| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "sync/util/nigori.h" | 5 #include "components/sync/base/nigori.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <sstream> | 9 #include <sstream> |
| 10 #include <vector> | 10 #include <vector> |
| 11 | 11 |
| 12 #include "base/base64.h" | 12 #include "base/base64.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/strings/string_util.h" | 14 #include "base/strings/string_util.h" |
| 15 #include "base/sys_byteorder.h" | 15 #include "base/sys_byteorder.h" |
| (...skipping 27 matching lines...) Expand all Loading... |
| 43 // followed by the big-endian representation of the value of |type|, with 32 | 43 // followed by the big-endian representation of the value of |type|, with 32 |
| 44 // bits, to the stream. | 44 // bits, to the stream. |
| 45 NigoriStream& operator<<(const Nigori::Type type) { | 45 NigoriStream& operator<<(const Nigori::Type type) { |
| 46 uint32_t size = base::HostToNet32(sizeof(uint32_t)); | 46 uint32_t size = base::HostToNet32(sizeof(uint32_t)); |
| 47 stream_.write(reinterpret_cast<char*>(&size), sizeof(uint32_t)); | 47 stream_.write(reinterpret_cast<char*>(&size), sizeof(uint32_t)); |
| 48 uint32_t value = base::HostToNet32(type); | 48 uint32_t value = base::HostToNet32(type); |
| 49 stream_.write(reinterpret_cast<char*>(&value), sizeof(uint32_t)); | 49 stream_.write(reinterpret_cast<char*>(&value), sizeof(uint32_t)); |
| 50 return *this; | 50 return *this; |
| 51 } | 51 } |
| 52 | 52 |
| 53 std::string str() { | 53 std::string str() { return stream_.str(); } |
| 54 return stream_.str(); | |
| 55 } | |
| 56 | 54 |
| 57 private: | 55 private: |
| 58 std::ostringstream stream_; | 56 std::ostringstream stream_; |
| 59 }; | 57 }; |
| 60 | 58 |
| 61 // static | 59 // static |
| 62 const char Nigori::kSaltSalt[] = "saltsalt"; | 60 const char Nigori::kSaltSalt[] = "saltsalt"; |
| 63 | 61 |
| 64 Nigori::Nigori() { | 62 Nigori::Nigori() {} |
| 65 } | |
| 66 | 63 |
| 67 Nigori::~Nigori() { | 64 Nigori::~Nigori() {} |
| 68 } | |
| 69 | 65 |
| 70 bool Nigori::InitByDerivation(const std::string& hostname, | 66 bool Nigori::InitByDerivation(const std::string& hostname, |
| 71 const std::string& username, | 67 const std::string& username, |
| 72 const std::string& password) { | 68 const std::string& password) { |
| 73 NigoriStream salt_password; | 69 NigoriStream salt_password; |
| 74 salt_password << username << hostname; | 70 salt_password << username << hostname; |
| 75 | 71 |
| 76 // Suser = PBKDF2(Username || Servername, "saltsalt", Nsalt, 8) | 72 // Suser = PBKDF2(Username || Servername, "saltsalt", Nsalt, 8) |
| 77 std::unique_ptr<SymmetricKey> user_salt(SymmetricKey::DeriveKeyFromPassword( | 73 std::unique_ptr<SymmetricKey> user_salt(SymmetricKey::DeriveKeyFromPassword( |
| 78 SymmetricKey::HMAC_SHA1, salt_password.str(), kSaltSalt, kSaltIterations, | 74 SymmetricKey::HMAC_SHA1, salt_password.str(), kSaltSalt, kSaltIterations, |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 113 encryption_key_ = SymmetricKey::Import(SymmetricKey::AES, encryption_key); | 109 encryption_key_ = SymmetricKey::Import(SymmetricKey::AES, encryption_key); |
| 114 DCHECK(encryption_key_); | 110 DCHECK(encryption_key_); |
| 115 | 111 |
| 116 mac_key_ = SymmetricKey::Import(SymmetricKey::HMAC_SHA1, mac_key); | 112 mac_key_ = SymmetricKey::Import(SymmetricKey::HMAC_SHA1, mac_key); |
| 117 DCHECK(mac_key_); | 113 DCHECK(mac_key_); |
| 118 | 114 |
| 119 return user_key_ && encryption_key_ && mac_key_; | 115 return user_key_ && encryption_key_ && mac_key_; |
| 120 } | 116 } |
| 121 | 117 |
| 122 // Permute[Kenc,Kmac](type || name) | 118 // Permute[Kenc,Kmac](type || name) |
| 123 bool Nigori::Permute(Type type, const std::string& name, | 119 bool Nigori::Permute(Type type, |
| 120 const std::string& name, |
| 124 std::string* permuted) const { | 121 std::string* permuted) const { |
| 125 DCHECK_LT(0U, name.size()); | 122 DCHECK_LT(0U, name.size()); |
| 126 | 123 |
| 127 NigoriStream plaintext; | 124 NigoriStream plaintext; |
| 128 plaintext << type << name; | 125 plaintext << type << name; |
| 129 | 126 |
| 130 Encryptor encryptor; | 127 Encryptor encryptor; |
| 131 if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC, | 128 if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC, |
| 132 std::string(kIvSize, 0))) | 129 std::string(kIvSize, 0))) |
| 133 return false; | 130 return false; |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 199 return false; | 196 return false; |
| 200 | 197 |
| 201 if (input.size() < kIvSize * 2 + kHashSize) | 198 if (input.size() < kIvSize * 2 + kHashSize) |
| 202 return false; | 199 return false; |
| 203 | 200 |
| 204 // The input is: | 201 // The input is: |
| 205 // * iv (16 bytes) | 202 // * iv (16 bytes) |
| 206 // * ciphertext (multiple of 16 bytes) | 203 // * ciphertext (multiple of 16 bytes) |
| 207 // * hash (32 bytes) | 204 // * hash (32 bytes) |
| 208 std::string iv(input.substr(0, kIvSize)); | 205 std::string iv(input.substr(0, kIvSize)); |
| 209 std::string ciphertext(input.substr(kIvSize, | 206 std::string ciphertext( |
| 210 input.size() - (kIvSize + kHashSize))); | 207 input.substr(kIvSize, input.size() - (kIvSize + kHashSize))); |
| 211 std::string hash(input.substr(input.size() - kHashSize, kHashSize)); | 208 std::string hash(input.substr(input.size() - kHashSize, kHashSize)); |
| 212 | 209 |
| 213 std::string raw_mac_key; | 210 std::string raw_mac_key; |
| 214 if (!mac_key_->GetRawKey(&raw_mac_key)) | 211 if (!mac_key_->GetRawKey(&raw_mac_key)) |
| 215 return false; | 212 return false; |
| 216 | 213 |
| 217 HMAC hmac(HMAC::SHA256); | 214 HMAC hmac(HMAC::SHA256); |
| 218 if (!hmac.Init(raw_mac_key)) | 215 if (!hmac.Init(raw_mac_key)) |
| 219 return false; | 216 return false; |
| 220 | 217 |
| 221 std::vector<unsigned char> expected(kHashSize); | 218 std::vector<unsigned char> expected(kHashSize); |
| 222 if (!hmac.Sign(ciphertext, &expected[0], expected.size())) | 219 if (!hmac.Sign(ciphertext, &expected[0], expected.size())) |
| 223 return false; | 220 return false; |
| 224 | 221 |
| 225 if (hash.compare(0, hash.size(), | 222 if (hash.compare(0, hash.size(), reinterpret_cast<char*>(&expected[0]), |
| 226 reinterpret_cast<char *>(&expected[0]), | |
| 227 expected.size())) | 223 expected.size())) |
| 228 return false; | 224 return false; |
| 229 | 225 |
| 230 Encryptor encryptor; | 226 Encryptor encryptor; |
| 231 if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC, iv)) | 227 if (!encryptor.Init(encryption_key_.get(), Encryptor::CBC, iv)) |
| 232 return false; | 228 return false; |
| 233 | 229 |
| 234 if (!encryptor.Decrypt(ciphertext, value)) | 230 if (!encryptor.Decrypt(ciphertext, value)) |
| 235 return false; | 231 return false; |
| 236 | 232 |
| 237 return true; | 233 return true; |
| 238 } | 234 } |
| 239 | 235 |
| 240 bool Nigori::ExportKeys(std::string* user_key, | 236 bool Nigori::ExportKeys(std::string* user_key, |
| 241 std::string* encryption_key, | 237 std::string* encryption_key, |
| 242 std::string* mac_key) const { | 238 std::string* mac_key) const { |
| 243 DCHECK(user_key); | 239 DCHECK(user_key); |
| 244 DCHECK(encryption_key); | 240 DCHECK(encryption_key); |
| 245 DCHECK(mac_key); | 241 DCHECK(mac_key); |
| 246 | 242 |
| 247 return user_key_->GetRawKey(user_key) && | 243 return user_key_->GetRawKey(user_key) && |
| 248 encryption_key_->GetRawKey(encryption_key) && | 244 encryption_key_->GetRawKey(encryption_key) && |
| 249 mac_key_->GetRawKey(mac_key); | 245 mac_key_->GetRawKey(mac_key); |
| 250 } | 246 } |
| 251 | 247 |
| 252 } // namespace syncer | 248 } // namespace syncer |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2156693002:
[Sync] //components/sync internal changes [DO NOT SUBMIT] (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master