OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ | 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 15 matching lines...) Expand all Loading... | |
26 // of the device). Useful to avoid storing plain text in place like | 26 // of the device). Useful to avoid storing plain text in place like |
27 // Local State. | 27 // Local State. |
28 virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; | 28 virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; |
29 | 29 |
30 // Decrypts |token| with the system salt key (stable for the lifetime | 30 // Decrypts |token| with the system salt key (stable for the lifetime |
31 // of the device). | 31 // of the device). |
32 virtual std::string DecryptWithSystemSalt( | 32 virtual std::string DecryptWithSystemSalt( |
33 const std::string& encrypted_token_hex) = 0; | 33 const std::string& encrypted_token_hex) = 0; |
34 }; | 34 }; |
35 | 35 |
36 // TokenEncryptor based on the cryptohome daemon. This implementation is used | 36 // TokenEncryptor based on the system salt from cryptohome daemon. This |
37 // in production. | 37 // implementation is used in production. |
38 class CryptohomeTokenEncryptor : public TokenEncryptor { | 38 class CryptohomeTokenEncryptor : public TokenEncryptor { |
39 public: | 39 public: |
40 CryptohomeTokenEncryptor(); | 40 explicit CryptohomeTokenEncryptor(const std::string& system_salt); |
41 virtual ~CryptohomeTokenEncryptor(); | 41 virtual ~CryptohomeTokenEncryptor(); |
42 | 42 |
43 // TokenEncryptor overrides: | 43 // TokenEncryptor overrides: |
44 virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE; | 44 virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE; |
45 virtual std::string DecryptWithSystemSalt( | 45 virtual std::string DecryptWithSystemSalt( |
46 const std::string& encrypted_token_hex) OVERRIDE; | 46 const std::string& encrypted_token_hex) OVERRIDE; |
47 | 47 |
48 private: | 48 private: |
49 // Loads the system salt key based on the system salt from the cryptohome | |
50 // daemon. Returns true on success. | |
51 bool LoadSystemSaltKey(); | |
52 | |
53 // Converts |passphrase| to a SymmetricKey using the given |salt|. | 49 // Converts |passphrase| to a SymmetricKey using the given |salt|. |
54 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, | 50 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, |
55 const std::string& salt); | 51 const std::string& salt); |
56 | 52 |
57 // Encrypts (AES) the token given |key| and |salt|. | 53 // Encrypts (AES) the token given |key| and |salt|. |
58 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, | 54 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, |
59 const std::string& salt, | 55 const std::string& salt, |
60 const std::string& token); | 56 const std::string& token); |
61 | 57 |
62 // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. | 58 // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. |
63 std::string DecryptTokenWithKey(crypto::SymmetricKey* key, | 59 std::string DecryptTokenWithKey(crypto::SymmetricKey* key, |
64 const std::string& salt, | 60 const std::string& salt, |
65 const std::string& encrypted_token_hex); | 61 const std::string& encrypted_token_hex); |
66 | 62 |
67 // The cached system salt obtained from the cryptohome daemon. | 63 // The cached system salt passed from the constructor, originally coming |
pneubeck (no reviews)
2013/10/24 19:44:13
nit: 'passed to' instead of 'passed from' ?
satorux1
2013/10/25 02:36:02
Done.
| |
64 // from cryptohome daemon. | |
68 std::string system_salt_; | 65 std::string system_salt_; |
69 | 66 |
70 // A key based on the system salt. Useful for encrypting device-level | 67 // A key based on the system salt. Useful for encrypting device-level |
71 // data for which we have no additional credentials. | 68 // data for which we have no additional credentials. |
72 scoped_ptr<crypto::SymmetricKey> system_salt_key_; | 69 scoped_ptr<crypto::SymmetricKey> system_salt_key_; |
73 | 70 |
74 DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor); | 71 DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor); |
75 }; | 72 }; |
76 | 73 |
77 } // namespace chromeos | 74 } // namespace chromeos |
78 | 75 |
79 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ | 76 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ |
OLD | NEW |