| OLD | NEW |
|---|
| 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/logging.h" | 5 #include <base/logging.h> |
| 6 #include "chromeos/utility.h" | 6 #include <chromeos/utility.h> |
| 7 #include "cryptohome/cryptohome_common.h" | 7 |
| 8 #include "cryptohome/vault_keyset.h" | 8 #include "cryptohome_common.h" |
| 9 #include "vault_keyset.h" |
| 9 | 10 |
| 10 namespace cryptohome { | 11 namespace cryptohome { |
| 11 | 12 |
| 12 VaultKeyset::VaultKeyset() | 13 VaultKeyset::VaultKeyset() |
| 13 : major_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MAJOR), | 14 : major_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MAJOR), |
| 14 minor_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MINOR) { | 15 minor_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MINOR) { |
| 15 } | 16 } |
| 16 | 17 |
| 17 VaultKeyset::VaultKeyset(const SecureBlob& source) | |
| 18 : major_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MAJOR), | |
| 19 minor_version_(CRYPTOHOME_VAULT_KEYSET_VERSION_MINOR) { | |
| 20 AssignBuffer(source); | |
| 21 } | |
| 22 | |
| 23 bool VaultKeyset::AssignBuffer(const SecureBlob& source) { | 18 bool VaultKeyset::AssignBuffer(const SecureBlob& source) { |
| 24 if(source.size() < VaultKeyset::SerializedSize()) { | 19 if(source.size() < VaultKeyset::SerializedSize()) { |
| 25 LOG(ERROR) << "Input buffer is too small."; | 20 LOG(ERROR) << "Input buffer is too small."; |
| 26 return false; | 21 return false; |
| 27 } | 22 } |
| 28 | 23 |
| 29 int offset = 0; | 24 int offset = 0; |
| 30 VaultKeysetHeader header; | 25 VaultKeysetHeader header; |
| 31 memcpy(&header, &source[offset], sizeof(header)); | 26 memcpy(&header, &source[offset], sizeof(header)); |
| 32 offset += sizeof(header); | 27 offset += sizeof(header); |
| (...skipping 11 matching lines...) Expand all Loading... |
| 44 fek_sig_.resize(sizeof(keys.fek_sig)); | 39 fek_sig_.resize(sizeof(keys.fek_sig)); |
| 45 memcpy(&fek_sig_[0], keys.fek_sig, fek_sig_.size()); | 40 memcpy(&fek_sig_[0], keys.fek_sig, fek_sig_.size()); |
| 46 fek_salt_.resize(sizeof(keys.fek_salt)); | 41 fek_salt_.resize(sizeof(keys.fek_salt)); |
| 47 memcpy(&fek_salt_[0], keys.fek_salt, fek_salt_.size()); | 42 memcpy(&fek_salt_[0], keys.fek_salt, fek_salt_.size()); |
| 48 fnek_.resize(sizeof(keys.fnek)); | 43 fnek_.resize(sizeof(keys.fnek)); |
| 49 memcpy(&fnek_[0], keys.fnek, fnek_.size()); | 44 memcpy(&fnek_[0], keys.fnek, fnek_.size()); |
| 50 fnek_sig_.resize(sizeof(keys.fnek_sig)); | 45 fnek_sig_.resize(sizeof(keys.fnek_sig)); |
| 51 memcpy(&fnek_sig_[0], keys.fnek_sig, fnek_sig_.size()); | 46 memcpy(&fnek_sig_[0], keys.fnek_sig, fnek_sig_.size()); |
| 52 fnek_salt_.resize(sizeof(keys.fnek_salt)); | 47 fnek_salt_.resize(sizeof(keys.fnek_salt)); |
| 53 memcpy(&fnek_salt_[0], keys.fnek_salt, fnek_salt_.size()); | 48 memcpy(&fnek_salt_[0], keys.fnek_salt, fnek_salt_.size()); |
| 54 chromeos::SecureMemset(&keys, sizeof(keys), 0); | 49 chromeos::SecureMemset(&keys, 0, sizeof(keys)); |
| 55 | 50 |
| 56 return true; | 51 return true; |
| 57 } | 52 } |
| 58 | 53 |
| 59 SecureBlob VaultKeyset::ToBuffer() const { | 54 bool VaultKeyset::ToBuffer(SecureBlob* buffer) const { |
| 60 SecureBlob buffer(VaultKeyset::SerializedSize()); | 55 SecureBlob local_buffer(VaultKeyset::SerializedSize()); |
| 56 unsigned char* data = static_cast<unsigned char*>(local_buffer.data()); |
| 61 | 57 |
| 62 VaultKeysetHeader header; | 58 VaultKeysetHeader header; |
| 63 memcpy(header.signature, kVaultKeysetSignature, sizeof(header.signature)); | 59 memcpy(header.signature, kVaultKeysetSignature, sizeof(header.signature)); |
| 64 header.major_version = major_version_; | 60 header.major_version = major_version_; |
| 65 header.minor_version = minor_version_; | 61 header.minor_version = minor_version_; |
| 66 memcpy(&buffer[0], &header, sizeof(header)); | 62 memcpy(data, &header, sizeof(header)); |
| 67 | 63 |
| 68 VaultKeysetKeys keys; | 64 VaultKeysetKeys keys; |
| 69 chromeos::SecureMemset(&keys, sizeof(keys), 0); | 65 chromeos::SecureMemset(&keys, 0, sizeof(keys)); |
| 70 memcpy(keys.fek, &fek_[0], | 66 if (fek_.size() != sizeof(keys.fek)) { |
| 71 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIZE, sizeof(keys.fek))); | 67 return false; |
| 72 memcpy(keys.fek_sig, &fek_sig_[0], | 68 } |
| 73 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE, | 69 memcpy(keys.fek, fek_.const_data(), sizeof(keys.fek)); |
| 74 sizeof(keys.fek_sig))); | 70 if (fek_sig_.size() != sizeof(keys.fek_sig)) { |
| 75 memcpy(keys.fek_salt, &fek_salt_[0], | 71 return false; |
| 76 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE, | 72 } |
| 77 sizeof(keys.fek_salt))); | 73 memcpy(keys.fek_sig, fek_sig_.const_data(), sizeof(keys.fek_sig)); |
| 78 memcpy(keys.fnek, &fnek_[0], | 74 if (fek_salt_.size() != sizeof(keys.fek_salt)) { |
| 79 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIZE, sizeof(keys.fnek))); | 75 return false; |
| 80 memcpy(keys.fnek_sig, &fnek_sig_[0], | 76 } |
| 81 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE, | 77 memcpy(keys.fek_salt, fek_salt_.const_data(), sizeof(keys.fek_salt)); |
| 82 sizeof(keys.fnek_sig))); | 78 if (fnek_.size() != sizeof(keys.fnek)) { |
| 83 memcpy(keys.fnek_salt, &fnek_salt_[0], | 79 return false; |
| 84 CRYPTOHOME_MIN(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE, | 80 } |
| 85 sizeof(keys.fnek_salt))); | 81 memcpy(keys.fnek, fnek_.const_data(), sizeof(keys.fnek)); |
| 86 memcpy(&buffer[sizeof(header)], &keys, sizeof(keys)); | 82 if (fnek_sig_.size() != sizeof(keys.fnek_sig)) { |
| 87 chromeos::SecureMemset(&keys, sizeof(keys), 0); | 83 return false; |
| 84 } |
| 85 memcpy(keys.fnek_sig, fnek_sig_.const_data(), sizeof(keys.fnek_sig)); |
| 86 if (fnek_salt_.size() != sizeof(keys.fnek_salt)) { |
| 87 return false; |
| 88 } |
| 89 memcpy(keys.fnek_salt, fnek_salt_.const_data(), sizeof(keys.fnek_salt)); |
| 90 memcpy(&data[sizeof(header)], &keys, sizeof(keys)); |
| 91 chromeos::SecureMemset(&keys, 0, sizeof(keys)); |
| 88 | 92 |
| 89 return buffer; | 93 buffer->swap(local_buffer); |
| 94 return true; |
| 90 } | 95 } |
| 91 | 96 |
| 92 void VaultKeyset::CreateRandom(const EntropySource& entropy_source) { | 97 void VaultKeyset::CreateRandom(const EntropySource& entropy_source) { |
| 93 fek_.resize(CRYPTOHOME_DEFAULT_KEY_SIZE); | 98 fek_.resize(CRYPTOHOME_DEFAULT_KEY_SIZE); |
| 94 entropy_source.GetSecureRandom(&fek_[0], fek_.size()); | 99 entropy_source.GetSecureRandom(&fek_[0], fek_.size()); |
| 95 | 100 |
| 96 fek_sig_.resize(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE); | 101 fek_sig_.resize(CRYPTOHOME_DEFAULT_KEY_SIGNATURE_SIZE); |
| 97 entropy_source.GetSecureRandom(&fek_sig_[0], fek_sig_.size()); | 102 entropy_source.GetSecureRandom(&fek_sig_[0], fek_sig_.size()); |
| 98 | 103 |
| 99 fek_salt_.resize(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE); | 104 fek_salt_.resize(CRYPTOHOME_DEFAULT_KEY_SALT_SIZE); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 130 } | 135 } |
| 131 | 136 |
| 132 const SecureBlob& VaultKeyset::FNEK_SALT() const { | 137 const SecureBlob& VaultKeyset::FNEK_SALT() const { |
| 133 return fnek_salt_; | 138 return fnek_salt_; |
| 134 } | 139 } |
| 135 | 140 |
| 136 unsigned int VaultKeyset::SerializedSize() { | 141 unsigned int VaultKeyset::SerializedSize() { |
| 137 return sizeof(VaultKeysetHeader) + sizeof(VaultKeysetKeys); | 142 return sizeof(VaultKeysetHeader) + sizeof(VaultKeysetKeys); |
| 138 } | 143 } |
| 139 | 144 |
| 140 } // cryptohome | 145 } // namespace cryptohome |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2645008:
Update on feedback, update dbus API, add unit tests. TEST=manual,unit,BVT BUG=3628 323 (Closed)
Base URL: ssh://git@chromiumos-git/cryptohome.git