Chromium Code Reviews Chromium Code Reviews
Issue 2377973002:
Fix race condition on OSCrypt linux (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/os_crypt/os_crypt.h" | 5 #include "components/os_crypt/os_crypt.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <iterator> | 10 #include <iterator> |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 65 // Lazy acquisition and caching of a KeyStorage. Will be null if no service is | 65 // Lazy acquisition and caching of a KeyStorage. Will be null if no service is |
| 66 // found. | 66 // found. |
| 67 KeyStorageLinux* GetKeyStorage() { | 67 KeyStorageLinux* GetKeyStorage() { |
| 68 if (!g_cache.Get().is_key_storage_cached) { | 68 if (!g_cache.Get().is_key_storage_cached) { |
| 69 g_cache.Get().is_key_storage_cached = true; | 69 g_cache.Get().is_key_storage_cached = true; |
| 70 g_cache.Get().key_storage_cache = KeyStorageLinux::CreateService(); | 70 g_cache.Get().key_storage_cache = KeyStorageLinux::CreateService(); |
| 71 } | 71 } |
| 72 return g_cache.Get().key_storage_cache.get(); | 72 return g_cache.Get().key_storage_cache.get(); |
| 73 } | 73 } |
| 74 | 74 |
| 75 // Pointer to a function that creates and returns the |KeyStorage| instance to | |
| 76 // be used. The function maintains ownership of the pointer. | |
| 77 KeyStorageLinux* (*g_key_storage_provider)() = &GetKeyStorage; | |
| 78 | |
| 75 // Returns a cached string of "peanuts". Is thread-safe. | 79 // Returns a cached string of "peanuts". Is thread-safe. |
| 76 std::string* GetPasswordV10() { | 80 std::string* GetPasswordV10() { |
| 77 base::AutoLock auto_lock(g_cache.Get().lock); | 81 base::AutoLock auto_lock(g_cache.Get().lock); |
| 78 if (!g_cache.Get().password_v10_cache.get()) { | 82 if (!g_cache.Get().password_v10_cache.get()) { |
| 79 g_cache.Get().password_v10_cache.reset(new std::string("peanuts")); | 83 g_cache.Get().password_v10_cache.reset(new std::string("peanuts")); |
| 80 } | 84 } |
| 81 return g_cache.Get().password_v10_cache.get(); | 85 return g_cache.Get().password_v10_cache.get(); |
| 82 } | 86 } |
| 83 | 87 |
| 84 // Caches and returns the password from the KeyStorage or null if there is no | 88 // Caches and returns the password from the KeyStorage or null if there is no |
| 85 // service. Is thread-safe. | 89 // service. Is thread-safe. |
| 86 std::string* GetPasswordV11() { | 90 std::string* GetPasswordV11() { |
| 87 base::AutoLock auto_lock(g_cache.Get().lock); | 91 base::AutoLock auto_lock(g_cache.Get().lock); |
| 88 if (!g_cache.Get().is_password_v11_cached) { | 92 if (!g_cache.Get().is_password_v11_cached) { |
| 89 g_cache.Get().password_v11_cache.reset( | 93 g_cache.Get().password_v11_cache.reset( |
| 90 GetKeyStorage() ? new std::string(GetKeyStorage()->GetKey()) : nullptr); | 94 g_key_storage_provider() |
| 95 ? new std::string(g_key_storage_provider()->GetKey()) | |
| 96 : nullptr); | |
| 91 g_cache.Get().is_password_v11_cached = true; | 97 g_cache.Get().is_password_v11_cached = true; |
| 92 } | 98 } |
| 93 return g_cache.Get().password_v11_cache.get(); | 99 return g_cache.Get().password_v11_cache.get(); |
| 94 } | 100 } |
| 95 | 101 |
| 96 // Pointer to a function that creates and returns the |KeyStorage| instance to | |
| 97 // be used. The function maintains ownership of the pointer. | |
| 98 KeyStorageLinux* (*g_key_storage_provider)() = &GetKeyStorage; | |
| 99 | |
| 100 // Pointers to functions that return a password for deriving the encryption key. | 102 // Pointers to functions that return a password for deriving the encryption key. |
| 101 // One function for each supported password version (see Version enum). | 103 // One function for each supported password version (see Version enum). |
| 102 std::string* (*g_get_password[])() = { | 104 std::string* (*g_get_password[])() = { |
| 103 &GetPasswordV10, &GetPasswordV11, | 105 &GetPasswordV10, &GetPasswordV11, |
| 104 }; | 106 }; |
| 105 | 107 |
| 106 // Generates a newly allocated SymmetricKey object based on a password. | 108 // Generates a newly allocated SymmetricKey object based on a password. |
| 107 // Ownership of the key is passed to the caller. Returns null key if a key | 109 // Ownership of the key is passed to the caller. Returns null key if a key |
| 108 // generation error occurs. | 110 // generation error occurs. |
| 109 std::unique_ptr<crypto::SymmetricKey> GetEncryptionKey(Version version) { | 111 std::unique_ptr<crypto::SymmetricKey> GetEncryptionKey(Version version) { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 143 } | 145 } |
| 144 | 146 |
| 145 // static | 147 // static |
| 146 bool OSCrypt::EncryptString(const std::string& plaintext, | 148 bool OSCrypt::EncryptString(const std::string& plaintext, |
| 147 std::string* ciphertext) { | 149 std::string* ciphertext) { |
| 148 if (plaintext.empty()) { | 150 if (plaintext.empty()) { |
| 149 ciphertext->clear(); | 151 ciphertext->clear(); |
| 150 return true; | 152 return true; |
| 151 } | 153 } |
| 152 | 154 |
| 153 // If a |KeyStorage| is available, use a password backed by the |KeyStorage|. | 155 // If a |KeyStorage| is available, use a password backed by the |KeyStorage|. |
|
Lei Zhang
2016/09/28 15:35:06
The comment is a bit out of date.
cfroussios
2016/09/28 16:08:17
Done.
| |
| 154 // Otherwise use the hardcoded password. | 156 // Otherwise use the hardcoded password. |
| 155 Version version = g_key_storage_provider() ? Version::V11 : Version::V10; | 157 Version version = |
| 158 GetEncryptionKey(Version::V11) ? Version::V11 : Version::V10; | |
| 156 | 159 |
| 157 std::unique_ptr<crypto::SymmetricKey> encryption_key( | 160 std::unique_ptr<crypto::SymmetricKey> encryption_key( |
| 158 GetEncryptionKey(version)); | 161 GetEncryptionKey(version)); |
|
Lei Zhang
2016/09/28 15:35:06
Aren't we calling GetEncryptionKey() twice in a ro
Lei Zhang
2016/09/28 15:43:21
So I was thinking the code below does the same but
cfroussios
2016/09/28 16:08:16
I had a fix ready for this, but I was thinking tha
| |
| 159 if (!encryption_key) | 162 if (!encryption_key) |
| 160 return false; | 163 return false; |
| 161 | 164 |
| 162 std::string iv(kIVBlockSizeAES128, ' '); | 165 std::string iv(kIVBlockSizeAES128, ' '); |
| 163 crypto::Encryptor encryptor; | 166 crypto::Encryptor encryptor; |
| 164 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) | 167 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) |
| 165 return false; | 168 return false; |
| 166 | 169 |
| 167 if (!encryptor.Encrypt(plaintext, ciphertext)) | 170 if (!encryptor.Encrypt(plaintext, ciphertext)) |
| 168 return false; | 171 return false; |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 261 // |KeyStorage| instance can be created. Enable V11 by returning the mock. | 264 // |KeyStorage| instance can be created. Enable V11 by returning the mock. |
| 262 if (get_key_storage_mock) | 265 if (get_key_storage_mock) |
| 263 g_key_storage_provider = get_key_storage_mock; | 266 g_key_storage_provider = get_key_storage_mock; |
| 264 } else { | 267 } else { |
| 265 // Restore real implementation | 268 // Restore real implementation |
| 266 std::copy(std::begin(get_password_save), std::end(get_password_save), | 269 std::copy(std::begin(get_password_save), std::end(get_password_save), |
| 267 std::begin(g_get_password)); | 270 std::begin(g_get_password)); |
| 268 g_key_storage_provider = &GetKeyStorage; | 271 g_key_storage_provider = &GetKeyStorage; |
| 269 } | 272 } |
| 270 } | 273 } |
| OLD | NEW |
