Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7)

Side by Side Diff: src/platform/cryptohome/init_cryptohome_data.sh

Issue 2051003: Initial patch from Will. (Closed) Base URL: ssh://git@chromiumos-git/chromiumos
Patch Set: Address style nits. Created 10 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 #!/bin/bash 1 #!/bin/bash
2 # Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. 2 # Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
3 # Use of this source code is governed by a BSD-style license that can be 3 # Use of this source code is governed by a BSD-style license that can be
4 # found in the LICENSE file. 4 # found in the LICENSE file.
5 # 5 #
6 # 6 #
7 # This uses the cryptohome script to initialize an "IMAGE_DIR". This directory 7 # This uses the cryptohome script to initialize an "IMAGE_DIR". This directory
8 # will contain the system salt, and three master keys for a user called 8 # will contain the system salt, and three master keys for a user called
9 # testuser@invalid.domain. 9 # testuser@invalid.domain.
10 # 10 #
11 # The three keys will have the passwords "zero", "one" and "two". You can use 11 # The three keys will have the passwords "zero", "one" and "two". You can use
12 # the check_cryptohome_data.sh script to verify that cryptohome can 12 # the check_cryptohome_data.sh script to verify that cryptohome can
13 # successfully decrypt these keys. The authenticator_unittest.cc testcases 13 # successfully decrypt these keys. The authenticator_unittest.cc testcases
14 # call this script to create their test data. 14 # call this script to create their test data.
15 # 15 #
16 16
17 # mock dmsetup because we don't have it in the chroot and don't need it here. 17 # mock dmsetup because we don't have it in the chroot and don't need it here.
18 function dmsetup { exit 255; } 18 function dmsetup { exit 255; }
19 19
20 CH_LIB="./lib" 20 CH_LIB="./lib"
21 source "$CH_LIB/common" 21 source "$CH_LIB/common"
22 source "$CH_LIB/utils/declare_commands" 22 source "$CH_LIB/utils/declare_commands"
23 source "$CH_LIB/cryptohome"
24 23
25 utils::declare_commands sha256sum 24 utils::declare_commands sha256sum
26 25
27 USERNAME="testuser@invalid.domain" 26 USERNAME="testuser@invalid.domain"
28 PASSWORDS="zero one two" 27 PASSWORDS="zero one two"
29 28
30 function usage { 29 function usage {
31 $echo "Usage: $0 [-q] <image-dir>" 30 $echo "Usage: $0 [-q] <image-dir>"
32 $echo 31 $echo
33 $echo "Initialize a directory of sample cryptohome data containing " 32 $echo "Initialize a directory of sample cryptohome data containing "
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
83 $head -c 16 /dev/urandom > $SYSTEM_SALT_FILE 82 $head -c 16 /dev/urandom > $SYSTEM_SALT_FILE
84 83
85 $info "Creating user directory" 84 $info "Creating user directory"
86 85
87 USERID=$($cat "$SYSTEM_SALT_FILE" <($echo -n $USERNAME) \ 86 USERID=$($cat "$SYSTEM_SALT_FILE" <($echo -n $USERNAME) \
88 | $openssl sha1) 87 | $openssl sha1)
89 88
90 $info "USERNAME: $USERNAME" 89 $info "USERNAME: $USERNAME"
91 $info "USERID: $USERID" 90 $info "USERID: $USERID"
92 91
92 $mkdir -p "$IMAGE_DIR/skel/sub_path"
93 echo -n "testfile" > "$IMAGE_DIR/skel/sub_path/.testfile"
94
93 $mkdir -p "$IMAGE_DIR/$USERID" 95 $mkdir -p "$IMAGE_DIR/$USERID"
94 96
95 $info "Creating master keys..." 97 $info "Creating master keys..."
96 INDEX=0 98 INDEX=0
97 for PASSWORD in $PASSWORDS; do 99 for PASSWORD in $PASSWORDS; do
98 HASHED_PASSWORD=$(cat <($echo -n $($xxd -p "$SYSTEM_SALT_FILE")) \ 100 $info "PASSWORD: $PASSWORD"
99 <($echo -n "$PASSWORD") | $sha256sum | $head -c 32)
100 101
101 $info "PASSWORD: $PASSWORD" 102 ASCII_SALT=$(cat "$SYSTEM_SALT_FILE" | xxd -p)
102 $info "HASHED_PASSWORD: $HASHED_PASSWORD"
103 103
104 MASTER_KEY=$(cryptohome::create_master_key "$HASHED_PASSWORD" "$USERID" \ 104 echo -n "${ASCII_SALT}${PASSWORD}" | sha256sum | head -c 32 \
105 "$IMAGE_DIR/$USERID/master.$INDEX") 105 > "$IMAGE_DIR/$USERID/pwhash.$INDEX"
106
107 READABLE=$(cat "$IMAGE_DIR/$USERID/pwhash.$INDEX")
108 $info "HASHED_PASSWORD: $READABLE"
109
110 openssl rand -rand /dev/urandom \
111 -out "$IMAGE_DIR/$USERID/master.$INDEX.salt" 16
112
113 READABLE=$(cat "$IMAGE_DIR/$USERID/master.$INDEX.salt" |xxd -p)
114 $info "SALT: $READABLE"
115
116 cat "$IMAGE_DIR/$USERID/pwhash.$INDEX" \
117 | cat "$IMAGE_DIR/$USERID/master.$INDEX.salt" - \
118 | openssl sha1 > "$IMAGE_DIR/$USERID/pwwrapper.$INDEX"
119
120 READABLE=$(cat "$IMAGE_DIR/$USERID/pwwrapper.$INDEX")
121 $info "WRAPPER: $READABLE"
122
123 openssl rand -rand /dev/urandom \
124 -out "$IMAGE_DIR/$USERID/rawkey.$INDEX" 160
125
126 echo -n -e 'ch\0001\0001' | cat "$IMAGE_DIR/$USERID/rawkey.$INDEX" - \
127 > "$IMAGE_DIR/$USERID/keyvault.$INDEX"
128
129 cat "$IMAGE_DIR/$USERID/pwwrapper.$INDEX" | openssl aes-256-ecb \
130 -p \
131 -in "$IMAGE_DIR/$USERID/keyvault.$INDEX" \
132 -out "$IMAGE_DIR/$USERID/master.$INDEX" \
133 -pass fd:0 -md sha1 -e
134
135 rm -f "$IMAGE_DIR/$USERID/pwhash.$INDEX"
136 rm -f "$IMAGE_DIR/$USERID/pwwrapper.$INDEX"
137 rm -f "$IMAGE_DIR/$USERID/rawkey.$INDEX"
138 rm -f "$IMAGE_DIR/$USERID/keyvault.$INDEX"
106 139
107 EXIT=$? 140 EXIT=$?
108 if [ $EXIT != 0 ]; then 141 if [ $EXIT != 0 ]; then
109 exit $EXIT 142 exit $EXIT
110 fi 143 fi
111 144
112 $info "MASTER_KEY: $MASTER_KEY" 145 READABLE=$(cat "$IMAGE_DIR/$USERID/master.$INDEX" |xxd -p)
146 $info "MASTER_KEY: $READABLE"
113 147
114 INDEX=$(($INDEX + 1)) 148 INDEX=$(($INDEX + 1))
115 done 149 done
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698