| OLD | NEW |
|---|
| 1 #!/bin/bash | 1 #!/bin/bash |
| 2 # Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 2 # Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| 3 # Use of this source code is governed by a BSD-style license that can be | 3 # Use of this source code is governed by a BSD-style license that can be |
| 4 # found in the LICENSE file. | 4 # found in the LICENSE file. |
| 5 # | 5 # |
| 6 # | 6 # |
| 7 # This uses the cryptohome script to initialize an "IMAGE_DIR". This directory | 7 # This uses the cryptohome script to initialize an "IMAGE_DIR". This directory |
| 8 # will contain the system salt, and three master keys for a user called | 8 # will contain the system salt, and three master keys for a user called |
| 9 # testuser@invalid.domain. | 9 # testuser@invalid.domain. |
| 10 # | 10 # |
| 11 # The three keys will have the passwords "zero", "one" and "two". You can use | 11 # The three keys will have the passwords "zero", "one" and "two". You can use |
| 12 # the check_cryptohome_data.sh script to verify that cryptohome can | 12 # the check_cryptohome_data.sh script to verify that cryptohome can |
| 13 # successfully decrypt these keys. The authenticator_unittest.cc testcases | 13 # successfully decrypt these keys. The authenticator_unittest.cc testcases |
| 14 # call this script to create their test data. | 14 # call this script to create their test data. |
| 15 # | 15 # |
| 16 | 16 |
| 17 # mock dmsetup because we don't have it in the chroot and don't need it here. | 17 # mock dmsetup because we don't have it in the chroot and don't need it here. |
| 18 function dmsetup { exit 255; } | 18 function dmsetup { exit 255; } |
| 19 | 19 |
| 20 CH_LIB="./lib" | 20 CH_LIB="./lib" |
| 21 source "$CH_LIB/common" | 21 source "$CH_LIB/common" |
| 22 source "$CH_LIB/utils/declare_commands" | 22 source "$CH_LIB/utils/declare_commands" |
| 23 source "$CH_LIB/cryptohome" | |
| 24 | 23 |
| 25 utils::declare_commands sha256sum | 24 utils::declare_commands sha256sum |
| 26 | 25 |
| 27 USERNAME="testuser@invalid.domain" | 26 USERNAME="testuser@invalid.domain" |
| 28 PASSWORDS="zero one two" | 27 PASSWORDS="zero one two" |
| 29 | 28 |
| 30 function usage { | 29 function usage { |
| 31 $echo "Usage: $0 [-q] <image-dir>" | 30 $echo "Usage: $0 [-q] <image-dir>" |
| 32 $echo | 31 $echo |
| 33 $echo "Initialize a directory of sample cryptohome data containing " | 32 $echo "Initialize a directory of sample cryptohome data containing " |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 83 $head -c 16 /dev/urandom > $SYSTEM_SALT_FILE | 82 $head -c 16 /dev/urandom > $SYSTEM_SALT_FILE |
| 84 | 83 |
| 85 $info "Creating user directory" | 84 $info "Creating user directory" |
| 86 | 85 |
| 87 USERID=$($cat "$SYSTEM_SALT_FILE" <($echo -n $USERNAME) \ | 86 USERID=$($cat "$SYSTEM_SALT_FILE" <($echo -n $USERNAME) \ |
| 88 | $openssl sha1) | 87 | $openssl sha1) |
| 89 | 88 |
| 90 $info "USERNAME: $USERNAME" | 89 $info "USERNAME: $USERNAME" |
| 91 $info "USERID: $USERID" | 90 $info "USERID: $USERID" |
| 92 | 91 |
| 92 $mkdir -p "$IMAGE_DIR/skel/sub_path" |
| 93 echo -n "testfile" > "$IMAGE_DIR/skel/sub_path/.testfile" |
| 94 |
| 93 $mkdir -p "$IMAGE_DIR/$USERID" | 95 $mkdir -p "$IMAGE_DIR/$USERID" |
| 94 | 96 |
| 95 $info "Creating master keys..." | 97 $info "Creating master keys..." |
| 96 INDEX=0 | 98 INDEX=0 |
| 97 for PASSWORD in $PASSWORDS; do | 99 for PASSWORD in $PASSWORDS; do |
| 98 HASHED_PASSWORD=$(cat <($echo -n $($xxd -p "$SYSTEM_SALT_FILE")) \ | 100 $info "PASSWORD: $PASSWORD" |
| 99 <($echo -n "$PASSWORD") | $sha256sum | $head -c 32) | |
| 100 | 101 |
| 101 $info "PASSWORD: $PASSWORD" | 102 ASCII_SALT=$(cat "$SYSTEM_SALT_FILE" | xxd -p) |
| 102 $info "HASHED_PASSWORD: $HASHED_PASSWORD" | |
| 103 | 103 |
| 104 MASTER_KEY=$(cryptohome::create_master_key "$HASHED_PASSWORD" "$USERID" \ | 104 echo -n "${ASCII_SALT}${PASSWORD}" | sha256sum | head -c 32 \ |
| 105 "$IMAGE_DIR/$USERID/master.$INDEX") | 105 > "$IMAGE_DIR/$USERID/pwhash.$INDEX" |
| 106 |
| 107 READABLE=$(cat "$IMAGE_DIR/$USERID/pwhash.$INDEX") |
| 108 $info "HASHED_PASSWORD: $READABLE" |
| 109 |
| 110 openssl rand -rand /dev/urandom \ |
| 111 -out "$IMAGE_DIR/$USERID/master.$INDEX.salt" 16 |
| 112 |
| 113 READABLE=$(cat "$IMAGE_DIR/$USERID/master.$INDEX.salt" |xxd -p) |
| 114 $info "SALT: $READABLE" |
| 115 |
| 116 cat "$IMAGE_DIR/$USERID/pwhash.$INDEX" \ |
| 117 | cat "$IMAGE_DIR/$USERID/master.$INDEX.salt" - \ |
| 118 | openssl sha1 > "$IMAGE_DIR/$USERID/pwwrapper.$INDEX" |
| 119 |
| 120 READABLE=$(cat "$IMAGE_DIR/$USERID/pwwrapper.$INDEX") |
| 121 $info "WRAPPER: $READABLE" |
| 122 |
| 123 openssl rand -rand /dev/urandom \ |
| 124 -out "$IMAGE_DIR/$USERID/rawkey.$INDEX" 160 |
| 125 |
| 126 echo -n -e 'ch\0001\0001' | cat "$IMAGE_DIR/$USERID/rawkey.$INDEX" - \ |
| 127 > "$IMAGE_DIR/$USERID/keyvault.$INDEX" |
| 128 |
| 129 cat "$IMAGE_DIR/$USERID/pwwrapper.$INDEX" | openssl aes-256-ecb \ |
| 130 -p \ |
| 131 -in "$IMAGE_DIR/$USERID/keyvault.$INDEX" \ |
| 132 -out "$IMAGE_DIR/$USERID/master.$INDEX" \ |
| 133 -pass fd:0 -md sha1 -e |
| 134 |
| 135 rm -f "$IMAGE_DIR/$USERID/pwhash.$INDEX" |
| 136 rm -f "$IMAGE_DIR/$USERID/pwwrapper.$INDEX" |
| 137 rm -f "$IMAGE_DIR/$USERID/rawkey.$INDEX" |
| 138 rm -f "$IMAGE_DIR/$USERID/keyvault.$INDEX" |
| 106 | 139 |
| 107 EXIT=$? | 140 EXIT=$? |
| 108 if [ $EXIT != 0 ]; then | 141 if [ $EXIT != 0 ]; then |
| 109 exit $EXIT | 142 exit $EXIT |
| 110 fi | 143 fi |
| 111 | 144 |
| 112 $info "MASTER_KEY: $MASTER_KEY" | 145 READABLE=$(cat "$IMAGE_DIR/$USERID/master.$INDEX" |xxd -p) |
| 146 $info "MASTER_KEY: $READABLE" |
| 113 | 147 |
| 114 INDEX=$(($INDEX + 1)) | 148 INDEX=$(($INDEX + 1)) |
| 115 done | 149 done |
| OLD | NEW |
|---|
Chromium Code Reviews
