| Index: chromeos/cryptohome/cryptohome_library.cc
|
| diff --git a/chromeos/cryptohome/cryptohome_library.cc b/chromeos/cryptohome/cryptohome_library.cc
|
| index 721f932aa4ae5beb59a92cd253beaceddd29b62e..29745ca444e5f8b89f32d5e6b149d0cec6898fd8 100644
|
| --- a/chromeos/cryptohome/cryptohome_library.cc
|
| +++ b/chromeos/cryptohome/cryptohome_library.cc
|
| @@ -14,17 +14,12 @@
|
| #include "chromeos/dbus/cryptohome_client.h"
|
| #include "chromeos/dbus/dbus_method_call_status.h"
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| -#include "crypto/encryptor.h"
|
| -#include "crypto/nss_util.h"
|
| -#include "crypto/sha2.h"
|
| -#include "crypto/symmetric_key.h"
|
|
|
| namespace chromeos {
|
|
|
| namespace {
|
|
|
| const char kStubSystemSalt[] = "stub_system_salt";
|
| -const size_t kNonceSize = 16;
|
|
|
| } // namespace
|
|
|
| @@ -42,33 +37,8 @@ class CryptohomeLibraryImpl : public CryptohomeLibrary {
|
| return system_salt_;
|
| }
|
|
|
| - virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE {
|
| - // Don't care about token encryption while debugging.
|
| - if (!base::SysInfo::IsRunningOnChromeOS())
|
| - return token;
|
| -
|
| - if (!LoadSystemSaltKey()) {
|
| - LOG(WARNING) << "System salt key is not available for encrypt.";
|
| - return std::string();
|
| - }
|
| - return EncryptTokenWithKey(system_salt_key_.get(),
|
| - system_salt_,
|
| - token);
|
| - }
|
| -
|
| - virtual std::string DecryptWithSystemSalt(
|
| - const std::string& encrypted_token_hex) OVERRIDE {
|
| - // Don't care about token encryption while debugging.
|
| - if (!base::SysInfo::IsRunningOnChromeOS())
|
| - return encrypted_token_hex;
|
| -
|
| - if (!LoadSystemSaltKey()) {
|
| - LOG(WARNING) << "System salt key is not available for decrypt.";
|
| - return std::string();
|
| - }
|
| - return DecryptTokenWithKey(system_salt_key_.get(),
|
| - system_salt_,
|
| - encrypted_token_hex);
|
| + virtual std::string GetCachedSystemSalt() OVERRIDE {
|
| + return system_salt_;
|
| }
|
|
|
| private:
|
| @@ -85,104 +55,25 @@ class CryptohomeLibraryImpl : public CryptohomeLibrary {
|
| reinterpret_cast<const void*>(salt.data()), salt.size()));
|
| }
|
|
|
| - // TODO: should this use the system salt for both the password and the salt
|
| - // value, or should this use a separate salt value?
|
| - bool LoadSystemSaltKey() {
|
| - if (system_salt_.empty())
|
| - return false;
|
| - if (!system_salt_key_.get())
|
| - system_salt_key_.reset(PassphraseToKey(system_salt_, system_salt_));
|
| - return system_salt_key_.get();
|
| - }
|
| -
|
| - crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase,
|
| - const std::string& salt) {
|
| - return crypto::SymmetricKey::DeriveKeyFromPassword(
|
| - crypto::SymmetricKey::AES, passphrase, salt, 1000, 256);
|
| - }
|
| -
|
| -
|
| - // Encrypts (AES) the token given |key| and |salt|.
|
| - std::string EncryptTokenWithKey(crypto::SymmetricKey* key,
|
| - const std::string& salt,
|
| - const std::string& token) {
|
| - crypto::Encryptor encryptor;
|
| - if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) {
|
| - LOG(WARNING) << "Failed to initialize Encryptor.";
|
| - return std::string();
|
| - }
|
| - std::string nonce = salt.substr(0, kNonceSize);
|
| - std::string encoded_token;
|
| - CHECK(encryptor.SetCounter(nonce));
|
| - if (!encryptor.Encrypt(token, &encoded_token)) {
|
| - LOG(WARNING) << "Failed to encrypt token.";
|
| - return std::string();
|
| - }
|
| -
|
| - return StringToLowerASCII(base::HexEncode(
|
| - reinterpret_cast<const void*>(encoded_token.data()),
|
| - encoded_token.size()));
|
| - }
|
| -
|
| - // Decrypts (AES) hex encoded encrypted token given |key| and |salt|.
|
| - std::string DecryptTokenWithKey(crypto::SymmetricKey* key,
|
| - const std::string& salt,
|
| - const std::string& encrypted_token_hex) {
|
| - std::vector<uint8> encrypted_token_bytes;
|
| - if (!base::HexStringToBytes(encrypted_token_hex, &encrypted_token_bytes)) {
|
| - LOG(WARNING) << "Corrupt encrypted token found.";
|
| - return std::string();
|
| - }
|
| -
|
| - std::string encrypted_token(
|
| - reinterpret_cast<char*>(encrypted_token_bytes.data()),
|
| - encrypted_token_bytes.size());
|
| - crypto::Encryptor encryptor;
|
| - if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) {
|
| - LOG(WARNING) << "Failed to initialize Encryptor.";
|
| - return std::string();
|
| - }
|
| -
|
| - std::string nonce = salt.substr(0, kNonceSize);
|
| - std::string token;
|
| - CHECK(encryptor.SetCounter(nonce));
|
| - if (!encryptor.Decrypt(encrypted_token, &token)) {
|
| - LOG(WARNING) << "Failed to decrypt token.";
|
| - return std::string();
|
| - }
|
| - return token;
|
| - }
|
| -
|
| std::string system_salt_;
|
| - // A key based on the system salt. Useful for encrypting device-level
|
| - // data for which we have no additional credentials.
|
| - scoped_ptr<crypto::SymmetricKey> system_salt_key_;
|
|
|
| DISALLOW_COPY_AND_ASSIGN(CryptohomeLibraryImpl);
|
| };
|
|
|
| class CryptohomeLibraryStubImpl : public CryptohomeLibrary {
|
| public:
|
| - CryptohomeLibraryStubImpl()
|
| - : locked_(false) {}
|
| + CryptohomeLibraryStubImpl() {}
|
| virtual ~CryptohomeLibraryStubImpl() {}
|
|
|
| virtual std::string GetSystemSalt() OVERRIDE {
|
| return kStubSystemSalt;
|
| }
|
|
|
| - virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE {
|
| - return token;
|
| - }
|
| -
|
| - virtual std::string DecryptWithSystemSalt(
|
| - const std::string& encrypted_token_hex) OVERRIDE {
|
| - return encrypted_token_hex;
|
| + virtual std::string GetCachedSystemSalt() OVERRIDE {
|
| + return kStubSystemSalt;
|
| }
|
|
|
| private:
|
| - std::map<std::string, std::string> install_attrs_;
|
| - bool locked_;
|
| DISALLOW_COPY_AND_ASSIGN(CryptohomeLibraryStubImpl);
|
| };
|
|
|
|
|
Chromium Code Reviews
Issue 25975002:
cryptohome: Move Encrypt/DecryptWithSystemSalt() out of CryptohomeLibrary (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src