Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(672)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/settings/token_encryptor.cc

Issue 25975002: cryptohome: Move Encrypt/DecryptWithSystemSalt() out of CryptohomeLibrary (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: address comments Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/chromeos/settings/token_encryptor.h ('k') | chrome/chrome_browser_chromeos.gypi » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/settings/token_encryptor.h"
6
7 #include <vector>
8
9 #include "base/logging.h"
10 #include "base/strings/string_number_conversions.h"
11 #include "base/strings/string_util.h"
12 #include "base/sys_info.h"
13 #include "chromeos/cryptohome/cryptohome_library.h"
14 #include "crypto/encryptor.h"
15 #include "crypto/nss_util.h"
16 #include "crypto/sha2.h"
17 #include "crypto/symmetric_key.h"
18
19 namespace chromeos {
20
21 namespace {
22 const size_t kNonceSize = 16;
23 } // namespace
24
25 CryptohomeTokenEncryptor::CryptohomeTokenEncryptor() {
26 }
27
28 CryptohomeTokenEncryptor::~CryptohomeTokenEncryptor() {
29 }
30
31 std::string CryptohomeTokenEncryptor::EncryptWithSystemSalt(
32 const std::string& token) {
33 // Don't care about token encryption while debugging.
34 if (!base::SysInfo::IsRunningOnChromeOS())
35 return token;
36
37 if (!LoadSystemSaltKey()) {
38 LOG(WARNING) << "System salt key is not available for encrypt.";
39 return std::string();
40 }
41 return EncryptTokenWithKey(system_salt_key_.get(),
42 system_salt_,
43 token);
44 }
45
46 std::string CryptohomeTokenEncryptor::DecryptWithSystemSalt(
47 const std::string& encrypted_token_hex) {
48 // Don't care about token encryption while debugging.
49 if (!base::SysInfo::IsRunningOnChromeOS())
50 return encrypted_token_hex;
51
52 if (!LoadSystemSaltKey()) {
53 LOG(WARNING) << "System salt key is not available for decrypt.";
54 return std::string();
55 }
56 return DecryptTokenWithKey(system_salt_key_.get(),
57 system_salt_,
58 encrypted_token_hex);
59 }
60
61 // TODO: should this use the system salt for both the password and the salt
62 // value, or should this use a separate salt value?
63 bool CryptohomeTokenEncryptor::LoadSystemSaltKey() {
64 // Assume the system salt should be obtained beforehand at login time.
65 if (system_salt_.empty())
66 system_salt_ = CryptohomeLibrary::Get()->GetCachedSystemSalt();
67 if (system_salt_.empty())
68 return false;
69 if (!system_salt_key_.get())
70 system_salt_key_.reset(PassphraseToKey(system_salt_, system_salt_));
71 return system_salt_key_.get();
72 }
73
74 crypto::SymmetricKey* CryptohomeTokenEncryptor::PassphraseToKey(
75 const std::string& passphrase,
76 const std::string& salt) {
77 return crypto::SymmetricKey::DeriveKeyFromPassword(
78 crypto::SymmetricKey::AES, passphrase, salt, 1000, 256);
79 }
80
81 std::string CryptohomeTokenEncryptor::EncryptTokenWithKey(
82 crypto::SymmetricKey* key,
83 const std::string& salt,
84 const std::string& token) {
85 crypto::Encryptor encryptor;
86 if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) {
87 LOG(WARNING) << "Failed to initialize Encryptor.";
88 return std::string();
89 }
90 std::string nonce = salt.substr(0, kNonceSize);
91 std::string encoded_token;
92 CHECK(encryptor.SetCounter(nonce));
93 if (!encryptor.Encrypt(token, &encoded_token)) {
94 LOG(WARNING) << "Failed to encrypt token.";
95 return std::string();
96 }
97
98 return StringToLowerASCII(base::HexEncode(
99 reinterpret_cast<const void*>(encoded_token.data()),
100 encoded_token.size()));
101 }
102
103 std::string CryptohomeTokenEncryptor::DecryptTokenWithKey(
104 crypto::SymmetricKey* key,
105 const std::string& salt,
106 const std::string& encrypted_token_hex) {
107 std::vector<uint8> encrypted_token_bytes;
108 if (!base::HexStringToBytes(encrypted_token_hex, &encrypted_token_bytes)) {
109 LOG(WARNING) << "Corrupt encrypted token found.";
110 return std::string();
111 }
112
113 std::string encrypted_token(
114 reinterpret_cast<char*>(encrypted_token_bytes.data()),
115 encrypted_token_bytes.size());
116 crypto::Encryptor encryptor;
117 if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) {
118 LOG(WARNING) << "Failed to initialize Encryptor.";
119 return std::string();
120 }
121
122 std::string nonce = salt.substr(0, kNonceSize);
123 std::string token;
124 CHECK(encryptor.SetCounter(nonce));
125 if (!encryptor.Decrypt(encrypted_token, &token)) {
126 LOG(WARNING) << "Failed to decrypt token.";
127 return std::string();
128 }
129 return token;
130 }
131
132 } // namespace chromeos
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/settings/token_encryptor.h ('k') | chrome/chrome_browser_chromeos.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698