Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(443)

Unified Diff: src/platform/cryptohome/vault_keyset.cc

Issue 2051003: Initial patch from Will. (Closed) Base URL: ssh://git@chromiumos-git/chromiumos
Patch Set: Address style nits. Created 10 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: src/platform/cryptohome/vault_keyset.cc
diff --git a/src/platform/cryptohome/vault_keyset.cc b/src/platform/cryptohome/vault_keyset.cc
new file mode 100644
index 0000000000000000000000000000000000000000..f68001a342d6c77b8e26346da80c317223fd1cc3
--- /dev/null
+++ b/src/platform/cryptohome/vault_keyset.cc
@@ -0,0 +1,140 @@
+// Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/logging.h"
+#include "chromeos/utility.h"
+#include "cryptohome/cryptohome_common.h"
+#include "cryptohome/vault_keyset.h"
+
+namespace cryptohome {
+
+VaultKeyset::VaultKeyset()
+ : major_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MAJOR),
+ minor_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MINOR) {
+}
+
+VaultKeyset::VaultKeyset(const SecureBlob& source)
+ : major_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MAJOR),
+ minor_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MINOR) {
+ AssignBuffer(source);
+}
+
+bool VaultKeyset::AssignBuffer(const SecureBlob& source) {
+ if(source.size() < VaultKeyset::SerializedSize()) {
+ LOG(ERROR) << "Input buffer is too small.";
+ return false;
+ }
+
+ int offset = 0;
+ VaultKeysetHeader header;
+ memcpy(&header, &source[offset], sizeof(header));
+ offset += sizeof(header);
+ if(memcmp(header.signature, kVaultKeysetSignature,
+ sizeof(header.signature))) {
+ return false;
+ }
+ major_version_ = header.major_version;
+ minor_version_ = header.minor_version;
+
+ VaultKeysetKeys keys;
+ memcpy(&keys, &source[offset], sizeof(keys));
+ fek_.resize(sizeof(keys.fek));
+ memcpy(&fek_[0], keys.fek, fek_.size());
+ fek_sig_.resize(sizeof(keys.fek_sig));
+ memcpy(&fek_sig_[0], keys.fek_sig, fek_sig_.size());
+ fek_salt_.resize(sizeof(keys.fek_salt));
+ memcpy(&fek_salt_[0], keys.fek_salt, fek_salt_.size());
+ fnek_.resize(sizeof(keys.fnek));
+ memcpy(&fnek_[0], keys.fnek, fnek_.size());
+ fnek_sig_.resize(sizeof(keys.fnek_sig));
+ memcpy(&fnek_sig_[0], keys.fnek_sig, fnek_sig_.size());
+ fnek_salt_.resize(sizeof(keys.fnek_salt));
+ memcpy(&fnek_salt_[0], keys.fnek_salt, fnek_salt_.size());
+ chromeos::SecureMemset(&keys, sizeof(keys), 0);
+
+ return true;
+}
+
+SecureBlob VaultKeyset::ToBuffer() const {
+ SecureBlob buffer(VaultKeyset::SerializedSize());
+
+ VaultKeysetHeader header;
+ memcpy(header.signature, kVaultKeysetSignature, sizeof(header.signature));
+ header.major_version = major_version_;
+ header.minor_version = minor_version_;
+ memcpy(&buffer[0], &header, sizeof(header));
+
+ VaultKeysetKeys keys;
+ chromeos::SecureMemset(&keys, sizeof(keys), 0);
+ memcpy(keys.fek, &fek_[0],
+ CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIZE, sizeof(keys.fek)));
+ memcpy(keys.fek_sig, &fek_sig_[0],
+ CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE,
+ sizeof(keys.fek_sig)));
+ memcpy(keys.fek_salt, &fek_salt_[0],
+ CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE,
+ sizeof(keys.fek_salt)));
+ memcpy(keys.fnek, &fnek_[0],
+ CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIZE, sizeof(keys.fnek)));
+ memcpy(keys.fnek_sig, &fnek_sig_[0],
+ CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE,
+ sizeof(keys.fnek_sig)));
+ memcpy(keys.fnek_salt, &fnek_salt_[0],
+ CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE,
+ sizeof(keys.fnek_salt)));
+ memcpy(&buffer[sizeof(header)], &keys, sizeof(keys));
+ chromeos::SecureMemset(&keys, sizeof(keys), 0);
+
+ return buffer;
+}
+
+void VaultKeyset::CreateRandom(const EntropySource& entropy_source) {
+ fek_.resize(CRYPTOHOME_DEFAULT_KEY_SIZE);
+ entropy_source.GetSecureRandom(&fek_[0], fek_.size());
+
+ fek_sig_.resize(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE);
+ entropy_source.GetSecureRandom(&fek_sig_[0], fek_sig_.size());
+
+ fek_salt_.resize(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE);
+ entropy_source.GetSecureRandom(&fek_salt_[0], fek_salt_.size());
+
+ fnek_.resize(CRYPTOHOME_DEFAULT_KEY_SIZE);
+ entropy_source.GetSecureRandom(&fnek_[0], fnek_.size());
+
+ fnek_sig_.resize(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE);
+ entropy_source.GetSecureRandom(&fnek_sig_[0], fnek_sig_.size());
+
+ fnek_salt_.resize(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE);
+ entropy_source.GetSecureRandom(&fnek_salt_[0], fnek_salt_.size());
+}
+
+const SecureBlob& VaultKeyset::FEK() const {
+ return fek_;
+}
+
+const SecureBlob& VaultKeyset::FEK_SIG() const {
+ return fek_sig_;
+}
+
+const SecureBlob& VaultKeyset::FEK_SALT() const {
+ return fek_salt_;
+}
+
+const SecureBlob& VaultKeyset::FNEK() const {
+ return fnek_;
+}
+
+const SecureBlob& VaultKeyset::FNEK_SIG() const {
+ return fnek_sig_;
+}
+
+const SecureBlob& VaultKeyset::FNEK_SALT() const {
+ return fnek_salt_;
+}
+
+unsigned int VaultKeyset::SerializedSize() {
+ return sizeof(VaultKeysetHeader) + sizeof(VaultKeysetKeys);
+}
+
+} // cryptohome

Powered by Google App Engine
This is Rietveld 408576698