Chromium Code Reviews Chromium Code Reviews
Issue 2377973002:
Fix race condition on OSCrypt linux (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/os_crypt/os_crypt.h" | 5 #include "components/os_crypt/os_crypt.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <iterator> | 10 #include <iterator> |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 65 // Lazy acquisition and caching of a KeyStorage. Will be null if no service is | 65 // Lazy acquisition and caching of a KeyStorage. Will be null if no service is |
| 66 // found. | 66 // found. |
| 67 KeyStorageLinux* GetKeyStorage() { | 67 KeyStorageLinux* GetKeyStorage() { |
| 68 if (!g_cache.Get().is_key_storage_cached) { | 68 if (!g_cache.Get().is_key_storage_cached) { |
| 69 g_cache.Get().is_key_storage_cached = true; | 69 g_cache.Get().is_key_storage_cached = true; |
| 70 g_cache.Get().key_storage_cache = KeyStorageLinux::CreateService(); | 70 g_cache.Get().key_storage_cache = KeyStorageLinux::CreateService(); |
| 71 } | 71 } |
| 72 return g_cache.Get().key_storage_cache.get(); | 72 return g_cache.Get().key_storage_cache.get(); |
| 73 } | 73 } |
| 74 | 74 |
| 75 // Pointer to a function that creates and returns the |KeyStorage| instance to | |
| 76 // be used. The function maintains ownership of the pointer. | |
| 77 KeyStorageLinux* (*g_key_storage_provider)() = &GetKeyStorage; | |
| 78 | |
| 75 // Returns a cached string of "peanuts". Is thread-safe. | 79 // Returns a cached string of "peanuts". Is thread-safe. |
| 76 std::string* GetPasswordV10() { | 80 std::string* GetPasswordV10() { |
| 77 base::AutoLock auto_lock(g_cache.Get().lock); | 81 base::AutoLock auto_lock(g_cache.Get().lock); |
| 78 if (!g_cache.Get().password_v10_cache.get()) { | 82 if (!g_cache.Get().password_v10_cache.get()) { |
| 79 g_cache.Get().password_v10_cache.reset(new std::string("peanuts")); | 83 g_cache.Get().password_v10_cache.reset(new std::string("peanuts")); |
| 80 } | 84 } |
| 81 return g_cache.Get().password_v10_cache.get(); | 85 return g_cache.Get().password_v10_cache.get(); |
| 82 } | 86 } |
| 83 | 87 |
| 84 // Caches and returns the password from the KeyStorage or null if there is no | 88 // Caches and returns the password from the KeyStorage or null if there is no |
| 85 // service. Is thread-safe. | 89 // service. Is thread-safe. |
| 86 std::string* GetPasswordV11() { | 90 std::string* GetPasswordV11() { |
| 87 base::AutoLock auto_lock(g_cache.Get().lock); | 91 base::AutoLock auto_lock(g_cache.Get().lock); |
| 88 if (!g_cache.Get().is_password_v11_cached) { | 92 if (!g_cache.Get().is_password_v11_cached) { |
| 89 g_cache.Get().password_v11_cache.reset( | 93 g_cache.Get().password_v11_cache.reset( |
| 90 GetKeyStorage() ? new std::string(GetKeyStorage()->GetKey()) : nullptr); | 94 g_key_storage_provider() |
| 95 ? new std::string(g_key_storage_provider()->GetKey()) | |
| 96 : nullptr); | |
| 91 g_cache.Get().is_password_v11_cached = true; | 97 g_cache.Get().is_password_v11_cached = true; |
| 92 } | 98 } |
| 93 return g_cache.Get().password_v11_cache.get(); | 99 return g_cache.Get().password_v11_cache.get(); |
| 94 } | 100 } |
| 95 | 101 |
| 96 // Pointer to a function that creates and returns the |KeyStorage| instance to | |
| 97 // be used. The function maintains ownership of the pointer. | |
| 98 KeyStorageLinux* (*g_key_storage_provider)() = &GetKeyStorage; | |
| 99 | |
| 100 // Pointers to functions that return a password for deriving the encryption key. | 102 // Pointers to functions that return a password for deriving the encryption key. |
| 101 // One function for each supported password version (see Version enum). | 103 // One function for each supported password version (see Version enum). |
| 102 std::string* (*g_get_password[])() = { | 104 std::string* (*g_get_password[])() = { |
| 103 &GetPasswordV10, &GetPasswordV11, | 105 &GetPasswordV10, &GetPasswordV11, |
| 104 }; | 106 }; |
| 105 | 107 |
| 106 // Generates a newly allocated SymmetricKey object based on a password. | 108 // Generates a newly allocated SymmetricKey object based on a password. |
| 107 // Ownership of the key is passed to the caller. Returns null key if a key | 109 // Ownership of the key is passed to the caller. Returns null key if a key |
| 108 // generation error occurs. | 110 // generation error occurs. |
| 109 std::unique_ptr<crypto::SymmetricKey> GetEncryptionKey(Version version) { | 111 std::unique_ptr<crypto::SymmetricKey> GetEncryptionKey(Version version) { |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 143 } | 145 } |
| 144 | 146 |
| 145 // static | 147 // static |
| 146 bool OSCrypt::EncryptString(const std::string& plaintext, | 148 bool OSCrypt::EncryptString(const std::string& plaintext, |
| 147 std::string* ciphertext) { | 149 std::string* ciphertext) { |
| 148 if (plaintext.empty()) { | 150 if (plaintext.empty()) { |
| 149 ciphertext->clear(); | 151 ciphertext->clear(); |
| 150 return true; | 152 return true; |
| 151 } | 153 } |
| 152 | 154 |
| 153 // If a |KeyStorage| is available, use a password backed by the |KeyStorage|. | 155 // If we are able to create a V11 key (i.e. a KeyStorage was avaible), then |
|
Lei Zhang
2016/09/28 16:45:14
available
Lei Zhang
2016/09/28 17:32:58
Eh. I'll just fix this in a follow up CL.
Lei Zhang
2016/09/28 17:33:27
Oh wait, you did, I just didn't see an email from
| |
| 154 // Otherwise use the hardcoded password. | 156 // we'll use it. If not, we'll use V10. |
| 155 Version version = g_key_storage_provider() ? Version::V11 : Version::V10; | 157 Version version = Version::V11; |
| 156 | |
| 157 std::unique_ptr<crypto::SymmetricKey> encryption_key( | 158 std::unique_ptr<crypto::SymmetricKey> encryption_key( |
| 158 GetEncryptionKey(version)); | 159 GetEncryptionKey(version)); |
| 160 if (!encryption_key) { | |
| 161 version = Version::V10; | |
| 162 encryption_key = GetEncryptionKey(version); | |
| 163 } | |
| 164 | |
| 159 if (!encryption_key) | 165 if (!encryption_key) |
| 160 return false; | 166 return false; |
| 161 | 167 |
| 162 std::string iv(kIVBlockSizeAES128, ' '); | 168 std::string iv(kIVBlockSizeAES128, ' '); |
| 163 crypto::Encryptor encryptor; | 169 crypto::Encryptor encryptor; |
| 164 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) | 170 if (!encryptor.Init(encryption_key.get(), crypto::Encryptor::CBC, iv)) |
| 165 return false; | 171 return false; |
| 166 | 172 |
| 167 if (!encryptor.Encrypt(plaintext, ciphertext)) | 173 if (!encryptor.Encrypt(plaintext, ciphertext)) |
| 168 return false; | 174 return false; |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 261 // |KeyStorage| instance can be created. Enable V11 by returning the mock. | 267 // |KeyStorage| instance can be created. Enable V11 by returning the mock. |
| 262 if (get_key_storage_mock) | 268 if (get_key_storage_mock) |
| 263 g_key_storage_provider = get_key_storage_mock; | 269 g_key_storage_provider = get_key_storage_mock; |
| 264 } else { | 270 } else { |
| 265 // Restore real implementation | 271 // Restore real implementation |
| 266 std::copy(std::begin(get_password_save), std::end(get_password_save), | 272 std::copy(std::begin(get_password_save), std::end(get_password_save), |
| 267 std::begin(g_get_password)); | 273 std::begin(g_get_password)); |
| 268 g_key_storage_provider = &GetKeyStorage; | 274 g_key_storage_provider = &GetKeyStorage; |
| 269 } | 275 } |
| 270 } | 276 } |
| OLD | NEW |
