Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1259)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chromeos/cryptohome/homedir_methods.cc

Issue 526353002: Merge cryptohome::RetrievedKeyData with cryptohome::KeyDefinition (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@d_2_367847_add_get_key_data_ex_to_mount_flow
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chromeos/cryptohome/cryptohome_parameters.cc ('K') | « chromeos/cryptohome/homedir_methods.h ('k') | chromeos/cryptohome/homedir_methods_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chromeos/cryptohome/homedir_methods.h" 5 #include "chromeos/cryptohome/homedir_methods.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "chromeos/dbus/cryptohome/key.pb.h" 9 #include "chromeos/dbus/cryptohome/key.pb.h"
10 #include "chromeos/dbus/cryptohome/rpc.pb.h" 10 #include "chromeos/dbus/cryptohome/rpc.pb.h"
11 #include "chromeos/dbus/cryptohome_client.h" 11 #include "chromeos/dbus/cryptohome_client.h"
12 #include "chromeos/dbus/dbus_thread_manager.h" 12 #include "chromeos/dbus/dbus_thread_manager.h"
13 13
14 #if defined(USE_SYSTEM_PROTOBUF) 14 #if defined(USE_SYSTEM_PROTOBUF)
15 #include <google/protobuf/repeated_field.h> 15 #include <google/protobuf/repeated_field.h>
16 #else 16 #else
17 #include "third_party/protobuf/src/google/protobuf/repeated_field.h" 17 #include "third_party/protobuf/src/google/protobuf/repeated_field.h"
18 #endif 18 #endif
19 19
20 using chromeos::DBusThreadManager; 20 using chromeos::DBusThreadManager;
21 using google::protobuf::RepeatedPtrField; 21 using google::protobuf::RepeatedPtrField;
22 22
23 namespace cryptohome { 23 namespace cryptohome {
24 24
25 namespace { 25 namespace {
26 26
27 HomedirMethods* g_homedir_methods = NULL; 27 HomedirMethods* g_homedir_methods = NULL;
28 28
29 void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) { 29 void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) {
30 key->set_secret(key_def.key); 30 key->set_secret(key_def.secret);
31 KeyData* data = key->mutable_data(); 31 KeyData* data = key->mutable_data();
32 DCHECK_EQ(KeyDefinition::TYPE_PASSWORD, key_def.type);
33 data->set_type(KeyData::KEY_TYPE_PASSWORD);
32 data->set_label(key_def.label); 34 data->set_label(key_def.label);
33 35
34 if (key_def.revision > 0) 36 if (key_def.revision > 0)
35 data->set_revision(key_def.revision); 37 data->set_revision(key_def.revision);
36 38
37 if (key_def.privileges != 0) { 39 if (key_def.privileges != 0) {
38 KeyPrivileges* privileges = data->mutable_privileges(); 40 KeyPrivileges* privileges = data->mutable_privileges();
39 privileges->set_mount(key_def.privileges & PRIV_MOUNT); 41 privileges->set_mount(key_def.privileges & PRIV_MOUNT);
40 privileges->set_add(key_def.privileges & PRIV_ADD); 42 privileges->set_add(key_def.privileges & PRIV_ADD);
41 privileges->set_remove(key_def.privileges & PRIV_REMOVE); 43 privileges->set_remove(key_def.privileges & PRIV_REMOVE);
42 privileges->set_update(key_def.privileges & PRIV_MIGRATE); 44 privileges->set_update(key_def.privileges & PRIV_MIGRATE);
43 privileges->set_authorized_update(key_def.privileges & 45 privileges->set_authorized_update(key_def.privileges &
44 PRIV_AUTHORIZED_UPDATE); 46 PRIV_AUTHORIZED_UPDATE);
45 } 47 }
46 48
47 if (key_def.encryption_key.empty() && key_def.signature_key.empty()) 49 for (std::vector<KeyDefinition::AuthorizationData>::const_iterator auth_it =
48 return; 50 key_def.authorization_data.begin();
51 auth_it != key_def.authorization_data.end(); ++auth_it) {
52 KeyAuthorizationData* auth_data = data->add_authorization_data();
53 switch (auth_it->type) {
54 case KeyDefinition::AuthorizationData::TYPE_HMACSHA256:
55 auth_data->set_type(
56 KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256);
57 break;
58 case KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256:
59 auth_data->set_type(
60 KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256);
61 break;
62 default:
63 NOTREACHED();
64 break;
65 }
49 66
50 KeyAuthorizationData* auth_data = data->add_authorization_data(); 67 for (std::vector<KeyDefinition::AuthorizationData::Secret>::const_iterator
51 auth_data->set_type(KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256); 68 secret_it = auth_it->secrets.begin();
52 if (!key_def.encryption_key.empty()) { 69 secret_it != auth_it->secrets.end(); ++secret_it) {
53 KeyAuthorizationSecret* secret = auth_data->add_secrets(); 70 KeyAuthorizationSecret* secret = auth_data->add_secrets();
54 secret->mutable_usage()->set_encrypt(true); 71 secret->mutable_usage()->set_encrypt(secret_it->encrypt);
55 secret->set_symmetric_key(key_def.encryption_key); 72 secret->mutable_usage()->set_sign(secret_it->sign);
73 if (!secret_it->symmetric_key.empty())
74 secret->set_symmetric_key(secret_it->symmetric_key);
75 if (!secret_it->public_key.empty())
76 secret->set_public_key(secret_it->public_key);
77 secret->set_wrapped(secret_it->wrapped);
78 }
56 } 79 }
57 if (!key_def.signature_key.empty()) { 80
58 KeyAuthorizationSecret* secret = auth_data->add_secrets(); 81 if (!key_def.provider_data.empty()) {
Darren Krahn 2014/09/02 18:21:53 nit: conditional not necessary
bartfab (slow) 2014/09/04 10:14:18 Done.
59 secret->mutable_usage()->set_sign(true); 82 for (std::vector<KeyDefinition::ProviderData>::const_iterator it =
60 secret->set_symmetric_key(key_def.signature_key); 83 key_def.provider_data.begin(); it != key_def.provider_data.end();
84 ++it) {
85 KeyProviderData::Entry* entry =
86 data->mutable_provider_data()->add_entry();
87 entry->set_name(it->name);
88 if (it->number)
89 entry->set_number(*it->number);
90 if (it->bytes)
91 entry->set_bytes(*it->bytes);
92 }
61 } 93 }
62 } 94 }
63 95
64 // Fill identification protobuffer. 96 // Fill identification protobuffer.
65 void FillIdentificationProtobuf(const Identification& id, 97 void FillIdentificationProtobuf(const Identification& id,
66 cryptohome::AccountIdentifier* id_proto) { 98 cryptohome::AccountIdentifier* id_proto) {
67 id_proto->set_email(id.user_id); 99 id_proto->set_email(id.user_id);
68 } 100 }
69 101
70 // Fill authorization protobuffer. 102 // Fill authorization protobuffer.
71 void FillAuthorizationProtobuf(const Authorization& auth, 103 void FillAuthorizationProtobuf(const Authorization& auth,
72 cryptohome::AuthorizationRequest* auth_proto) { 104 cryptohome::AuthorizationRequest* auth_proto) {
73 Key* key = auth_proto->mutable_key(); 105 Key* key = auth_proto->mutable_key();
74 if (!auth.label.empty()) { 106 if (!auth.label.empty()) {
75 key->mutable_data()->set_label(auth.label); 107 key->mutable_data()->set_label(auth.label);
76 } 108 }
77 key->set_secret(auth.key); 109 key->set_secret(auth.key);
78 } 110 }
79 111
112 void ParseAuthorizationDataProtobuf(
113 const KeyAuthorizationData& authorization_data_proto,
114 KeyDefinition::AuthorizationData* authorization_data) {
115 switch (authorization_data_proto.type()) {
116 case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256:
117 authorization_data->type =
118 KeyDefinition::AuthorizationData::TYPE_HMACSHA256;
119 break;
120 case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256:
121 authorization_data->type =
122 KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256;
123 break;
124 default:
125 NOTREACHED();
126 return;
127 }
128
129 for (RepeatedPtrField<KeyAuthorizationSecret>::const_iterator it =
130 authorization_data_proto.secrets().begin();
131 it != authorization_data_proto.secrets().end(); ++it) {
132 authorization_data->secrets.push_back(
133 KeyDefinition::AuthorizationData::Secret(it->usage().encrypt(),
134 it->usage().sign(),
135 it->symmetric_key(),
136 it->public_key(),
137 it->wrapped()));
138 }
139 }
140
80 MountError MapError(CryptohomeErrorCode code) { 141 MountError MapError(CryptohomeErrorCode code) {
81 switch (code) { 142 switch (code) {
82 case CRYPTOHOME_ERROR_NOT_SET: 143 case CRYPTOHOME_ERROR_NOT_SET:
83 return MOUNT_ERROR_NONE; 144 return MOUNT_ERROR_NONE;
84 case CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND: 145 case CRYPTOHOME_ERROR_ACCOUNT_NOT_FOUND:
85 return MOUNT_ERROR_USER_DOES_NOT_EXIST; 146 return MOUNT_ERROR_USER_DOES_NOT_EXIST;
86 case CRYPTOHOME_ERROR_NOT_IMPLEMENTED: 147 case CRYPTOHOME_ERROR_NOT_IMPLEMENTED:
87 case CRYPTOHOME_ERROR_MOUNT_FATAL: 148 case CRYPTOHOME_ERROR_MOUNT_FATAL:
88 case CRYPTOHOME_ERROR_KEY_QUOTA_EXCEEDED: 149 case CRYPTOHOME_ERROR_KEY_QUOTA_EXCEEDED:
89 case CRYPTOHOME_ERROR_BACKING_STORE_FAILURE: 150 case CRYPTOHOME_ERROR_BACKING_STORE_FAILURE:
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after
250 weak_ptr_factory_.GetWeakPtr(), 311 weak_ptr_factory_.GetWeakPtr(),
251 callback)); 312 callback));
252 } 313 }
253 314
254 private: 315 private:
255 void OnGetKeyDataExCallback(const GetKeyDataCallback& callback, 316 void OnGetKeyDataExCallback(const GetKeyDataCallback& callback,
256 chromeos::DBusMethodCallStatus call_status, 317 chromeos::DBusMethodCallStatus call_status,
257 bool result, 318 bool result,
258 const BaseReply& reply) { 319 const BaseReply& reply) {
259 if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS) { 320 if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS) {
260 callback.Run(false, MOUNT_ERROR_FATAL, ScopedVector<RetrievedKeyData>()); 321 callback.Run(false, MOUNT_ERROR_FATAL, std::vector<KeyDefinition>());
261 return; 322 return;
262 } 323 }
263 if (reply.has_error()) { 324 if (reply.has_error()) {
264 if (reply.error() != CRYPTOHOME_ERROR_NOT_SET) { 325 if (reply.error() != CRYPTOHOME_ERROR_NOT_SET) {
265 callback.Run(false, 326 callback.Run(false,
266 MapError(reply.error()), 327 MapError(reply.error()),
267 ScopedVector<RetrievedKeyData>()); 328 std::vector<KeyDefinition>());
268 return; 329 return;
269 } 330 }
270 } 331 }
271 332
272 if (!reply.HasExtension(GetKeyDataReply::reply)) { 333 if (!reply.HasExtension(GetKeyDataReply::reply)) {
273 callback.Run(false, MOUNT_ERROR_FATAL, ScopedVector<RetrievedKeyData>()); 334 callback.Run(false, MOUNT_ERROR_FATAL, std::vector<KeyDefinition>());
274 return; 335 return;
275 } 336 }
276 337
277 // Extract the contents of the |KeyData| protos returned. 338 // Extract the contents of the |KeyData| protos returned.
278 const RepeatedPtrField<KeyData>& key_data_proto = 339 const RepeatedPtrField<KeyData>& key_data =
279 reply.GetExtension(GetKeyDataReply::reply).key_data(); 340 reply.GetExtension(GetKeyDataReply::reply).key_data();
280 ScopedVector<RetrievedKeyData> key_data_list; 341 std::vector<KeyDefinition> key_definitions;
281 for (RepeatedPtrField<KeyData>::const_iterator it = key_data_proto.begin(); 342 for (RepeatedPtrField<KeyData>::const_iterator it = key_data.begin();
282 it != key_data_proto.end(); ++it) { 343 it != key_data.end(); ++it) {
283 344
284 // Extract |type|, |label| and |revision|. 345 // Extract |type|, |label| and |revision|.
285 DCHECK_EQ(KeyData::KEY_TYPE_PASSWORD, it->type()); 346 DCHECK_EQ(KeyData::KEY_TYPE_PASSWORD, it->type());
286 key_data_list.push_back(new RetrievedKeyData( 347 key_definitions.push_back(KeyDefinition(std::string() /* secret */,
287 RetrievedKeyData::TYPE_PASSWORD, 348 it->label(),
288 it->label(), 349 0 /* privileges */));
289 it->revision())); 350 KeyDefinition& key_definition = key_definitions.back();
290 RetrievedKeyData* key_data = key_data_list.back(); 351 key_definition.revision = it->revision();
291 352
292 // Extract |privileges|. 353 // Extract |privileges|.
293 const KeyPrivileges& privileges = it->privileges(); 354 const KeyPrivileges& privileges = it->privileges();
294 if (privileges.mount()) 355 if (privileges.mount())
295 key_data->privileges |= PRIV_MOUNT; 356 key_definition.privileges |= PRIV_MOUNT;
296 if (privileges.add()) 357 if (privileges.add())
297 key_data->privileges |= PRIV_ADD; 358 key_definition.privileges |= PRIV_ADD;
298 if (privileges.remove()) 359 if (privileges.remove())
299 key_data->privileges |= PRIV_REMOVE; 360 key_definition.privileges |= PRIV_REMOVE;
300 if (privileges.update()) 361 if (privileges.update())
301 key_data->privileges |= PRIV_MIGRATE; 362 key_definition.privileges |= PRIV_MIGRATE;
302 if (privileges.authorized_update()) 363 if (privileges.authorized_update())
303 key_data->privileges |= PRIV_AUTHORIZED_UPDATE; 364 key_definition.privileges |= PRIV_AUTHORIZED_UPDATE;
304 365
305 // Extract |authorization_data|. 366 // Extract |authorization_data|.
306 for (RepeatedPtrField<KeyAuthorizationData>::const_iterator auth_it = 367 for (RepeatedPtrField<KeyAuthorizationData>::const_iterator auth_it =
307 it->authorization_data().begin(); 368 it->authorization_data().begin();
308 auth_it != it->authorization_data().end(); ++auth_it) { 369 auth_it != it->authorization_data().end(); ++auth_it) {
309 switch (auth_it->type()) { 370 key_definition.authorization_data.push_back(
310 case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256: 371 KeyDefinition::AuthorizationData());
311 key_data->authorization_types.push_back( 372 ParseAuthorizationDataProtobuf(
312 RetrievedKeyData::AUTHORIZATION_TYPE_HMACSHA256); 373 *auth_it,
313 break; 374 &key_definition.authorization_data.back());
314 case KeyAuthorizationData::
315 KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256:
316 key_data->authorization_types.push_back(
317 RetrievedKeyData::AUTHORIZATION_TYPE_AES256CBC_HMACSHA256);
318 break;
319 default:
320 NOTREACHED();
321 break;
322 }
323 } 375 }
324 376
325 // Extract |provider_data|. 377 // Extract |provider_data|.
326 for (RepeatedPtrField<KeyProviderData::Entry>::const_iterator 378 for (RepeatedPtrField<KeyProviderData::Entry>::const_iterator
327 provider_data_it = it->provider_data().entry().begin(); 379 provider_data_it = it->provider_data().entry().begin();
328 provider_data_it != it->provider_data().entry().end(); 380 provider_data_it != it->provider_data().entry().end();
329 ++provider_data_it) { 381 ++provider_data_it) {
330 // Extract |name|. 382 // Extract |name|.
331 key_data->provider_data.push_back( 383 key_definition.provider_data.push_back(
332 new RetrievedKeyData::ProviderData(provider_data_it->name())); 384 KeyDefinition::ProviderData(provider_data_it->name()));
333 RetrievedKeyData::ProviderData* provider_data = 385 KeyDefinition::ProviderData& provider_data =
334 key_data->provider_data.back(); 386 key_definition.provider_data.back();
335 387
336 int data_items = 0; 388 int data_items = 0;
337 389
338 // Extract |number|. 390 // Extract |number|.
339 if (provider_data_it->has_number()) { 391 if (provider_data_it->has_number()) {
340 provider_data->number.reset(new int64(provider_data_it->number())); 392 provider_data.number.reset(new int64(provider_data_it->number()));
341 ++data_items; 393 ++data_items;
342 } 394 }
343 395
344 // Extract |bytes|. 396 // Extract |bytes|.
345 if (provider_data_it->has_bytes()) { 397 if (provider_data_it->has_bytes()) {
346 provider_data->bytes.reset( 398 provider_data.bytes.reset(
347 new std::string(provider_data_it->bytes())); 399 new std::string(provider_data_it->bytes()));
348 ++data_items; 400 ++data_items;
349 } 401 }
350 402
351 DCHECK_EQ(1, data_items); 403 DCHECK_EQ(1, data_items);
352 } 404 }
353 } 405 }
354 406
355 callback.Run(true, MOUNT_ERROR_NONE, key_data_list.Pass()); 407 callback.Run(true, MOUNT_ERROR_NONE, key_definitions);
356 } 408 }
357 409
358 void OnMountExCallback(const MountCallback& callback, 410 void OnMountExCallback(const MountCallback& callback,
359 chromeos::DBusMethodCallStatus call_status, 411 chromeos::DBusMethodCallStatus call_status,
360 bool result, 412 bool result,
361 const BaseReply& reply) { 413 const BaseReply& reply) {
362 if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS) { 414 if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS) {
363 callback.Run(false, MOUNT_ERROR_FATAL, std::string()); 415 callback.Run(false, MOUNT_ERROR_FATAL, std::string());
364 return; 416 return;
365 } 417 }
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
431 } 483 }
432 delete g_homedir_methods; 484 delete g_homedir_methods;
433 g_homedir_methods = NULL; 485 g_homedir_methods = NULL;
434 VLOG(1) << "HomedirMethods Shutdown completed"; 486 VLOG(1) << "HomedirMethods Shutdown completed";
435 } 487 }
436 488
437 // static 489 // static
438 HomedirMethods* HomedirMethods::GetInstance() { return g_homedir_methods; } 490 HomedirMethods* HomedirMethods::GetInstance() { return g_homedir_methods; }
439 491
440 } // namespace cryptohome 492 } // namespace cryptohome
OLDNEW
« chromeos/cryptohome/cryptohome_parameters.cc ('K') | « chromeos/cryptohome/homedir_methods.h ('k') | chromeos/cryptohome/homedir_methods_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698