settings: Add async system salt retrieval logic in DeviceOAuth2TokenServiceFactory

chrome/browser/chromeos/settings/token_encryptor.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/settings/token_encryptor.h"
 
 #include <vector>
 
 #include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/sys_info.h"
 #include "chromeos/cryptohome/system_salt_getter.h"
 #include "crypto/encryptor.h"
 #include "crypto/nss_util.h"
 #include "crypto/sha2.h"
 #include "crypto/symmetric_key.h"
 
 namespace chromeos {
 
 namespace {
 const size_t kNonceSize = 16;
 }  // namespace
 
-CryptohomeTokenEncryptor::CryptohomeTokenEncryptor() {
+CryptohomeTokenEncryptor::CryptohomeTokenEncryptor(
+    const std::string& system_salt)
+    : system_salt_(system_salt) {
+  DCHECK(!system_salt.empty());
+  // TODO: should this use the system salt for both the password and the salt

[pastarmovj, 2013/10/24 09:43:20]

nit: Please put an owner of this todo.

[satorux1, 2013/10/24 10:23:14]

Sure. will find out the engineer who added this comment from the beginning. :)

[satorux1, 2013/10/25 02:36:02]

Assigned this TODO to davidroche@ who originally added the comment in
https://chromiumcodereview.appspot.com/12870010 :)

+  // value, or should this use a separate salt value?
+  system_salt_key_.reset(PassphraseToKey(system_salt_, system_salt_));
 }
 
 CryptohomeTokenEncryptor::~CryptohomeTokenEncryptor() {
 }
 
 std::string CryptohomeTokenEncryptor::EncryptWithSystemSalt(
     const std::string& token) {
   // Don't care about token encryption while debugging.
   if (!base::SysInfo::IsRunningOnChromeOS())
     return token;
 
-  if (!LoadSystemSaltKey()) {
+  if (!system_salt_key_) {
     LOG(WARNING) << "System salt key is not available for encrypt.";
     return std::string();
   }
   return EncryptTokenWithKey(system_salt_key_.get(),
                              system_salt_,
                              token);
 }
 
 std::string CryptohomeTokenEncryptor::DecryptWithSystemSalt(
     const std::string& encrypted_token_hex) {
   // Don't care about token encryption while debugging.
   if (!base::SysInfo::IsRunningOnChromeOS())
     return encrypted_token_hex;
 
-  if (!LoadSystemSaltKey()) {
+  if (!system_salt_key_) {
     LOG(WARNING) << "System salt key is not available for decrypt.";
     return std::string();
   }
   return DecryptTokenWithKey(system_salt_key_.get(),
                              system_salt_,
                              encrypted_token_hex);
 }
 
-// TODO: should this use the system salt for both the password and the salt
-// value, or should this use a separate salt value?
-bool CryptohomeTokenEncryptor::LoadSystemSaltKey() {
-  // Assume the system salt should be obtained beforehand at login time.
-  if (system_salt_.empty())
-    system_salt_ = SystemSaltGetter::Get()->GetCachedSystemSalt();
-  if (system_salt_.empty())
-    return false;
-  if (!system_salt_key_.get())
-    system_salt_key_.reset(PassphraseToKey(system_salt_, system_salt_));
-  return system_salt_key_.get();
-}
-
 crypto::SymmetricKey* CryptohomeTokenEncryptor::PassphraseToKey(
     const std::string& passphrase,
     const std::string& salt) {
   return crypto::SymmetricKey::DeriveKeyFromPassword(
       crypto::SymmetricKey::AES, passphrase, salt, 1000, 256);
 }
 
 std::string CryptohomeTokenEncryptor::EncryptTokenWithKey(
     crypto::SymmetricKey* key,
     const std::string& salt,
@@ skipping 39 matching lines @@
   std::string token;
   CHECK(encryptor.SetCounter(nonce));
   if (!encryptor.Decrypt(encrypted_token, &token)) {
     LOG(WARNING) << "Failed to decrypt token.";
     return std::string();
   }
   return token;
 }
 
 }  // namespace chromeos