| Index: chrome/browser/chromeos/settings/token_encryptor.h
|
| diff --git a/chrome/browser/chromeos/settings/token_encryptor.h b/chrome/browser/chromeos/settings/token_encryptor.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..8892dc6b2b6531512f9ef4e38a0b405d308d7715
|
| --- /dev/null
|
| +++ b/chrome/browser/chromeos/settings/token_encryptor.h
|
| @@ -0,0 +1,79 @@
|
| +// Copyright 2013 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
|
| +#define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
|
| +
|
| +#include <string>
|
| +
|
| +#include "base/basictypes.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| +
|
| +namespace crypto {
|
| +class SymmetricKey;
|
| +}
|
| +
|
| +namespace chromeos {
|
| +
|
| +// Interface class for classes that encrypt and decrypt tokens using the
|
| +// system salt.
|
| +class TokenEncryptor {
|
| + public:
|
| + virtual ~TokenEncryptor() {}
|
| +
|
| + // Encrypts |token| with the system salt key (stable for the lifetime
|
| + // of the device). Useful to avoid storing plain text in place like
|
| + // Local State.
|
| + virtual std::string EncryptWithSystemSalt(const std::string& token) = 0;
|
| +
|
| + // Decrypts |token| with the system salt key (stable for the lifetime
|
| + // of the device).
|
| + virtual std::string DecryptWithSystemSalt(
|
| + const std::string& encrypted_token_hex) = 0;
|
| +};
|
| +
|
| +// TokenEncryptor based on the cryptohome daemon. This implementation is used
|
| +// in production.
|
| +class CryptohomeTokenEncryptor : public TokenEncryptor {
|
| + public:
|
| + CryptohomeTokenEncryptor();
|
| + virtual ~CryptohomeTokenEncryptor();
|
| +
|
| + // TokenEncryptor overrides:
|
| + virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE;
|
| + virtual std::string DecryptWithSystemSalt(
|
| + const std::string& encrypted_token_hex) OVERRIDE;
|
| +
|
| + private:
|
| + // Loads the system salt key based on the system salt from the cryptohome
|
| + // daemon. Returns true on success.
|
| + bool LoadSystemSaltKey();
|
| +
|
| + // Converts |passphrase| to a SymmetricKey using the given |salt|.
|
| + crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase,
|
| + const std::string& salt);
|
| +
|
| + // Encrypts (AES) the token given |key| and |salt|.
|
| + std::string EncryptTokenWithKey(crypto::SymmetricKey* key,
|
| + const std::string& salt,
|
| + const std::string& token);
|
| +
|
| + // Decrypts (AES) hex encoded encrypted token given |key| and |salt|.
|
| + std::string DecryptTokenWithKey(crypto::SymmetricKey* key,
|
| + const std::string& salt,
|
| + const std::string& encrypted_token_hex);
|
| +
|
| + // The cached system salt obtained from the cryptohome daemon.
|
| + std::string system_salt_;
|
| +
|
| + // A key based on the system salt. Useful for encrypting device-level
|
| + // data for which we have no additional credentials.
|
| + scoped_ptr<crypto::SymmetricKey> system_salt_key_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor);
|
| +};
|
| +
|
| +} // namespace chromeos
|
| +
|
| +#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
|
|
|
Chromium Code Reviews
Issue 25975002:
cryptohome: Move Encrypt/DecryptWithSystemSalt() out of CryptohomeLibrary (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src