OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chromeos/login/auth/key.h" | 5 #include "chromeos/login/auth/key.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
77 switch (target_key_type) { | 77 switch (target_key_type) { |
78 case KEY_TYPE_SALTED_SHA256_TOP_HALF: { | 78 case KEY_TYPE_SALTED_SHA256_TOP_HALF: { |
79 // TODO(stevenjb/nkostylev): Handle empty salt gracefully. | 79 // TODO(stevenjb/nkostylev): Handle empty salt gracefully. |
80 CHECK(!salt.empty()); | 80 CHECK(!salt.empty()); |
81 char hash[crypto::kSHA256Length]; | 81 char hash[crypto::kSHA256Length]; |
82 crypto::SHA256HashString(salt + secret_, &hash, sizeof(hash)); | 82 crypto::SHA256HashString(salt + secret_, &hash, sizeof(hash)); |
83 | 83 |
84 // Keep only the first half of the hash for 'weak' hashing so that the | 84 // Keep only the first half of the hash for 'weak' hashing so that the |
85 // plain text secret cannot be reconstructed even if the hashing is | 85 // plain text secret cannot be reconstructed even if the hashing is |
86 // reversed. | 86 // reversed. |
87 secret_ = StringToLowerASCII(base::HexEncode( | 87 secret_ = base::StringToLowerASCII(base::HexEncode( |
88 reinterpret_cast<const void*>(hash), sizeof(hash) / 2)); | 88 reinterpret_cast<const void*>(hash), sizeof(hash) / 2)); |
89 break; | 89 break; |
90 } | 90 } |
91 case KEY_TYPE_SALTED_PBKDF2_AES256_1234: { | 91 case KEY_TYPE_SALTED_PBKDF2_AES256_1234: { |
92 scoped_ptr<crypto::SymmetricKey> key( | 92 scoped_ptr<crypto::SymmetricKey> key( |
93 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES, | 93 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES, |
94 secret_, | 94 secret_, |
95 salt, | 95 salt, |
96 kNumIterations, | 96 kNumIterations, |
97 kKeySizeInBits)); | 97 kKeySizeInBits)); |
98 std::string raw_secret; | 98 std::string raw_secret; |
99 key->GetRawKey(&raw_secret); | 99 key->GetRawKey(&raw_secret); |
100 base::Base64Encode(raw_secret, &secret_); | 100 base::Base64Encode(raw_secret, &secret_); |
101 break; | 101 break; |
102 } | 102 } |
103 default: | 103 default: |
104 // The resulting key will be sent to cryptohomed. It should always be | 104 // The resulting key will be sent to cryptohomed. It should always be |
105 // hashed. If hashing fails, crash instead of sending a plain-text key. | 105 // hashed. If hashing fails, crash instead of sending a plain-text key. |
106 CHECK(false); | 106 CHECK(false); |
107 return; | 107 return; |
108 } | 108 } |
109 | 109 |
110 key_type_ = target_key_type; | 110 key_type_ = target_key_type; |
111 salt_ = salt; | 111 salt_ = salt; |
112 } | 112 } |
113 | 113 |
114 } // namespace chromeos | 114 } // namespace chromeos |
OLD | NEW |