Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(46)

Unified Diff: chromeos/cryptohome/cryptohome_library.cc

Issue 25975002: cryptohome: Move Encrypt/DecryptWithSystemSalt() out of CryptohomeLibrary (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chromeos/cryptohome/cryptohome_library.cc
diff --git a/chromeos/cryptohome/cryptohome_library.cc b/chromeos/cryptohome/cryptohome_library.cc
index 721f932aa4ae5beb59a92cd253beaceddd29b62e..b5c54b8679b18a228088f995a2b0b623c6ab1010 100644
--- a/chromeos/cryptohome/cryptohome_library.cc
+++ b/chromeos/cryptohome/cryptohome_library.cc
@@ -14,17 +14,12 @@
#include "chromeos/dbus/cryptohome_client.h"
#include "chromeos/dbus/dbus_method_call_status.h"
#include "chromeos/dbus/dbus_thread_manager.h"
-#include "crypto/encryptor.h"
-#include "crypto/nss_util.h"
-#include "crypto/sha2.h"
-#include "crypto/symmetric_key.h"
namespace chromeos {
namespace {
const char kStubSystemSalt[] = "stub_system_salt";
-const size_t kNonceSize = 16;
} // namespace
@@ -42,35 +37,6 @@ class CryptohomeLibraryImpl : public CryptohomeLibrary {
return system_salt_;
}
- virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE {
- // Don't care about token encryption while debugging.
- if (!base::SysInfo::IsRunningOnChromeOS())
- return token;
-
- if (!LoadSystemSaltKey()) {
- LOG(WARNING) << "System salt key is not available for encrypt.";
- return std::string();
- }
- return EncryptTokenWithKey(system_salt_key_.get(),
- system_salt_,
- token);
- }
-
- virtual std::string DecryptWithSystemSalt(
- const std::string& encrypted_token_hex) OVERRIDE {
- // Don't care about token encryption while debugging.
- if (!base::SysInfo::IsRunningOnChromeOS())
- return encrypted_token_hex;
-
- if (!LoadSystemSaltKey()) {
- LOG(WARNING) << "System salt key is not available for decrypt.";
- return std::string();
- }
- return DecryptTokenWithKey(system_salt_key_.get(),
- system_salt_,
- encrypted_token_hex);
- }
-
private:
void LoadSystemSalt() {
if (!system_salt_.empty())
@@ -85,78 +51,7 @@ class CryptohomeLibraryImpl : public CryptohomeLibrary {
reinterpret_cast<const void*>(salt.data()), salt.size()));
}
- // TODO: should this use the system salt for both the password and the salt
- // value, or should this use a separate salt value?
- bool LoadSystemSaltKey() {
- if (system_salt_.empty())
- return false;
- if (!system_salt_key_.get())
- system_salt_key_.reset(PassphraseToKey(system_salt_, system_salt_));
- return system_salt_key_.get();
- }
-
- crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase,
- const std::string& salt) {
- return crypto::SymmetricKey::DeriveKeyFromPassword(
- crypto::SymmetricKey::AES, passphrase, salt, 1000, 256);
- }
-
-
- // Encrypts (AES) the token given |key| and |salt|.
- std::string EncryptTokenWithKey(crypto::SymmetricKey* key,
- const std::string& salt,
- const std::string& token) {
- crypto::Encryptor encryptor;
- if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) {
- LOG(WARNING) << "Failed to initialize Encryptor.";
- return std::string();
- }
- std::string nonce = salt.substr(0, kNonceSize);
- std::string encoded_token;
- CHECK(encryptor.SetCounter(nonce));
- if (!encryptor.Encrypt(token, &encoded_token)) {
- LOG(WARNING) << "Failed to encrypt token.";
- return std::string();
- }
-
- return StringToLowerASCII(base::HexEncode(
- reinterpret_cast<const void*>(encoded_token.data()),
- encoded_token.size()));
- }
-
- // Decrypts (AES) hex encoded encrypted token given |key| and |salt|.
- std::string DecryptTokenWithKey(crypto::SymmetricKey* key,
- const std::string& salt,
- const std::string& encrypted_token_hex) {
- std::vector<uint8> encrypted_token_bytes;
- if (!base::HexStringToBytes(encrypted_token_hex, &encrypted_token_bytes)) {
- LOG(WARNING) << "Corrupt encrypted token found.";
- return std::string();
- }
-
- std::string encrypted_token(
- reinterpret_cast<char*>(encrypted_token_bytes.data()),
- encrypted_token_bytes.size());
- crypto::Encryptor encryptor;
- if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) {
- LOG(WARNING) << "Failed to initialize Encryptor.";
- return std::string();
- }
-
- std::string nonce = salt.substr(0, kNonceSize);
- std::string token;
- CHECK(encryptor.SetCounter(nonce));
- if (!encryptor.Decrypt(encrypted_token, &token)) {
- LOG(WARNING) << "Failed to decrypt token.";
- return std::string();
- }
- return token;
- }
-
std::string system_salt_;
- // A key based on the system salt. Useful for encrypting device-level
- // data for which we have no additional credentials.
- scoped_ptr<crypto::SymmetricKey> system_salt_key_;
DISALLOW_COPY_AND_ASSIGN(CryptohomeLibraryImpl);
};
@@ -171,15 +66,6 @@ class CryptohomeLibraryStubImpl : public CryptohomeLibrary {
return kStubSystemSalt;
}
- virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE {
- return token;
- }
-
- virtual std::string DecryptWithSystemSalt(
- const std::string& encrypted_token_hex) OVERRIDE {
- return encrypted_token_hex;
- }
-
private:
std::map<std::string, std::string> install_attrs_;
bool locked_;

Powered by Google App Engine
This is Rietveld 408576698