;
+
+// Pointers to functions that return a password for deriving the encryption key.
+// One function for each supported password version (see Version enum).
+std::string* (*get_password[])() = {
+ &GetPasswordV10, &GetPasswordV11,
+};
+
+// Generates a newly allocated SymmetricKey object based a hard-coded password.
vabr (Chromium) 2016/05/23 12:38:33 nit: "based a" -> "based on a"
cfroussios 2016/05/30 11:50:16 Done.
+// Ownership of the key is passed to the caller. Returns NULL key if a key
vabr (Chromium) 2016/05/23 12:38:33 optional nit: NULL -> null Because NULL is an obso
vabr (Chromium) 2016/05/23 12:38:33 nit: Please use just one space to separate sentenc
cfroussios 2016/05/30 11:50:16 Done.
cfroussios 2016/05/30 11:50:16 Done.
+// generation error occurs.
+std::unique_ptr<crypto::SymmetricKey> GetEncryptionKey(Version version) {
+ std::string salt(kSalt);
+
+ std::string* password = get_password[version]();
+ if (!password)
+ return nullptr;
+
+ // Create an encryption key from our password and salt.
+ std::unique_ptr<crypto::SymmetricKey> encryption_key(
+ crypto::SymmetricKey::DeriveKeyFromPassword(
+ crypto::SymmetricKey::AES, *password, salt, kEncryptionIterations,
+ kDerivedKeySizeInBits));
+ DCHECK(encryption_key.get());
vabr (Chromium) 2016/05/23 12:38:33 Please drop ".get()", unique_ptr should convert to
cfroussios 2016/05/30 11:50:16 Done.
+
+ return encryption_key;
+}
+
+} // namespace
+
+// static
+bool OSCrypt::EncryptString16(const base::string16& plaintext,
+ std::string* ciphertext) {
+ return EncryptString(base::UTF16ToUTF8(plaintext), ciphertext);
+}
+
+// static
+bool OSCrypt::DecryptString16(const std::string& ciphertext,
+ base::string16* plaintext) {
+ std::string utf8;
+ if (!DecryptString(ciphertext, &utf8))
+ return false;
+
+ *plaintext = base::UTF8ToUTF16(utf8);
+ return true;
+}
+
+// static
+bool OSCrypt::EncryptString(const std::string& plaintext,
+ std::string* ciphertext) {
+ if (plaintext.empty()) {
+ *ciphertext = std::string();
vabr (Chromium) 2016/05/23 12:38:33 ciphertext->clear() (Let's use the most direct ST
cfroussios 2016/05/30 11:50:16 Done.
+ return true;
+ }
+
+ // If a |KeyStorage| is available, use a password backed by the |KeyStorage|.
+ // Otherwise use the hardcoded password.
+ Version version = g_key_storage_provider() ? Version::V11 : Version::V10;
+
+ std::unique_ptr<crypto::SymmetricKey> encryption_key(
+ GetEncryptionKey(version));
+ if (!encryption_key.get())
vabr (Chromium) 2016/05/23 12:38:33 no need for .get()
cfroussios 2016/05/30 11:50:17 Done.
+ return false;
+
+ std::string iv(kIVBlockSizeAES128, ' ');
+ crypto::Encryptor encryptor;
+ if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv))
+ return false;
+
+ if (!encryptor.Encrypt(plaintext, ciphertext))
+ return false;
+
+ // Prefix the cypher text with version information.
+ ciphertext->insert(0, kObfuscationPrefix[version]);
+ return true;
+}
+
+// static
+bool OSCrypt::DecryptString(const std::string& ciphertext,
+ std::string* plaintext) {
+ if (ciphertext.empty()) {
+ *plaintext = std::string();
vabr (Chromium) 2016/05/23 12:38:33 plaintext->clear()
cfroussios 2016/05/30 11:50:16 Done.
+ return true;
+ }
+
+ // Check that the incoming cyphertext was encrypted and with what version.
+ // Credit card numbers are current legacy unencrypted data, so false match
+ // with prefix won't happen.
+ Version version;
+ if (base::StartsWith(ciphertext, kObfuscationPrefix[Version::V10],
+ base::CompareCase::SENSITIVE)) {
+ version = Version::V10;
+ } else if (base::StartsWith(ciphertext, kObfuscationPrefix[Version::V11],
+ base::CompareCase::SENSITIVE)) {
+ version = Version::V11;
+ } else {
+ // If the prefix is not found then we'll assume we're dealing with
+ // old data saved as clear text and we'll return it directly.
+ *plaintext = ciphertext;
+ return true;
+ }
+
+ std::unique_ptr<crypto::SymmetricKey> encryption_key(
+ GetEncryptionKey(version));
+ if (!encryption_key.get())
vabr (Chromium) 2016/05/23 12:38:33 no need for .get()
cfroussios 2016/05/30 11:50:17 Done.
+ return false;
+
+ std::string iv(kIVBlockSizeAES128, ' ');
+ crypto::Encryptor encryptor;
+ if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv))
+ return false;
+
+ // Strip off the versioning prefix before decrypting.
+ std::string raw_ciphertext =
+ ciphertext.substr(strlen(kObfuscationPrefix[version]));
+
+ if (!encryptor.Decrypt(raw_ciphertext, plaintext))
+ return false;
+
+ return true;
+}
+
+void UseMockKeyStorageForTesting(KeyStorageLinux* (*get_key_storage_mock)(),
+ std::string* (*get_password_v11_mock)()) {
+ if (get_key_storage_mock && get_password_v11_mock) {
+ // Bypass calling KeyStorage::CreateService and caching of the key for V11
+ get_password[Version::V11] = get_password_v11_mock;
+ // OSCrypt will determine the encryption version by checking if a
+ // |KeyStorage| instance can be created. Enable V11 by returning the mock.
+ g_key_storage_provider = get_key_storage_mock;
+ } else {
+ get_password[Version::V11] = &GetPasswordV11;
vabr (Chromium) 2016/05/23 12:38:33 Please do not make the assumption that the "real i
cfroussios 2016/05/30 11:50:16 Done.
+ g_key_storage_provider = &GetKeyStorage;
+ }
+}

Powered by Google App Engine
This is Rietveld 408576698