Chromium Code Reviews Chromium Code Reviews
Issue 2761353003:
Call OwnerKeyUtil::FindPrivateKeyInSlot() in the blocking pool. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" | 5 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h" |
| 6 | 6 |
| 7 #include <keyhi.h> | 7 #include <keyhi.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 58 ::switches::kTestType) || | 58 ::switches::kTestType) || |
| 59 !CrosSettings::IsInitialized()) { | 59 !CrosSettings::IsInitialized()) { |
| 60 return false; | 60 return false; |
| 61 } | 61 } |
| 62 const base::Value* value = CrosSettings::Get()->GetPref(kDeviceOwner); | 62 const base::Value* value = CrosSettings::Get()->GetPref(kDeviceOwner); |
| 63 if (!value || value->GetType() != base::Value::Type::STRING) | 63 if (!value || value->GetType() != base::Value::Type::STRING) |
| 64 return false; | 64 return false; |
| 65 return static_cast<const base::Value*>(value)->GetString() == user_id; | 65 return static_cast<const base::Value*>(value)->GetString() == user_id; |
| 66 } | 66 } |
| 67 | 67 |
| 68 void LoadPrivateKeyByPublicKey( | 68 void LoadPrivateKeyByPublicKeyOnWorkerThread( |
| 69 const scoped_refptr<OwnerKeyUtil>& owner_key_util, | 69 const scoped_refptr<OwnerKeyUtil>& owner_key_util, |
| 70 scoped_refptr<PublicKey> public_key, | 70 scoped_refptr<PublicKey> public_key, |
| 71 const std::string& username_hash, | 71 crypto::ScopedPK11Slot public_slot, |
| 72 crypto::ScopedPK11Slot private_slot, | |
| 72 const base::Callback<void(const scoped_refptr<PublicKey>& public_key, | 73 const base::Callback<void(const scoped_refptr<PublicKey>& public_key, |
| 73 const scoped_refptr<PrivateKey>& private_key)>& | 74 const scoped_refptr<PrivateKey>& private_key)>& |
| 74 callback) { | 75 callback) { |
|
Daniel Erat
2017/03/22 14:47:18
can you DCHECK that this is running on the right t
Shuhei Takahashi
2017/03/23 05:04:11
Done.
| |
| 75 crypto::EnsureNSSInit(); | |
| 76 crypto::ScopedPK11Slot public_slot = | |
| 77 crypto::GetPublicSlotForChromeOSUser(username_hash); | |
| 78 crypto::ScopedPK11Slot private_slot = crypto::GetPrivateSlotForChromeOSUser( | |
| 79 username_hash, base::Callback<void(crypto::ScopedPK11Slot)>()); | |
| 80 | |
| 81 // If private slot is already available, this will check it. If not, we'll get | 76 // If private slot is already available, this will check it. If not, we'll get |
| 82 // called again later when the TPM Token is ready, and the slot will be | 77 // called again later when the TPM Token is ready, and the slot will be |
| 83 // available then. FindPrivateKeyInSlot internally checks for a null slot if | 78 // available then. FindPrivateKeyInSlot internally checks for a null slot if |
| 84 // needbe. | 79 // needbe. |
| 85 // | 80 // |
| 86 // TODO(davidben): The null check should be in the caller rather than | 81 // TODO(davidben): The null check should be in the caller rather than |
| 87 // internally in the OwnerKeyUtil implementation. The tests currently get a | 82 // internally in the OwnerKeyUtil implementation. The tests currently get a |
| 88 // null private_slot and expect the mock OwnerKeyUtil to still be called. | 83 // null private_slot and expect the mock OwnerKeyUtil to still be called. |
| 89 scoped_refptr<PrivateKey> private_key( | 84 scoped_refptr<PrivateKey> private_key( |
| 90 new PrivateKey(owner_key_util->FindPrivateKeyInSlot(public_key->data(), | 85 new PrivateKey(owner_key_util->FindPrivateKeyInSlot(public_key->data(), |
| 91 private_slot.get()))); | 86 private_slot.get()))); |
| 92 if (!private_key->key()) { | 87 if (!private_key->key()) { |
| 93 private_key = new PrivateKey(owner_key_util->FindPrivateKeyInSlot( | 88 private_key = new PrivateKey(owner_key_util->FindPrivateKeyInSlot( |
| 94 public_key->data(), public_slot.get())); | 89 public_key->data(), public_slot.get())); |
| 95 } | 90 } |
| 96 BrowserThread::PostTask(BrowserThread::UI, | 91 BrowserThread::PostTask(BrowserThread::UI, |
| 97 FROM_HERE, | 92 FROM_HERE, |
| 98 base::Bind(callback, public_key, private_key)); | 93 base::Bind(callback, public_key, private_key)); |
| 99 } | 94 } |
| 100 | 95 |
| 96 void LoadPrivateKeyByPublicKey( | |
| 97 const scoped_refptr<OwnerKeyUtil>& owner_key_util, | |
| 98 scoped_refptr<PublicKey> public_key, | |
| 99 const std::string& username_hash, | |
| 100 const base::Callback<void(const scoped_refptr<PublicKey>& public_key, | |
| 101 const scoped_refptr<PrivateKey>& private_key)>& | |
| 102 callback) { | |
| 103 DCHECK_CURRENTLY_ON(BrowserThread::IO); | |
| 104 | |
| 105 crypto::EnsureNSSInit(); | |
| 106 crypto::ScopedPK11Slot public_slot = | |
| 107 crypto::GetPublicSlotForChromeOSUser(username_hash); | |
| 108 crypto::ScopedPK11Slot private_slot = crypto::GetPrivateSlotForChromeOSUser( | |
| 109 username_hash, base::Callback<void(crypto::ScopedPK11Slot)>()); | |
| 110 | |
| 111 // This task interacts with the TPM, so use the blocking pool. | |
| 112 scoped_refptr<base::TaskRunner> task_runner = | |
| 113 BrowserThread::GetBlockingPool()->GetTaskRunnerWithShutdownBehavior( | |
| 114 base::SequencedWorkerPool::SKIP_ON_SHUTDOWN); | |
| 115 task_runner->PostTask( | |
| 116 FROM_HERE, | |
| 117 base::Bind(&LoadPrivateKeyByPublicKeyOnWorkerThread, owner_key_util, | |
| 118 public_key, base::Passed(std::move(public_slot)), | |
| 119 base::Passed(std::move(private_slot)), callback)); | |
| 120 } | |
| 121 | |
| 101 void LoadPrivateKey( | 122 void LoadPrivateKey( |
| 102 const scoped_refptr<OwnerKeyUtil>& owner_key_util, | 123 const scoped_refptr<OwnerKeyUtil>& owner_key_util, |
| 103 const std::string username_hash, | 124 const std::string username_hash, |
| 104 const base::Callback<void(const scoped_refptr<PublicKey>& public_key, | 125 const base::Callback<void(const scoped_refptr<PublicKey>& public_key, |
| 105 const scoped_refptr<PrivateKey>& private_key)>& | 126 const scoped_refptr<PrivateKey>& private_key)>& |
| 106 callback) { | 127 callback) { |
| 107 std::vector<uint8_t> public_key_data; | 128 std::vector<uint8_t> public_key_data; |
| 108 scoped_refptr<PublicKey> public_key; | 129 scoped_refptr<PublicKey> public_key; |
| 109 if (!owner_key_util->ImportPublicKey(&public_key_data)) { | 130 if (!owner_key_util->ImportPublicKey(&public_key_data)) { |
| 110 scoped_refptr<PrivateKey> private_key; | 131 scoped_refptr<PrivateKey> private_key; |
| (...skipping 618 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 729 | 750 |
| 730 void OwnerSettingsServiceChromeOS::ReportStatusAndContinueStoring( | 751 void OwnerSettingsServiceChromeOS::ReportStatusAndContinueStoring( |
| 731 bool success) { | 752 bool success) { |
| 732 store_settings_factory_.InvalidateWeakPtrs(); | 753 store_settings_factory_.InvalidateWeakPtrs(); |
| 733 for (auto& observer : observers_) | 754 for (auto& observer : observers_) |
| 734 observer.OnSignedPolicyStored(success); | 755 observer.OnSignedPolicyStored(success); |
| 735 StorePendingChanges(); | 756 StorePendingChanges(); |
| 736 } | 757 } |
| 737 | 758 |
| 738 } // namespace chromeos | 759 } // namespace chromeos |
| OLD | NEW |
