Index: chrome/browser/chromeos/settings/token_encryptor.h |
diff --git a/chrome/browser/chromeos/settings/token_encryptor.h b/chrome/browser/chromeos/settings/token_encryptor.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..8892dc6b2b6531512f9ef4e38a0b405d308d7715 |
--- /dev/null |
+++ b/chrome/browser/chromeos/settings/token_encryptor.h |
@@ -0,0 +1,79 @@ |
+// Copyright 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
+#define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
+ |
+#include <string> |
+ |
+#include "base/basictypes.h" |
+#include "base/memory/scoped_ptr.h" |
+ |
+namespace crypto { |
+class SymmetricKey; |
+} |
+ |
+namespace chromeos { |
+ |
+// Interface class for classes that encrypt and decrypt tokens using the |
+// system salt. |
+class TokenEncryptor { |
+ public: |
+ virtual ~TokenEncryptor() {} |
+ |
+ // Encrypts |token| with the system salt key (stable for the lifetime |
+ // of the device). Useful to avoid storing plain text in place like |
+ // Local State. |
+ virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; |
+ |
+ // Decrypts |token| with the system salt key (stable for the lifetime |
+ // of the device). |
+ virtual std::string DecryptWithSystemSalt( |
+ const std::string& encrypted_token_hex) = 0; |
+}; |
+ |
+// TokenEncryptor based on the cryptohome daemon. This implementation is used |
+// in production. |
+class CryptohomeTokenEncryptor : public TokenEncryptor { |
+ public: |
+ CryptohomeTokenEncryptor(); |
+ virtual ~CryptohomeTokenEncryptor(); |
+ |
+ // TokenEncryptor overrides: |
+ virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE; |
+ virtual std::string DecryptWithSystemSalt( |
+ const std::string& encrypted_token_hex) OVERRIDE; |
+ |
+ private: |
+ // Loads the system salt key based on the system salt from the cryptohome |
+ // daemon. Returns true on success. |
+ bool LoadSystemSaltKey(); |
+ |
+ // Converts |passphrase| to a SymmetricKey using the given |salt|. |
+ crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, |
+ const std::string& salt); |
+ |
+ // Encrypts (AES) the token given |key| and |salt|. |
+ std::string EncryptTokenWithKey(crypto::SymmetricKey* key, |
+ const std::string& salt, |
+ const std::string& token); |
+ |
+ // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. |
+ std::string DecryptTokenWithKey(crypto::SymmetricKey* key, |
+ const std::string& salt, |
+ const std::string& encrypted_token_hex); |
+ |
+ // The cached system salt obtained from the cryptohome daemon. |
+ std::string system_salt_; |
+ |
+ // A key based on the system salt. Useful for encrypting device-level |
+ // data for which we have no additional credentials. |
+ scoped_ptr<crypto::SymmetricKey> system_salt_key_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor); |
+}; |
+ |
+} // namespace chromeos |
+ |
+#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |