Force encryption migration if the device supports ARC.

chromeos/login/auth/cryptohome_authenticator.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chromeos/login/auth/cryptohome_authenticator.h"
 
 #include <stdint.h>
 
 #include <vector>
 
@@ skipping 131 matching lines @@
   resolver->Resolve();
 }
 
 // Calls cryptohome's MountEx() method. The key in |attempt->user_context| must
 // not be a plain text password. If the user provided a plain text password,
 // that password must be transformed to another key type (by salted hashing)
 // before calling this method.
 void DoMount(const base::WeakPtr<AuthAttemptState>& attempt,
              scoped_refptr<CryptohomeAuthenticator> resolver,
              bool ephemeral,
-             bool create_if_nonexistent) {
+             bool create_if_nonexistent,
+             bool force_dircrypto_if_available) {

[xiyuan, 2017/04/05 21:15:11]

I don't think we need this extra arg. |attempt| holds a copy of UserContext and
we could get this from there.

[fukino, 2017/04/06 14:22:17]

Done.
I didn't noticed that we can use |attempt|. The patch gets much simpler. Thank
you!

   const Key* key = attempt->user_context.GetKey();
   // If the |key| is a plain text password, crash rather than attempting to
   // mount the cryptohome with a plain text password.
   CHECK_NE(Key::KEY_TYPE_PASSWORD_PLAIN, key->GetKeyType());
 
   // Set state that username_hash is requested here so that test implementation
   // that returns directly would not generate 2 OnLoginSucces() calls.
   attempt->UsernameHashRequested();
 
   // Set the authentication's key label to an empty string, which is a wildcard
   // allowing any key to match. This is necessary because cryptohomes created by
   // Chrome OS M38 and older will have a legacy key with no label while those
   // created by Chrome OS M39 and newer will have a key with the label
   // kCryptohomeGAIAKeyLabel.
   const cryptohome::KeyDefinition auth_key(key->GetSecret(),
                                            std::string(),
                                            cryptohome::PRIV_DEFAULT);
   cryptohome::MountParameters mount(ephemeral);
   if (create_if_nonexistent) {
     mount.create_keys.push_back(cryptohome::KeyDefinition(
         key->GetSecret(),
         kCryptohomeGAIAKeyLabel,
         cryptohome::PRIV_DEFAULT));
   }
+  mount.force_dircrypto_if_available = force_dircrypto_if_available;
 
   cryptohome::HomedirMethods::GetInstance()->MountEx(
       cryptohome::Identification(attempt->user_context.GetAccountId()),
       cryptohome::Authorization(auth_key), mount,
       base::Bind(&OnMount, attempt, resolver));
 }
 
 // Handle cryptohome migration status.
 void OnCryptohomeRenamed(const base::WeakPtr<AuthAttemptState>& attempt,
                          scoped_refptr<CryptohomeAuthenticator> resolver,
                          bool ephemeral,
                          bool create_if_nonexistent,
+                         bool force_dircrypto_if_available,
                          bool success,
                          cryptohome::MountError return_code) {
   chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(
       "CryptohomeRename-End", false);
   const AccountId account_id = attempt->user_context.GetAccountId();
   if (success) {
     cryptohome::SetGaiaIdMigrationStatusDone(account_id);
     UMACryptohomeMigrationToGaiaId(CryptohomeMigrationToGaiaId::SUCCESS);
   } else {
     LOG(ERROR) << "Failed to rename cryptohome for account_id='"
                << account_id.Serialize() << "' (return_code=" << return_code
                << ")";
     // If rename fails, we can still use legacy cryptohome identifier.
     // Proceed to DoMount.
     UMACryptohomeMigrationToGaiaId(CryptohomeMigrationToGaiaId::FAILURE);
   }
-  DoMount(attempt, resolver, ephemeral, create_if_nonexistent);
+  DoMount(attempt, resolver, ephemeral, create_if_nonexistent,
+          force_dircrypto_if_available);
 }
 
 // This method migrates cryptohome identifier to gaia id (if needed),
 // and then calls Mount.
 void EnsureCryptohomeMigratedToGaiaId(
     const base::WeakPtr<AuthAttemptState>& attempt,
     scoped_refptr<CryptohomeAuthenticator> resolver,
     bool ephemeral,
-    bool create_if_nonexistent) {
+    bool create_if_nonexistent,
+    bool force_dircrypto_if_available) {
   if (attempt->user_context.GetAccountId().GetAccountType() ==
       AccountType::ACTIVE_DIRECTORY) {
     cryptohome::SetGaiaIdMigrationStatusDone(
         attempt->user_context.GetAccountId());
   }
   const bool is_gaiaid_migration_started = switches::IsGaiaIdMigrationStarted();
   if (!is_gaiaid_migration_started) {
     UMACryptohomeMigrationToGaiaId(CryptohomeMigrationToGaiaId::NOT_STARTED);
-    DoMount(attempt, resolver, ephemeral, create_if_nonexistent);
+    DoMount(attempt, resolver, ephemeral, create_if_nonexistent,
+            force_dircrypto_if_available);
     return;
   }
   const bool already_migrated = cryptohome::GetGaiaIdMigrationStatus(
       attempt->user_context.GetAccountId());
   const bool has_account_key =
       attempt->user_context.GetAccountId().HasAccountIdKey();
 
   bool need_migration = false;
   if (!create_if_nonexistent && !already_migrated) {
     if (has_account_key) {
       need_migration = true;
     } else {
       LOG(WARNING) << "Account '"
                    << attempt->user_context.GetAccountId().Serialize()
                    << "' has no gaia id. Cryptohome migration skipped.";
     }
   }
   if (need_migration) {
     chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(
         "CryptohomeRename-Start", false);
     const std::string& cryptohome_id_from =
         attempt->user_context.GetAccountId().GetUserEmail();  // Migrated
     const std::string cryptohome_id_to =
         attempt->user_context.GetAccountId().GetAccountIdKey();
 
     cryptohome::HomedirMethods::GetInstance()->RenameCryptohome(
         cryptohome::Identification::FromString(cryptohome_id_from),
         cryptohome::Identification::FromString(cryptohome_id_to),
         base::Bind(&OnCryptohomeRenamed, attempt, resolver, ephemeral,
-                   create_if_nonexistent));
+                   create_if_nonexistent, force_dircrypto_if_available));
     return;
   }
   if (!already_migrated && has_account_key) {
     // Mark new users migrated.
     cryptohome::SetGaiaIdMigrationStatusDone(
         attempt->user_context.GetAccountId());
   }
   if (already_migrated) {
     UMACryptohomeMigrationToGaiaId(
         CryptohomeMigrationToGaiaId::ALREADY_MIGRATED);
   }
 
-  DoMount(attempt, resolver, ephemeral, create_if_nonexistent);
+  DoMount(attempt, resolver, ephemeral, create_if_nonexistent,
+          force_dircrypto_if_available);
 }
 
 // Callback invoked when the system salt has been retrieved. Transforms the key
 // in |attempt->user_context| using Chrome's default hashing algorithm and the
 // system salt, then calls MountEx().
 void OnGetSystemSalt(const base::WeakPtr<AuthAttemptState>& attempt,
                      scoped_refptr<CryptohomeAuthenticator> resolver,
                      bool ephemeral,
                      bool create_if_nonexistent,
+                     bool force_dircrypto_if_available,
                      const std::string& system_salt) {
   DCHECK_EQ(Key::KEY_TYPE_PASSWORD_PLAIN,
             attempt->user_context.GetKey()->GetKeyType());
 
   attempt->user_context.GetKey()->Transform(
       Key::KEY_TYPE_SALTED_SHA256_TOP_HALF,
       system_salt);
 
   EnsureCryptohomeMigratedToGaiaId(attempt, resolver, ephemeral,
-                                   create_if_nonexistent);
+                                   create_if_nonexistent,
+                                   force_dircrypto_if_available);
 }
 
 // Callback invoked when cryptohome's GetKeyDataEx() method has finished.
 // * If GetKeyDataEx() returned metadata indicating the hashing algorithm and
 //   salt that were used to generate the key for this user's cryptohome,
 //   transforms the key in |attempt->user_context| with the same parameters.
 // * Otherwise, starts the retrieval of the system salt so that the key in
 //   |attempt->user_context| can be transformed with Chrome's default hashing
 //   algorithm and the system salt.
 // The resulting key is then passed to cryptohome's MountEx().
 void OnGetKeyDataEx(
     const base::WeakPtr<AuthAttemptState>& attempt,
     scoped_refptr<CryptohomeAuthenticator> resolver,
     bool ephemeral,
     bool create_if_nonexistent,
+    bool force_dircrypto_if_available,
     bool success,
     cryptohome::MountError return_code,
     const std::vector<cryptohome::KeyDefinition>& key_definitions) {
   if (success) {
     if (key_definitions.size() == 1) {
       const cryptohome::KeyDefinition& key_definition = key_definitions.front();
       DCHECK_EQ(kCryptohomeGAIAKeyLabel, key_definition.label);
 
       // Extract the key type and salt from |key_definition|, if present.
       std::unique_ptr<int64_t> type;
@@ skipping 24 matching lines @@
         if (!salt) {
           LOGIN_LOG(ERROR) << "Missing salt.";
           RecordKeyErrorAndResolve(attempt, resolver);
           return;
         }
 
         attempt->user_context.GetKey()->Transform(
             static_cast<Key::KeyType>(*type),
             *salt);
         EnsureCryptohomeMigratedToGaiaId(attempt, resolver, ephemeral,
-                                         create_if_nonexistent);
+                                         create_if_nonexistent,
+                                         force_dircrypto_if_available);
         return;
       }
     } else {
       LOGIN_LOG(EVENT) << "GetKeyDataEx() returned " << key_definitions.size()
                        << " entries.";
     }
   }
 
-  SystemSaltGetter::Get()->GetSystemSalt(base::Bind(&OnGetSystemSalt,
-                                                    attempt,
-                                                    resolver,
-                                                    ephemeral,
-                                                    create_if_nonexistent));
+  SystemSaltGetter::Get()->GetSystemSalt(
+      base::Bind(&OnGetSystemSalt, attempt, resolver, ephemeral,
+                 create_if_nonexistent, force_dircrypto_if_available));
 }
 
 // Starts the process that will mount a user's cryptohome.
 // * If the key in |attempt->user_context| is not a plain text password,
 //   cryptohome's MountEx() method is called directly with the key.
 // * Otherwise, the key must be transformed (by salted hashing) before being
 //   passed to MountEx(). In that case, cryptohome's GetKeyDataEx() method is
 //   called to retrieve metadata indicating the hashing algorithm and salt that
 //   were used to generate the key for this user's cryptohome and the key is
 //   transformed accordingly before calling MountEx().
 void StartMount(const base::WeakPtr<AuthAttemptState>& attempt,
                 scoped_refptr<CryptohomeAuthenticator> resolver,
                 bool ephemeral,
-                bool create_if_nonexistent) {
+                bool create_if_nonexistent,
+                bool force_dircrypto_if_available) {
   chromeos::LoginEventRecorder::Get()->AddLoginTimeMarker(
       "CryptohomeMount-Start", false);
 
   if (attempt->user_context.GetKey()->GetKeyType() !=
           Key::KEY_TYPE_PASSWORD_PLAIN) {
     EnsureCryptohomeMigratedToGaiaId(attempt, resolver, ephemeral,
-                                     create_if_nonexistent);
+                                     create_if_nonexistent,
+                                     force_dircrypto_if_available);
     return;
   }
 
   cryptohome::HomedirMethods::GetInstance()->GetKeyDataEx(
       cryptohome::Identification(attempt->user_context.GetAccountId()),
-      kCryptohomeGAIAKeyLabel, base::Bind(&OnGetKeyDataEx, attempt, resolver,
-                                          ephemeral, create_if_nonexistent));
+      kCryptohomeGAIAKeyLabel,
+      base::Bind(&OnGetKeyDataEx, attempt, resolver, ephemeral,
+                 create_if_nonexistent, force_dircrypto_if_available));
 }
 
 // Calls cryptohome's mount method for guest and also get the user hash from
 // cryptohome.
 void MountGuestAndGetHash(const base::WeakPtr<AuthAttemptState>& attempt,
                           scoped_refptr<CryptohomeAuthenticator> resolver) {
   attempt->UsernameHashRequested();
   cryptohome::AsyncMethodCaller::GetInstance()->AsyncMountGuest(
       base::Bind(&TriggerResolveWithLoginTimeMarker,
                  "CryptohomeMount-End",
@@ skipping 97 matching lines @@
   authentication_context_ = context;
   current_state_.reset(new AuthAttemptState(user_context,
                                             false,  // unlock
                                             false,  // online_complete
                                             !IsKnownUser(user_context)));
   // Reset the verified flag.
   owner_is_verified_ = false;
 
   StartMount(current_state_->AsWeakPtr(),
              scoped_refptr<CryptohomeAuthenticator>(this),
-             false /* ephemeral */, false /* create_if_nonexistent */);
+             false /* ephemeral */, false /* create_if_nonexistent */,
+             user_context.IsForcingDircrypto());
 }
 
 void CryptohomeAuthenticator::CompleteLogin(content::BrowserContext* context,
                                             const UserContext& user_context) {
   DCHECK(user_context.GetUserType() == user_manager::USER_TYPE_REGULAR ||
          user_context.GetUserType() ==
              user_manager::USER_TYPE_ACTIVE_DIRECTORY);
   authentication_context_ = context;
   current_state_.reset(new AuthAttemptState(user_context,
                                             true,   // unlock
                                             false,  // online_complete
                                             !IsKnownUser(user_context)));
 
   // Reset the verified flag.
   owner_is_verified_ = false;
 
   StartMount(current_state_->AsWeakPtr(),
              scoped_refptr<CryptohomeAuthenticator>(this),
-             false /* ephemeral */, false /* create_if_nonexistent */);
+             false /* ephemeral */, false /* create_if_nonexistent */,
+             user_context.IsForcingDircrypto());
 
   // For login completion from extension, we just need to resolve the current
   // auth attempt state, the rest of OAuth related tasks will be done in
   // parallel.
   task_runner_->PostTask(
       FROM_HERE,
       base::Bind(&CryptohomeAuthenticator::ResolveLoginCompletionStatus, this));
 }
 
 void CryptohomeAuthenticator::AuthenticateToUnlock(
@@ skipping 16 matching lines @@
   DCHECK_EQ(user_manager::USER_TYPE_SUPERVISED, user_context.GetUserType());
 
   // TODO(nkostylev): Pass proper value for |user_is_new| or remove (not used).
   current_state_.reset(new AuthAttemptState(user_context,
                                             false,    // unlock
                                             false,    // online_complete
                                             false));  // user_is_new
   remove_user_data_on_failure_ = false;
   StartMount(current_state_->AsWeakPtr(),
              scoped_refptr<CryptohomeAuthenticator>(this),
-             false /* ephemeral */, false /* create_if_nonexistent */);
+             false /* ephemeral */, false /* create_if_nonexistent */,
+             user_context.IsForcingDircrypto());
 }
 
 void CryptohomeAuthenticator::LoginOffTheRecord() {
   DCHECK(task_runner_->RunsTasksOnCurrentThread());
   current_state_.reset(
       new AuthAttemptState(UserContext(user_manager::USER_TYPE_GUEST,
                                        user_manager::GuestAccountId()),
                            false,    // unlock
                            false,    // online_complete
                            false));  // user_is_new
@@ skipping 10 matching lines @@
 
   current_state_.reset(
       new AuthAttemptState(user_context,
                            false,    // unlock
                            false,    // online_complete
                            false));  // user_is_new
   remove_user_data_on_failure_ = false;
   ephemeral_mount_attempted_ = true;
   StartMount(current_state_->AsWeakPtr(),
              scoped_refptr<CryptohomeAuthenticator>(this), true /* ephemeral */,
-             true /* create_if_nonexistent */);
+             true /* create_if_nonexistent */,
+             user_context.IsForcingDircrypto());

[fukino, 2017/04/05 15:59:56]

If the cryptohome is ephemeral, IsForcingDircrypto does not make sense (it will
be just ignored).
I'm passing user_context.IsForcingDircrypto() here just for consistency.

[xiyuan, 2017/04/05 21:15:11]

IMHO, not making much sense to force dircrypto for ephemeral mount.

Anyway, my other comment is to remove this arg and use the UserContext in
AuthAttemptState.

[fukino, 2017/04/06 14:22:17]

I updated the code to use the UserContext in AuthAttemptState and not to add the
arguments.

 }
 
 void CryptohomeAuthenticator::LoginAsKioskAccount(
     const AccountId& app_account_id,
     bool use_guest_mount) {
   DCHECK(task_runner_->RunsTasksOnCurrentThread());
 
   const AccountId& account_id =
       use_guest_mount ? user_manager::GuestAccountId() : app_account_id;
   current_state_.reset(new AuthAttemptState(
@@ skipping 191 matching lines @@
                              base::Bind(&CryptohomeAuthenticator::OnAuthFailure,
                                         this,
                                         *delayed_login_failure_));
       break;
     case CREATE_NEW:
       create_if_nonexistent = true;
     case RECOVER_MOUNT:
       current_state_->ResetCryptohomeStatus();
       StartMount(current_state_->AsWeakPtr(),
                  scoped_refptr<CryptohomeAuthenticator>(this),
-                 false /*ephemeral*/, create_if_nonexistent);
+                 false /*ephemeral*/, create_if_nonexistent,
+                 false /*force_dircrypto_if_available*/);
       break;
     case NEED_OLD_PW:
       task_runner_->PostTask(
           FROM_HERE,
           base::Bind(&CryptohomeAuthenticator::OnPasswordChangeDetected, this));
       break;
     case ONLINE_FAILED:
     case NEED_NEW_PW:
     case HAVE_NEW_PW:
       NOTREACHED() << "Using obsolete ClientLogin code path.";
@@ skipping 209 matching lines @@
   Resolve();
 }
 
 void CryptohomeAuthenticator::SetOwnerState(bool owner_check_finished,
                                             bool check_result) {
   owner_is_verified_ = owner_check_finished;
   user_can_login_ = check_result;
 }
 
 }  // namespace chromeos