OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "base/logging.h" |
| 6 #include "chromeos/utility.h" |
| 7 #include "cryptohome/cryptohome_common.h" |
| 8 #include "cryptohome/vault_keyset.h" |
| 9 |
| 10 namespace cryptohome { |
| 11 |
| 12 VaultKeyset::VaultKeyset() |
| 13 : major_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MAJOR), |
| 14 minor_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MINOR) { |
| 15 } |
| 16 |
| 17 VaultKeyset::VaultKeyset(const SecureBlob& source) |
| 18 : major_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MAJOR), |
| 19 minor_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MINOR) { |
| 20 AssignBuffer(source); |
| 21 } |
| 22 |
| 23 bool VaultKeyset::AssignBuffer(const SecureBlob& source) { |
| 24 if(source.size() < VaultKeyset::SerializedSize()) { |
| 25 LOG(ERROR) << "Input buffer is too small."; |
| 26 return false; |
| 27 } |
| 28 |
| 29 int offset = 0; |
| 30 VaultKeysetHeader header; |
| 31 memcpy(&header, &source[offset], sizeof(header)); |
| 32 offset += sizeof(header); |
| 33 if(memcmp(header.signature, kVaultKeysetSignature, |
| 34 sizeof(header.signature))) { |
| 35 return false; |
| 36 } |
| 37 major_version_ = header.major_version; |
| 38 minor_version_ = header.minor_version; |
| 39 |
| 40 VaultKeysetKeys keys; |
| 41 memcpy(&keys, &source[offset], sizeof(keys)); |
| 42 fek_.resize(sizeof(keys.fek)); |
| 43 memcpy(&fek_[0], keys.fek, fek_.size()); |
| 44 fek_sig_.resize(sizeof(keys.fek_sig)); |
| 45 memcpy(&fek_sig_[0], keys.fek_sig, fek_sig_.size()); |
| 46 fek_salt_.resize(sizeof(keys.fek_salt)); |
| 47 memcpy(&fek_salt_[0], keys.fek_salt, fek_salt_.size()); |
| 48 fnek_.resize(sizeof(keys.fnek)); |
| 49 memcpy(&fnek_[0], keys.fnek, fnek_.size()); |
| 50 fnek_sig_.resize(sizeof(keys.fnek_sig)); |
| 51 memcpy(&fnek_sig_[0], keys.fnek_sig, fnek_sig_.size()); |
| 52 fnek_salt_.resize(sizeof(keys.fnek_salt)); |
| 53 memcpy(&fnek_salt_[0], keys.fnek_salt, fnek_salt_.size()); |
| 54 chromeos::SecureMemset(&keys, sizeof(keys), 0); |
| 55 |
| 56 return true; |
| 57 } |
| 58 |
| 59 SecureBlob VaultKeyset::ToBuffer() const { |
| 60 SecureBlob buffer(VaultKeyset::SerializedSize()); |
| 61 |
| 62 VaultKeysetHeader header; |
| 63 memcpy(header.signature, kVaultKeysetSignature, sizeof(header.signature)); |
| 64 header.major_version = major_version_; |
| 65 header.minor_version = minor_version_; |
| 66 memcpy(&buffer[0], &header, sizeof(header)); |
| 67 |
| 68 VaultKeysetKeys keys; |
| 69 chromeos::SecureMemset(&keys, sizeof(keys), 0); |
| 70 memcpy(keys.fek, &fek_[0], |
| 71 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIZE, sizeof(keys.fek))); |
| 72 memcpy(keys.fek_sig, &fek_sig_[0], |
| 73 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE, |
| 74 sizeof(keys.fek_sig))); |
| 75 memcpy(keys.fek_salt, &fek_salt_[0], |
| 76 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE, |
| 77 sizeof(keys.fek_salt))); |
| 78 memcpy(keys.fnek, &fnek_[0], |
| 79 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIZE, sizeof(keys.fnek))); |
| 80 memcpy(keys.fnek_sig, &fnek_sig_[0], |
| 81 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE, |
| 82 sizeof(keys.fnek_sig))); |
| 83 memcpy(keys.fnek_salt, &fnek_salt_[0], |
| 84 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE, |
| 85 sizeof(keys.fnek_salt))); |
| 86 memcpy(&buffer[sizeof(header)], &keys, sizeof(keys)); |
| 87 chromeos::SecureMemset(&keys, sizeof(keys), 0); |
| 88 |
| 89 return buffer; |
| 90 } |
| 91 |
| 92 void VaultKeyset::CreateRandom(const EntropySource& entropy_source) { |
| 93 fek_.resize(CRYPTOHOME_DEFAULT_KEY_SIZE); |
| 94 entropy_source.GetSecureRandom(&fek_[0], fek_.size()); |
| 95 |
| 96 fek_sig_.resize(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE); |
| 97 entropy_source.GetSecureRandom(&fek_sig_[0], fek_sig_.size()); |
| 98 |
| 99 fek_salt_.resize(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE); |
| 100 entropy_source.GetSecureRandom(&fek_salt_[0], fek_salt_.size()); |
| 101 |
| 102 fnek_.resize(CRYPTOHOME_DEFAULT_KEY_SIZE); |
| 103 entropy_source.GetSecureRandom(&fnek_[0], fnek_.size()); |
| 104 |
| 105 fnek_sig_.resize(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE); |
| 106 entropy_source.GetSecureRandom(&fnek_sig_[0], fnek_sig_.size()); |
| 107 |
| 108 fnek_salt_.resize(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE); |
| 109 entropy_source.GetSecureRandom(&fnek_salt_[0], fnek_salt_.size()); |
| 110 } |
| 111 |
| 112 const SecureBlob& VaultKeyset::FEK() const { |
| 113 return fek_; |
| 114 } |
| 115 |
| 116 const SecureBlob& VaultKeyset::FEK_SIG() const { |
| 117 return fek_sig_; |
| 118 } |
| 119 |
| 120 const SecureBlob& VaultKeyset::FEK_SALT() const { |
| 121 return fek_salt_; |
| 122 } |
| 123 |
| 124 const SecureBlob& VaultKeyset::FNEK() const { |
| 125 return fnek_; |
| 126 } |
| 127 |
| 128 const SecureBlob& VaultKeyset::FNEK_SIG() const { |
| 129 return fnek_sig_; |
| 130 } |
| 131 |
| 132 const SecureBlob& VaultKeyset::FNEK_SALT() const { |
| 133 return fnek_salt_; |
| 134 } |
| 135 |
| 136 unsigned int VaultKeyset::SerializedSize() { |
| 137 return sizeof(VaultKeysetHeader) + sizeof(VaultKeysetKeys); |
| 138 } |
| 139 |
| 140 } // cryptohome |
OLD | NEW |