| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/auth/key.h" | 5 #include "chromeos/login/auth/key.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| 11 #include "base/strings/string_util.h" | 11 #include "base/strings/string_util.h" |
| 12 #include "crypto/sha2.h" | 12 #include "crypto/sha2.h" |
| 13 #include "crypto/symmetric_key.h" | 13 #include "crypto/symmetric_key.h" |
| 14 | 14 |
| 15 namespace chromeos { | 15 namespace chromeos { |
| 16 | 16 |
| 17 namespace { | 17 namespace { |
| 18 | 18 |
| 19 // Parameters for the transformation to KEY_TYPE_SALTED_AES256_1234. | 19 // Parameters for the transformation to KEY_TYPE_SALTED_AES256_1234. |
| 20 const int kNumIterations = 1234; | 20 const int kNumIterations = 1234; |
| 21 const int kKeySizeInBits = 256; | 21 const int kKeySizeInBits = 256; |
| 22 | 22 |
| 23 } // namespace | 23 } // namespace |
| 24 | 24 |
| 25 Key::Key() : key_type_(KEY_TYPE_PASSWORD_PLAIN) { | 25 Key::Key() : key_type_(KEY_TYPE_PASSWORD_PLAIN) { |
| 26 } | 26 } |
| 27 | 27 |
| 28 Key::Key(const Key& other) : key_type_(other.key_type_), | 28 Key::Key(const Key& other) |
| 29 salt_(other.salt_), | 29 : key_type_(other.key_type_), |
| 30 secret_(other.secret_), | 30 salt_(other.salt_), |
| 31 label_(other.label_) { | 31 secret_(other.secret_), |
| 32 label_(other.label_) { |
| 32 } | 33 } |
| 33 | 34 |
| 34 Key::Key(const std::string& plain_text_password) | 35 Key::Key(const std::string& plain_text_password) |
| 35 : key_type_(KEY_TYPE_PASSWORD_PLAIN), | 36 : key_type_(KEY_TYPE_PASSWORD_PLAIN), secret_(plain_text_password) { |
| 36 secret_(plain_text_password) { | |
| 37 } | 37 } |
| 38 | 38 |
| 39 Key::Key(KeyType key_type, const std::string& salt, const std::string& secret) | 39 Key::Key(KeyType key_type, const std::string& salt, const std::string& secret) |
| 40 : key_type_(key_type), | 40 : key_type_(key_type), salt_(salt), secret_(secret) { |
| 41 salt_(salt), | |
| 42 secret_(secret) { | |
| 43 | |
| 44 } | 41 } |
| 45 | 42 |
| 46 Key::~Key() { | 43 Key::~Key() { |
| 47 } | 44 } |
| 48 | 45 |
| 49 bool Key::operator==(const Key& other) const { | 46 bool Key::operator==(const Key& other) const { |
| 50 return other.key_type_ == key_type_ && | 47 return other.key_type_ == key_type_ && other.salt_ == salt_ && |
| 51 other.salt_ == salt_ && | 48 other.secret_ == secret_ && other.label_ == label_; |
| 52 other.secret_ == secret_ && | |
| 53 other.label_ == label_; | |
| 54 } | 49 } |
| 55 | 50 |
| 56 Key::KeyType Key::GetKeyType() const { | 51 Key::KeyType Key::GetKeyType() const { |
| 57 return key_type_; | 52 return key_type_; |
| 58 } | 53 } |
| 59 | 54 |
| 60 const std::string& Key::GetSecret() const { | 55 const std::string& Key::GetSecret() const { |
| 61 return secret_; | 56 return secret_; |
| 62 } | 57 } |
| 63 | 58 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 85 CHECK(!salt.empty()); | 80 CHECK(!salt.empty()); |
| 86 char hash[crypto::kSHA256Length]; | 81 char hash[crypto::kSHA256Length]; |
| 87 crypto::SHA256HashString(salt + secret_, &hash, sizeof(hash)); | 82 crypto::SHA256HashString(salt + secret_, &hash, sizeof(hash)); |
| 88 | 83 |
| 89 // Keep only the first half of the hash for 'weak' hashing so that the | 84 // Keep only the first half of the hash for 'weak' hashing so that the |
| 90 // plain text secret cannot be reconstructed even if the hashing is | 85 // plain text secret cannot be reconstructed even if the hashing is |
| 91 // reversed. | 86 // reversed. |
| 92 secret_ = StringToLowerASCII(base::HexEncode( | 87 secret_ = StringToLowerASCII(base::HexEncode( |
| 93 reinterpret_cast<const void*>(hash), sizeof(hash) / 2)); | 88 reinterpret_cast<const void*>(hash), sizeof(hash) / 2)); |
| 94 break; | 89 break; |
| 95 } case KEY_TYPE_SALTED_PBKDF2_AES256_1234: { | 90 } |
| 91 case KEY_TYPE_SALTED_PBKDF2_AES256_1234: { |
| 96 scoped_ptr<crypto::SymmetricKey> key( | 92 scoped_ptr<crypto::SymmetricKey> key( |
| 97 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES, | 93 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES, |
| 98 secret_, | 94 secret_, |
| 99 salt, | 95 salt, |
| 100 kNumIterations, | 96 kNumIterations, |
| 101 kKeySizeInBits)); | 97 kKeySizeInBits)); |
| 102 std::string raw_secret; | 98 std::string raw_secret; |
| 103 key->GetRawKey(&raw_secret); | 99 key->GetRawKey(&raw_secret); |
| 104 base::Base64Encode(raw_secret, &secret_); | 100 base::Base64Encode(raw_secret, &secret_); |
| 105 break; | 101 break; |
| 106 } default: | 102 } |
| 103 default: |
| 107 // The resulting key will be sent to cryptohomed. It should always be | 104 // The resulting key will be sent to cryptohomed. It should always be |
| 108 // hashed. If hashing fails, crash instead of sending a plain-text key. | 105 // hashed. If hashing fails, crash instead of sending a plain-text key. |
| 109 CHECK(false); | 106 CHECK(false); |
| 110 return; | 107 return; |
| 111 } | 108 } |
| 112 | 109 |
| 113 key_type_ = target_key_type; | 110 key_type_ = target_key_type; |
| 114 salt_ = salt; | 111 salt_ = salt; |
| 115 } | 112 } |
| 116 | 113 |
| 117 } // namespace chromeos | 114 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 378513005:
[Athena] Extract Chrome OS authentication stack (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src