OLD | NEW |
(Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/basictypes.h" |
| 11 #include "base/memory/scoped_ptr.h" |
| 12 |
| 13 namespace crypto { |
| 14 class SymmetricKey; |
| 15 } |
| 16 |
| 17 namespace chromeos { |
| 18 |
| 19 // Interface class for classes that encrypt and decrypt tokens using the |
| 20 // system salt. |
| 21 class TokenEncryptor { |
| 22 public: |
| 23 virtual ~TokenEncryptor() {} |
| 24 |
| 25 // Encrypts |token| with the system salt key (stable for the lifetime |
| 26 // of the device). Useful to avoid storing plain text in place like |
| 27 // Local State. |
| 28 virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; |
| 29 |
| 30 // Decrypts |token| with the system salt key (stable for the lifetime |
| 31 // of the device). |
| 32 virtual std::string DecryptWithSystemSalt( |
| 33 const std::string& encrypted_token_hex) = 0; |
| 34 }; |
| 35 |
| 36 // TokenEncryptor based on the cryptohome daemon. This implementation is used |
| 37 // in production. |
| 38 class CryptohomeTokenEncryptor : public TokenEncryptor { |
| 39 public: |
| 40 CryptohomeTokenEncryptor(); |
| 41 virtual ~CryptohomeTokenEncryptor(); |
| 42 |
| 43 // TokenEncryptor overrides: |
| 44 virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE; |
| 45 virtual std::string DecryptWithSystemSalt( |
| 46 const std::string& encrypted_token_hex) OVERRIDE; |
| 47 |
| 48 private: |
| 49 // Loads the system salt key based on the system salt from the cryptohome |
| 50 // daemon. Returns true on success. |
| 51 bool LoadSystemSaltKey(); |
| 52 |
| 53 // Converts |passphrase| to a SymmetricKey using the given |salt|. |
| 54 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, |
| 55 const std::string& salt); |
| 56 |
| 57 // Encrypts (AES) the token given |key| and |salt|. |
| 58 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, |
| 59 const std::string& salt, |
| 60 const std::string& token); |
| 61 |
| 62 // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. |
| 63 std::string DecryptTokenWithKey(crypto::SymmetricKey* key, |
| 64 const std::string& salt, |
| 65 const std::string& encrypted_token_hex); |
| 66 |
| 67 // The cached system salt obtained from the cryptohome daemon. |
| 68 std::string system_salt_; |
| 69 |
| 70 // A key based on the system salt. Useful for encrypting device-level |
| 71 // data for which we have no additional credentials. |
| 72 scoped_ptr<crypto::SymmetricKey> system_salt_key_; |
| 73 |
| 74 DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor); |
| 75 }; |
| 76 |
| 77 } // namespace chromeos |
| 78 |
| 79 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
OLD | NEW |