| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "components/encryptor/os_crypt.h" | |
| 6 | |
| 7 #include <CommonCrypto/CommonCryptor.h> // for kCCBlockSizeAES128 | |
| 8 | |
| 9 #include "base/command_line.h" | |
| 10 #include "base/logging.h" | |
| 11 #include "base/memory/scoped_ptr.h" | |
| 12 #include "base/strings/utf_string_conversions.h" | |
| 13 #include "components/encryptor/encryptor_switches.h" | |
| 14 #include "components/encryptor/keychain_password_mac.h" | |
| 15 #include "crypto/apple_keychain.h" | |
| 16 #include "crypto/encryptor.h" | |
| 17 #include "crypto/symmetric_key.h" | |
| 18 | |
| 19 using crypto::AppleKeychain; | |
| 20 | |
| 21 namespace { | |
| 22 | |
| 23 // Salt for Symmetric key derivation. | |
| 24 const char kSalt[] = "saltysalt"; | |
| 25 | |
| 26 // Key size required for 128 bit AES. | |
| 27 const size_t kDerivedKeySizeInBits = 128; | |
| 28 | |
| 29 // Constant for Symmetic key derivation. | |
| 30 const size_t kEncryptionIterations = 1003; | |
| 31 | |
| 32 // TODO(dhollowa): Refactor to allow dependency injection of Keychain. | |
| 33 static bool use_mock_keychain = false; | |
| 34 | |
| 35 // Prefix for cypher text returned by current encryption version. We prefix | |
| 36 // the cypher text with this string so that future data migration can detect | |
| 37 // this and migrate to different encryption without data loss. | |
| 38 const char kEncryptionVersionPrefix[] = "v10"; | |
| 39 | |
| 40 // Generates a newly allocated SymmetricKey object based on the password found | |
| 41 // in the Keychain. The generated key is for AES encryption. Ownership of the | |
| 42 // key is passed to the caller. Returns NULL key in the case password access | |
| 43 // is denied or key generation error occurs. | |
| 44 crypto::SymmetricKey* GetEncryptionKey() { | |
| 45 static bool mock_keychain_command_line_flag = | |
| 46 CommandLine::ForCurrentProcess()->HasSwitch( | |
| 47 encryptor::switches::kUseMockKeychain); | |
| 48 | |
| 49 std::string password; | |
| 50 if (use_mock_keychain || mock_keychain_command_line_flag) { | |
| 51 password = "mock_password"; | |
| 52 } else { | |
| 53 AppleKeychain keychain; | |
| 54 KeychainPassword encryptor_password(keychain); | |
| 55 password = encryptor_password.GetPassword(); | |
| 56 } | |
| 57 | |
| 58 if (password.empty()) | |
| 59 return NULL; | |
| 60 | |
| 61 std::string salt(kSalt); | |
| 62 | |
| 63 // Create an encryption key from our password and salt. | |
| 64 scoped_ptr<crypto::SymmetricKey> encryption_key( | |
| 65 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES, | |
| 66 password, | |
| 67 salt, | |
| 68 kEncryptionIterations, | |
| 69 kDerivedKeySizeInBits)); | |
| 70 DCHECK(encryption_key.get()); | |
| 71 | |
| 72 return encryption_key.release(); | |
| 73 } | |
| 74 | |
| 75 } // namespace | |
| 76 | |
| 77 bool OSCrypt::EncryptString16(const base::string16& plaintext, | |
| 78 std::string* ciphertext) { | |
| 79 return EncryptString(base::UTF16ToUTF8(plaintext), ciphertext); | |
| 80 } | |
| 81 | |
| 82 bool OSCrypt::DecryptString16(const std::string& ciphertext, | |
| 83 base::string16* plaintext) { | |
| 84 std::string utf8; | |
| 85 if (!DecryptString(ciphertext, &utf8)) | |
| 86 return false; | |
| 87 | |
| 88 *plaintext = base::UTF8ToUTF16(utf8); | |
| 89 return true; | |
| 90 } | |
| 91 | |
| 92 bool OSCrypt::EncryptString(const std::string& plaintext, | |
| 93 std::string* ciphertext) { | |
| 94 if (plaintext.empty()) { | |
| 95 *ciphertext = std::string(); | |
| 96 return true; | |
| 97 } | |
| 98 | |
| 99 scoped_ptr<crypto::SymmetricKey> encryption_key(GetEncryptionKey()); | |
| 100 if (!encryption_key.get()) | |
| 101 return false; | |
| 102 | |
| 103 std::string iv(kCCBlockSizeAES128, ' '); | |
| 104 crypto::Encryptor encryptor; | |
| 105 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) | |
| 106 return false; | |
| 107 | |
| 108 if (!encryptor.Encrypt(plaintext, ciphertext)) | |
| 109 return false; | |
| 110 | |
| 111 // Prefix the cypher text with version information. | |
| 112 ciphertext->insert(0, kEncryptionVersionPrefix); | |
| 113 return true; | |
| 114 } | |
| 115 | |
| 116 bool OSCrypt::DecryptString(const std::string& ciphertext, | |
| 117 std::string* plaintext) { | |
| 118 if (ciphertext.empty()) { | |
| 119 *plaintext = std::string(); | |
| 120 return true; | |
| 121 } | |
| 122 | |
| 123 // Check that the incoming cyphertext was indeed encrypted with the expected | |
| 124 // version. If the prefix is not found then we'll assume we're dealing with | |
| 125 // old data saved as clear text and we'll return it directly. | |
| 126 // Credit card numbers are current legacy data, so false match with prefix | |
| 127 // won't happen. | |
| 128 if (ciphertext.find(kEncryptionVersionPrefix) != 0) { | |
| 129 *plaintext = ciphertext; | |
| 130 return true; | |
| 131 } | |
| 132 | |
| 133 // Strip off the versioning prefix before decrypting. | |
| 134 std::string raw_ciphertext = | |
| 135 ciphertext.substr(strlen(kEncryptionVersionPrefix)); | |
| 136 | |
| 137 scoped_ptr<crypto::SymmetricKey> encryption_key(GetEncryptionKey()); | |
| 138 if (!encryption_key.get()) | |
| 139 return false; | |
| 140 | |
| 141 std::string iv(kCCBlockSizeAES128, ' '); | |
| 142 crypto::Encryptor encryptor; | |
| 143 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) | |
| 144 return false; | |
| 145 | |
| 146 if (!encryptor.Decrypt(raw_ciphertext, plaintext)) | |
| 147 return false; | |
| 148 | |
| 149 return true; | |
| 150 } | |
| 151 | |
| 152 void OSCrypt::UseMockKeychain(bool use_mock) { | |
| 153 use_mock_keychain = use_mock; | |
| 154 } | |
| 155 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 200713005:
components: Rename encryptor directory to os_crypt. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src