Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(476)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/chromeos/settings/token_encryptor.h

Issue 39443002: settings: Add async system salt retrieval logic in DeviceOAuth2TokenServiceFactory (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: address comments Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/chromeos/settings/device_oauth2_token_service_factory_unittest.cc ('k') | chrome/browser/chromeos/settings/token_encryptor.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ 5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ 6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/basictypes.h" 10 #include "base/basictypes.h"
(...skipping 15 matching lines...) Expand all
26 // of the device). Useful to avoid storing plain text in place like 26 // of the device). Useful to avoid storing plain text in place like
27 // Local State. 27 // Local State.
28 virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; 28 virtual std::string EncryptWithSystemSalt(const std::string& token) = 0;
29 29
30 // Decrypts |token| with the system salt key (stable for the lifetime 30 // Decrypts |token| with the system salt key (stable for the lifetime
31 // of the device). 31 // of the device).
32 virtual std::string DecryptWithSystemSalt( 32 virtual std::string DecryptWithSystemSalt(
33 const std::string& encrypted_token_hex) = 0; 33 const std::string& encrypted_token_hex) = 0;
34 }; 34 };
35 35
36 // TokenEncryptor based on the cryptohome daemon. This implementation is used 36 // TokenEncryptor based on the system salt from cryptohome daemon. This
37 // in production. 37 // implementation is used in production.
38 class CryptohomeTokenEncryptor : public TokenEncryptor { 38 class CryptohomeTokenEncryptor : public TokenEncryptor {
39 public: 39 public:
40 CryptohomeTokenEncryptor(); 40 explicit CryptohomeTokenEncryptor(const std::string& system_salt);
41 virtual ~CryptohomeTokenEncryptor(); 41 virtual ~CryptohomeTokenEncryptor();
42 42
43 // TokenEncryptor overrides: 43 // TokenEncryptor overrides:
44 virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE; 44 virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE;
45 virtual std::string DecryptWithSystemSalt( 45 virtual std::string DecryptWithSystemSalt(
46 const std::string& encrypted_token_hex) OVERRIDE; 46 const std::string& encrypted_token_hex) OVERRIDE;
47 47
48 private: 48 private:
49 // Loads the system salt key based on the system salt from the cryptohome
50 // daemon. Returns true on success.
51 bool LoadSystemSaltKey();
52
53 // Converts |passphrase| to a SymmetricKey using the given |salt|. 49 // Converts |passphrase| to a SymmetricKey using the given |salt|.
54 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, 50 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase,
55 const std::string& salt); 51 const std::string& salt);
56 52
57 // Encrypts (AES) the token given |key| and |salt|. 53 // Encrypts (AES) the token given |key| and |salt|.
58 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, 54 std::string EncryptTokenWithKey(crypto::SymmetricKey* key,
59 const std::string& salt, 55 const std::string& salt,
60 const std::string& token); 56 const std::string& token);
61 57
62 // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. 58 // Decrypts (AES) hex encoded encrypted token given |key| and |salt|.
63 std::string DecryptTokenWithKey(crypto::SymmetricKey* key, 59 std::string DecryptTokenWithKey(crypto::SymmetricKey* key,
64 const std::string& salt, 60 const std::string& salt,
65 const std::string& encrypted_token_hex); 61 const std::string& encrypted_token_hex);
66 62
67 // The cached system salt obtained from the cryptohome daemon. 63 // The cached system salt passed to the constructor, originally coming
64 // from cryptohome daemon.
68 std::string system_salt_; 65 std::string system_salt_;
69 66
70 // A key based on the system salt. Useful for encrypting device-level 67 // A key based on the system salt. Useful for encrypting device-level
71 // data for which we have no additional credentials. 68 // data for which we have no additional credentials.
72 scoped_ptr<crypto::SymmetricKey> system_salt_key_; 69 scoped_ptr<crypto::SymmetricKey> system_salt_key_;
73 70
74 DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor); 71 DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor);
75 }; 72 };
76 73
77 } // namespace chromeos 74 } // namespace chromeos
78 75
79 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ 76 #endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
OLDNEW
« no previous file with comments | « chrome/browser/chromeos/settings/device_oauth2_token_service_factory_unittest.cc ('k') | chrome/browser/chromeos/settings/token_encryptor.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698