Chromium Code Reviews Chromium Code Reviews
Issue 39443002:
settings: Add async system salt retrieval logic in DeviceOAuth2TokenServiceFactory (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ | 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 26 // of the device). Useful to avoid storing plain text in place like | 26 // of the device). Useful to avoid storing plain text in place like |
| 27 // Local State. | 27 // Local State. |
| 28 virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; | 28 virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; |
| 29 | 29 |
| 30 // Decrypts |token| with the system salt key (stable for the lifetime | 30 // Decrypts |token| with the system salt key (stable for the lifetime |
| 31 // of the device). | 31 // of the device). |
| 32 virtual std::string DecryptWithSystemSalt( | 32 virtual std::string DecryptWithSystemSalt( |
| 33 const std::string& encrypted_token_hex) = 0; | 33 const std::string& encrypted_token_hex) = 0; |
| 34 }; | 34 }; |
| 35 | 35 |
| 36 // TokenEncryptor based on the cryptohome daemon. This implementation is used | 36 // TokenEncryptor based on the system salt from cryptohome daemon. This |
| 37 // in production. | 37 // implementation is used in production. |
| 38 class CryptohomeTokenEncryptor : public TokenEncryptor { | 38 class CryptohomeTokenEncryptor : public TokenEncryptor { |
| 39 public: | 39 public: |
| 40 CryptohomeTokenEncryptor(); | 40 explicit CryptohomeTokenEncryptor(const std::string& system_salt); |
| 41 virtual ~CryptohomeTokenEncryptor(); | 41 virtual ~CryptohomeTokenEncryptor(); |
| 42 | 42 |
| 43 // TokenEncryptor overrides: | 43 // TokenEncryptor overrides: |
| 44 virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE; | 44 virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE; |
| 45 virtual std::string DecryptWithSystemSalt( | 45 virtual std::string DecryptWithSystemSalt( |
| 46 const std::string& encrypted_token_hex) OVERRIDE; | 46 const std::string& encrypted_token_hex) OVERRIDE; |
| 47 | 47 |
| 48 private: | 48 private: |
| 49 // Loads the system salt key based on the system salt from the cryptohome | |
| 50 // daemon. Returns true on success. | |
| 51 bool LoadSystemSaltKey(); | |
| 52 | |
| 53 // Converts |passphrase| to a SymmetricKey using the given |salt|. | 49 // Converts |passphrase| to a SymmetricKey using the given |salt|. |
| 54 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, | 50 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, |
| 55 const std::string& salt); | 51 const std::string& salt); |
| 56 | 52 |
| 57 // Encrypts (AES) the token given |key| and |salt|. | 53 // Encrypts (AES) the token given |key| and |salt|. |
| 58 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, | 54 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, |
| 59 const std::string& salt, | 55 const std::string& salt, |
| 60 const std::string& token); | 56 const std::string& token); |
| 61 | 57 |
| 62 // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. | 58 // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. |
| 63 std::string DecryptTokenWithKey(crypto::SymmetricKey* key, | 59 std::string DecryptTokenWithKey(crypto::SymmetricKey* key, |
| 64 const std::string& salt, | 60 const std::string& salt, |
| 65 const std::string& encrypted_token_hex); | 61 const std::string& encrypted_token_hex); |
| 66 | 62 |
| 67 // The cached system salt obtained from the cryptohome daemon. | 63 // The cached system salt passed from the constructor, originally coming |
|
pneubeck (no reviews)
2013/10/24 19:44:13
nit: 'passed to' instead of 'passed from' ?
satorux1
2013/10/25 02:36:02
Done.
| |
| 64 // from cryptohome daemon. | |
| 68 std::string system_salt_; | 65 std::string system_salt_; |
| 69 | 66 |
| 70 // A key based on the system salt. Useful for encrypting device-level | 67 // A key based on the system salt. Useful for encrypting device-level |
| 71 // data for which we have no additional credentials. | 68 // data for which we have no additional credentials. |
| 72 scoped_ptr<crypto::SymmetricKey> system_salt_key_; | 69 scoped_ptr<crypto::SymmetricKey> system_salt_key_; |
| 73 | 70 |
| 74 DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor); | 71 DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor); |
| 75 }; | 72 }; |
| 76 | 73 |
| 77 } // namespace chromeos | 74 } // namespace chromeos |
| 78 | 75 |
| 79 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ | 76 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
| OLD | NEW |
