| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/signin/easy_unlock_service_signin_chromeos.h" | 5 #include "chrome/browser/signin/easy_unlock_service_signin_chromeos.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/base64url.h" | 9 #include "base/base64url.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| 11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 12 #include "base/json/json_string_value_serializer.h" |
| 12 #include "base/location.h" | 13 #include "base/location.h" |
| 13 #include "base/logging.h" | 14 #include "base/logging.h" |
| 14 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
| 15 #include "base/sys_info.h" | 16 #include "base/sys_info.h" |
| 16 #include "base/threading/thread_task_runner_handle.h" | 17 #include "base/threading/thread_task_runner_handle.h" |
| 17 #include "base/time/time.h" | 18 #include "base/time/time.h" |
| 18 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_challenge_wrappe
r.h" | 19 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_challenge_wrappe
r.h" |
| 19 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h" | 20 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h" |
| 20 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.
h" | 21 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.
h" |
| 21 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_
factory.h" | 22 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_
factory.h" |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 86 const chromeos::EasyUnlockKeyManager::GetDeviceDataListCallback& callback) { | 87 const chromeos::EasyUnlockKeyManager::GetDeviceDataListCallback& callback) { |
| 87 chromeos::EasyUnlockKeyManager* key_manager = | 88 chromeos::EasyUnlockKeyManager* key_manager = |
| 88 chromeos::UserSessionManager::GetInstance()->GetEasyUnlockKeyManager(); | 89 chromeos::UserSessionManager::GetInstance()->GetEasyUnlockKeyManager(); |
| 89 DCHECK(key_manager); | 90 DCHECK(key_manager); |
| 90 | 91 |
| 91 key_manager->GetDeviceDataList( | 92 key_manager->GetDeviceDataList( |
| 92 chromeos::UserContext(account_id), | 93 chromeos::UserContext(account_id), |
| 93 base::Bind(&RetryDataLoadOnError, account_id, backoff_ms, callback)); | 94 base::Bind(&RetryDataLoadOnError, account_id, backoff_ms, callback)); |
| 94 } | 95 } |
| 95 | 96 |
| 97 // Deserializes a vector of BeaconSeeds. If an error occurs, an empty vector |
| 98 // will be returned. Note: The logic to serialize BeaconSeeds lives in |
| 99 // EasyUnlockServiceRegular. |
| 100 // Note: The serialization of device data inside a user session is different |
| 101 // than outside the user session (sign-in). RemoteDevices are serialized as |
| 102 // protocol buffers inside the user session, but we have a custom serialization |
| 103 // scheme for sign-in due to slightly different data requirements. |
| 104 std::vector<cryptauth::BeaconSeed> DeserializeBeaconSeeds( |
| 105 const std::string& serialized_beacon_seeds) { |
| 106 std::vector<cryptauth::BeaconSeed> beacon_seeds; |
| 107 |
| 108 JSONStringValueDeserializer deserializer(serialized_beacon_seeds); |
| 109 std::string error; |
| 110 std::unique_ptr<base::Value> deserialized_value = |
| 111 deserializer.Deserialize(nullptr, &error); |
| 112 if (!deserialized_value) { |
| 113 PA_LOG(ERROR) << "Unable to deserialize BeaconSeeds: " << error; |
| 114 return beacon_seeds; |
| 115 } |
| 116 |
| 117 base::ListValue* beacon_seed_list; |
| 118 if (!deserialized_value->GetAsList(&beacon_seed_list)) { |
| 119 PA_LOG(ERROR) << "Deserialized BeaconSeeds value is not list."; |
| 120 return beacon_seeds; |
| 121 } |
| 122 |
| 123 for (size_t i = 0; i < beacon_seed_list->GetSize(); ++i) { |
| 124 std::string b64_beacon_seed; |
| 125 if (!beacon_seed_list->GetString(i, &b64_beacon_seed)) { |
| 126 PA_LOG(ERROR) << "Expected Base64 BeaconSeed."; |
| 127 continue; |
| 128 } |
| 129 |
| 130 std::string proto_serialized_beacon_seed; |
| 131 if (!base::Base64UrlDecode(b64_beacon_seed, |
| 132 base::Base64UrlDecodePolicy::REQUIRE_PADDING, |
| 133 &proto_serialized_beacon_seed)) { |
| 134 PA_LOG(ERROR) << "Unable to decode BeaconSeed."; |
| 135 continue; |
| 136 } |
| 137 |
| 138 cryptauth::BeaconSeed beacon_seed; |
| 139 if (!beacon_seed.ParseFromString(proto_serialized_beacon_seed)) { |
| 140 PA_LOG(ERROR) << "Unable to parse BeaconSeed proto."; |
| 141 continue; |
| 142 } |
| 143 |
| 144 beacon_seeds.push_back(beacon_seed); |
| 145 } |
| 146 |
| 147 PA_LOG(INFO) << "Deserialized " << beacon_seeds.size() << " BeaconSeeds."; |
| 148 return beacon_seeds; |
| 149 } |
| 150 |
| 96 } // namespace | 151 } // namespace |
| 97 | 152 |
| 98 EasyUnlockServiceSignin::UserData::UserData() | 153 EasyUnlockServiceSignin::UserData::UserData() |
| 99 : state(EasyUnlockServiceSignin::USER_DATA_STATE_INITIAL) { | 154 : state(EasyUnlockServiceSignin::USER_DATA_STATE_INITIAL) { |
| 100 } | 155 } |
| 101 | 156 |
| 102 EasyUnlockServiceSignin::UserData::~UserData() {} | 157 EasyUnlockServiceSignin::UserData::~UserData() {} |
| 103 | 158 |
| 104 EasyUnlockServiceSignin::EasyUnlockServiceSignin(Profile* profile) | 159 EasyUnlockServiceSignin::EasyUnlockServiceSignin(Profile* profile) |
| 105 : EasyUnlockService(profile), | 160 : EasyUnlockService(profile), |
| (...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 429 return; | 484 return; |
| 430 | 485 |
| 431 cryptauth::RemoteDeviceList remote_devices; | 486 cryptauth::RemoteDeviceList remote_devices; |
| 432 for (const auto& device : devices) { | 487 for (const auto& device : devices) { |
| 433 std::string decoded_public_key, decoded_psk, decoded_challenge; | 488 std::string decoded_public_key, decoded_psk, decoded_challenge; |
| 434 if (!base::Base64UrlDecode(device.public_key, | 489 if (!base::Base64UrlDecode(device.public_key, |
| 435 base::Base64UrlDecodePolicy::REQUIRE_PADDING, | 490 base::Base64UrlDecodePolicy::REQUIRE_PADDING, |
| 436 &decoded_public_key) || | 491 &decoded_public_key) || |
| 437 !base::Base64UrlDecode(device.psk, | 492 !base::Base64UrlDecode(device.psk, |
| 438 base::Base64UrlDecodePolicy::REQUIRE_PADDING, | 493 base::Base64UrlDecodePolicy::REQUIRE_PADDING, |
| 439 &decoded_psk) || | 494 &decoded_psk)) { |
| 440 !base::Base64UrlDecode(device.challenge, | 495 PA_LOG(ERROR) << "Unable to decode stored remote device:\n" |
| 441 base::Base64UrlDecodePolicy::REQUIRE_PADDING, | 496 << " public_key: " << device.public_key << "\n" |
| 442 &decoded_challenge)) { | 497 << " psk: " << device.psk; |
| 443 PA_LOG(ERROR) << "Unable base64url decode stored remote device: " | |
| 444 << device.public_key; | |
| 445 continue; | 498 continue; |
| 446 } | 499 } |
| 447 cryptauth::RemoteDevice remote_device( | 500 cryptauth::RemoteDevice remote_device( |
| 448 account_id.GetUserEmail(), std::string(), decoded_public_key, | 501 account_id.GetUserEmail(), std::string(), decoded_public_key, |
| 449 device.bluetooth_address, decoded_psk, decoded_challenge); | 502 device.bluetooth_address, decoded_psk, decoded_challenge); |
| 503 |
| 504 if (!device.serialized_beacon_seeds.empty()) { |
| 505 PA_LOG(INFO) << "Deserializing BeaconSeeds: " |
| 506 << device.serialized_beacon_seeds; |
| 507 // TODO(tengs): Assign deserialized BeaconSeeds to the RemoteDevice. |
| 508 DeserializeBeaconSeeds(device.serialized_beacon_seeds); |
| 509 } else { |
| 510 PA_LOG(WARNING) << "No BeaconSeeds were loaded."; |
| 511 } |
| 512 |
| 450 remote_devices.push_back(remote_device); | 513 remote_devices.push_back(remote_device); |
| 451 PA_LOG(INFO) << "Loaded Remote Device:\n" | 514 PA_LOG(INFO) << "Loaded Remote Device:\n" |
| 452 << " user id: " << remote_device.user_id << "\n" | 515 << " user id: " << remote_device.user_id << "\n" |
| 453 << " name: " << remote_device.name << "\n" | 516 << " name: " << remote_device.name << "\n" |
| 454 << " public key" << device.public_key << "\n" | 517 << " public key" << device.public_key << "\n" |
| 455 << " bt_addr:" << remote_device.bluetooth_address; | 518 << " bt_addr:" << remote_device.bluetooth_address; |
| 456 } | 519 } |
| 457 | 520 |
| 458 SetProximityAuthDevices(account_id, remote_devices); | 521 SetProximityAuthDevices(account_id, remote_devices); |
| 459 } | 522 } |
| 460 | 523 |
| 461 const EasyUnlockServiceSignin::UserData* | 524 const EasyUnlockServiceSignin::UserData* |
| 462 EasyUnlockServiceSignin::FindLoadedDataForCurrentUser() const { | 525 EasyUnlockServiceSignin::FindLoadedDataForCurrentUser() const { |
| 463 if (!account_id_.is_valid()) | 526 if (!account_id_.is_valid()) |
| 464 return nullptr; | 527 return nullptr; |
| 465 | 528 |
| 466 const auto it = user_data_.find(account_id_); | 529 const auto it = user_data_.find(account_id_); |
| 467 if (it == user_data_.end()) | 530 if (it == user_data_.end()) |
| 468 return nullptr; | 531 return nullptr; |
| 469 if (it->second->state != USER_DATA_STATE_LOADED) | 532 if (it->second->state != USER_DATA_STATE_LOADED) |
| 470 return nullptr; | 533 return nullptr; |
| 471 return it->second.get(); | 534 return it->second.get(); |
| 472 } | 535 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2863533003:
[EasyUnlock] Serialize and store BeaconSeeds along as cryptohome key metadata. (Closed)
