diff options
| author | bartfab@chromium.org <bartfab@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-23 16:42:33 +0000 |
|---|---|---|
| committer | bartfab@chromium.org <bartfab@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-23 16:42:33 +0000 |
| commit | e9c42b37faeddeb37de40b0b96074f177cf50114 (patch) | |
| tree | 7da95ec3f6327d66f1122597b262e6ed4bc7fb73 | |
| parent | e64211bd21cfa560b1d1b49bb136e75b8d54715d (diff) | |
| download | chromium_src-e9c42b37faeddeb37de40b0b96074f177cf50114.zip chromium_src-e9c42b37faeddeb37de40b0b96074f177cf50114.tar.gz chromium_src-e9c42b37faeddeb37de40b0b96074f177cf50114.tar.bz2 | |
Switch ExternalPolicyDataUpdater from SHA-1 to SHA-256
This CL switches the hash algorithm used by ExternalPolicyDataUpdater
from SHA-1 to SHA-256. Since neither of the two features using this code
(policy for extensions and the UserAvatar Image policy) has been released
yet, there is no need for backwards compatibility.
BUG=336874
TEST=Updated tests
Review URL: https://codereview.chromium.org/135973006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@246615 0039d316-1c4b-4281-b951-d872f2087c98
14 files changed, 84 insertions, 56 deletions
diff --git a/chrome/browser/chromeos/policy/cloud_external_data_manager_base_test_util.cc b/chrome/browser/chromeos/policy/cloud_external_data_manager_base_test_util.cc index 4fa6368..e1c7674 100644 --- a/chrome/browser/chromeos/policy/cloud_external_data_manager_base_test_util.cc +++ b/chrome/browser/chromeos/policy/cloud_external_data_manager_base_test_util.cc @@ -6,7 +6,6 @@ #include "base/callback.h" #include "base/memory/weak_ptr.h" -#include "base/sha1.h" #include "base/strings/string_number_conversions.h" #include "base/values.h" #include "components/policy/core/common/cloud/cloud_external_data_manager.h" @@ -15,6 +14,7 @@ #include "components/policy/core/common/external_data_fetcher.h" #include "components/policy/core/common/policy_map.h" #include "components/policy/core/common/policy_types.h" +#include "crypto/sha2.h" #include "testing/gtest/include/gtest/gtest.h" namespace policy { @@ -30,7 +30,7 @@ void ExternalDataFetchCallback(scoped_ptr<std::string>* destination, scoped_ptr<base::DictionaryValue> ConstructExternalDataReference( const std::string& url, const std::string& data) { - const std::string hash = base::SHA1HashString(data); + const std::string hash = crypto::SHA256HashString(data); scoped_ptr<base::DictionaryValue> metadata(new base::DictionaryValue); metadata->SetStringWithoutPathExpansion("url", url); metadata->SetStringWithoutPathExpansion("hash", base::HexEncode(hash.c_str(), diff --git a/chrome/browser/chromeos/policy/cloud_external_data_manager_base_unittest.cc b/chrome/browser/chromeos/policy/cloud_external_data_manager_base_unittest.cc index 8636f2fa..e1c6a58 100644 --- a/chrome/browser/chromeos/policy/cloud_external_data_manager_base_unittest.cc +++ b/chrome/browser/chromeos/policy/cloud_external_data_manager_base_unittest.cc @@ -13,7 +13,6 @@ #include "base/message_loop/message_loop.h" #include "base/message_loop/message_loop_proxy.h" #include "base/run_loop.h" -#include "base/sha1.h" #include "base/stl_util.h" #include "base/strings/string_number_conversions.h" #include "base/test/test_simple_task_runner.h" @@ -25,6 +24,7 @@ #include "components/policy/core/common/policy_map.h" #include "components/policy/core/common/policy_test_utils.h" #include "components/policy/core/common/policy_types.h" +#include "crypto/sha2.h" #include "net/http/http_status_code.h" #include "net/url_request/test_url_fetcher_factory.h" #include "net/url_request/url_fetcher.h" @@ -159,11 +159,13 @@ void CloudExternalDataManagerBaseTest::SetUp() { // Make |k10BytePolicy| reference 10 bytes of external data. SetExternalDataReference( k10BytePolicy, - ConstructMetadata(k10BytePolicyURL, base::SHA1HashString(k10ByteData))); + ConstructMetadata(k10BytePolicyURL, + crypto::SHA256HashString(k10ByteData))); // Make |k20BytePolicy| reference 20 bytes of external data. SetExternalDataReference( k20BytePolicy, - ConstructMetadata(k20BytePolicyURL, base::SHA1HashString(k20ByteData))); + ConstructMetadata(k20BytePolicyURL, + crypto::SHA256HashString(k20ByteData))); cloud_policy_store_.NotifyStoreLoaded(); request_content_getter_ = new net::TestURLRequestContextGetter( @@ -336,7 +338,7 @@ TEST_F(CloudExternalDataManagerBaseTest, DownloadAndCache) { EXPECT_TRUE(CloudExternalDataStore(kCacheKey, message_loop_.message_loop_proxy(), resource_cache_.get()).Load( - k10BytePolicy, base::SHA1HashString(k10ByteData), 10, &data)); + k10BytePolicy, crypto::SHA256HashString(k10ByteData), 10, &data)); EXPECT_EQ(k10ByteData, data); } @@ -395,10 +397,14 @@ TEST_F(CloudExternalDataManagerBaseTest, DownloadAndCacheAll) { message_loop_.message_loop_proxy(), resource_cache_.get()); std::string data; - EXPECT_TRUE(cache.Load(k10BytePolicy, base::SHA1HashString(k10ByteData), 10, + EXPECT_TRUE(cache.Load(k10BytePolicy, + crypto::SHA256HashString(k10ByteData), + 10, &data)); EXPECT_EQ(k10ByteData, data); - EXPECT_TRUE(cache.Load(k20BytePolicy, base::SHA1HashString(k20ByteData), 20, + EXPECT_TRUE(cache.Load(k20BytePolicy, + crypto::SHA256HashString(k20ByteData), + 20, &data)); EXPECT_EQ(k20ByteData, data); } @@ -452,7 +458,8 @@ TEST_F(CloudExternalDataManagerBaseTest, DownloadError) { // download to be retried immediately. SetExternalDataReference( k20BytePolicy, - ConstructMetadata(k20BytePolicyURL, base::SHA1HashString(k10ByteData))); + ConstructMetadata(k20BytePolicyURL, + crypto::SHA256HashString(k10ByteData))); cloud_policy_store_.NotifyStoreLoaded(); // Attempt to retrieve external data for |k20BytePolicy| again. Verify that @@ -467,7 +474,8 @@ TEST_F(CloudExternalDataManagerBaseTest, DownloadError) { // download to be retried immediately. SetExternalDataReference( k20BytePolicy, - ConstructMetadata(k20BytePolicyURL, base::SHA1HashString(k20ByteData))); + ConstructMetadata(k20BytePolicyURL, + crypto::SHA256HashString(k20ByteData))); cloud_policy_store_.NotifyStoreLoaded(); // Serve external data for |k20BytePolicy| that does not match the hash @@ -488,7 +496,8 @@ TEST_F(CloudExternalDataManagerBaseTest, DownloadError) { // the data being served. SetExternalDataReference( k20BytePolicy, - ConstructMetadata(k20BytePolicyURL, base::SHA1HashString(k10ByteData))); + ConstructMetadata(k20BytePolicyURL, + crypto::SHA256HashString(k10ByteData))); cloud_policy_store_.NotifyStoreLoaded(); // Attempt to retrieve external data for |k20BytePolicy| again. Verify that @@ -518,7 +527,7 @@ TEST_F(CloudExternalDataManagerBaseTest, LoadFromCache) { EXPECT_TRUE(CloudExternalDataStore(kCacheKey, message_loop_.message_loop_proxy(), resource_cache_.get()).Store( - k10BytePolicy, base::SHA1HashString(k10ByteData), k10ByteData)); + k10BytePolicy, crypto::SHA256HashString(k10ByteData), k10ByteData)); // Instantiate an external_data_manager_ that uses the primed cache. SetUpExternalDataManager(); @@ -546,17 +555,17 @@ TEST_F(CloudExternalDataManagerBaseTest, PruneCacheOnStartup) { resource_cache_.get())); // Store valid external data for |k10BytePolicy| in the cache. EXPECT_TRUE(cache->Store(k10BytePolicy, - base::SHA1HashString(k10ByteData), + crypto::SHA256HashString(k10ByteData), k10ByteData)); // Store external data for |k20BytePolicy| that does not match the hash in its // external data reference. EXPECT_TRUE(cache->Store(k20BytePolicy, - base::SHA1HashString(k10ByteData), + crypto::SHA256HashString(k10ByteData), k10ByteData)); // Store external data for |kUnknownPolicy|, which is not a known policy and // therefore, cannot be referencing any external data. EXPECT_TRUE(cache->Store(kUnknownPolicy, - base::SHA1HashString(k10ByteData), + crypto::SHA256HashString(k10ByteData), k10ByteData)); cache.reset(); @@ -571,15 +580,21 @@ TEST_F(CloudExternalDataManagerBaseTest, PruneCacheOnStartup) { std::string data; // Verify that the valid external data for |k10BytePolicy| is still in the // cache. - EXPECT_TRUE(cache->Load(k10BytePolicy, base::SHA1HashString(k10ByteData), - 10, &data)); + EXPECT_TRUE(cache->Load(k10BytePolicy, + crypto::SHA256HashString(k10ByteData), + 10, + &data)); EXPECT_EQ(k10ByteData, data); // Verify that the external data for |k20BytePolicy| and |kUnknownPolicy| has // been pruned from the cache. - EXPECT_FALSE(cache->Load(k20BytePolicy, base::SHA1HashString(k10ByteData), - 20, &data)); - EXPECT_FALSE(cache->Load(kUnknownPolicy, base::SHA1HashString(k10ByteData), - 20, &data)); + EXPECT_FALSE(cache->Load(k20BytePolicy, + crypto::SHA256HashString(k10ByteData), + 20, + &data)); + EXPECT_FALSE(cache->Load(kUnknownPolicy, + crypto::SHA256HashString(k10ByteData), + 20, + &data)); } // Verifies that when the external data referenced by a policy is present in the @@ -593,7 +608,7 @@ TEST_F(CloudExternalDataManagerBaseTest, PruneCacheOnChange) { message_loop_.message_loop_proxy(), resource_cache_.get())); EXPECT_TRUE(cache->Store(k20BytePolicy, - base::SHA1HashString(k20ByteData), + crypto::SHA256HashString(k20ByteData), k20ByteData)); cache.reset(); @@ -604,7 +619,8 @@ TEST_F(CloudExternalDataManagerBaseTest, PruneCacheOnChange) { // Modify the external data reference for |k20BytePolicy|. SetExternalDataReference( k20BytePolicy, - ConstructMetadata(k20BytePolicyURL, base::SHA1HashString(k10ByteData))); + ConstructMetadata(k20BytePolicyURL, + crypto::SHA256HashString(k10ByteData))); cloud_policy_store_.NotifyStoreLoaded(); // Verify that the old external data for |k20BytePolicy| has been pruned from @@ -615,7 +631,9 @@ TEST_F(CloudExternalDataManagerBaseTest, PruneCacheOnChange) { message_loop_.message_loop_proxy(), resource_cache_.get())); std::string data; - EXPECT_FALSE(cache->Load(k20BytePolicy, base::SHA1HashString(k20ByteData), 20, + EXPECT_FALSE(cache->Load(k20BytePolicy, + crypto::SHA256HashString(k20ByteData), + 20, &data)); } @@ -630,12 +648,12 @@ TEST_F(CloudExternalDataManagerBaseTest, CacheCorruption) { // Store external data for |k10BytePolicy| that exceeds the maximal external // data size allowed for that policy. EXPECT_TRUE(cache->Store(k10BytePolicy, - base::SHA1HashString(k20ByteData), + crypto::SHA256HashString(k20ByteData), k20ByteData)); // Store external data for |k20BytePolicy| that is corrupted and does not // match the expected hash. EXPECT_TRUE(cache->Store(k20BytePolicy, - base::SHA1HashString(k20ByteData), + crypto::SHA256HashString(k20ByteData), k10ByteData)); cache.reset(); @@ -650,7 +668,8 @@ TEST_F(CloudExternalDataManagerBaseTest, CacheCorruption) { // external data being served. SetExternalDataReference( k10BytePolicy, - ConstructMetadata(k10BytePolicyURL, base::SHA1HashString(k20ByteData))); + ConstructMetadata(k10BytePolicyURL, + crypto::SHA256HashString(k20ByteData))); cloud_policy_store_.NotifyStoreLoaded(); // Retrieve external data for |k10BytePolicy|. Verify that the callback is @@ -689,11 +708,15 @@ TEST_F(CloudExternalDataManagerBaseTest, CacheCorruption) { // that would allow the data originally written to the cache to be loaded. // When this fails, it is certain that the original data is no longer present // in the cache. - EXPECT_FALSE(cache->Load(k10BytePolicy, base::SHA1HashString(k20ByteData), 20, + EXPECT_FALSE(cache->Load(k10BytePolicy, + crypto::SHA256HashString(k20ByteData), + 20, &data)); // Verify that the invalid external data for |k20BytePolicy| has been replaced // with the downloaded valid data in the cache. - EXPECT_TRUE(cache->Load(k20BytePolicy, base::SHA1HashString(k20ByteData), 20, + EXPECT_TRUE(cache->Load(k20BytePolicy, + crypto::SHA256HashString(k20ByteData), + 20, &data)); EXPECT_EQ(k20ByteData, data); } @@ -742,7 +765,8 @@ TEST_F(CloudExternalDataManagerBaseTest, PolicyChangeWhileDownloadPending) { // the downloaded data. SetExternalDataReference( k20BytePolicy, - ConstructMetadata(k20BytePolicyURL, base::SHA1HashString(k10ByteData))); + ConstructMetadata(k20BytePolicyURL, + crypto::SHA256HashString(k10ByteData))); cloud_policy_store_.NotifyStoreLoaded(); base::RunLoop().RunUntilIdle(); EXPECT_EQ(1u, callback_data_.size()); diff --git a/chrome/browser/chromeos/policy/cloud_external_data_store.cc b/chrome/browser/chromeos/policy/cloud_external_data_store.cc index d19c2a9..894600f 100644 --- a/chrome/browser/chromeos/policy/cloud_external_data_store.cc +++ b/chrome/browser/chromeos/policy/cloud_external_data_store.cc @@ -8,9 +8,9 @@ #include "base/logging.h" #include "base/sequenced_task_runner.h" -#include "base/sha1.h" #include "base/strings/string_number_conversions.h" #include "components/policy/core/common/cloud/resource_cache.h" +#include "crypto/sha2.h" namespace policy { @@ -65,7 +65,7 @@ bool CloudExternalDataStore::Load(const std::string& policy, DCHECK(task_runner_->RunsTasksOnCurrentThread()); const std::string subkey = GetSubkey(policy, hash); if (cache_->Load(cache_key_, subkey, data)) { - if (data->size() <= max_size && base::SHA1HashString(*data) == hash) + if (data->size() <= max_size && crypto::SHA256HashString(*data) == hash) return true; // If the data is larger than allowed or does not match the expected hash, // delete the entry. diff --git a/chrome/browser/chromeos/policy/cloud_external_data_store_unittest.cc b/chrome/browser/chromeos/policy/cloud_external_data_store_unittest.cc index d8333301..9491b3a 100644 --- a/chrome/browser/chromeos/policy/cloud_external_data_store_unittest.cc +++ b/chrome/browser/chromeos/policy/cloud_external_data_store_unittest.cc @@ -7,9 +7,9 @@ #include "base/compiler_specific.h" #include "base/files/scoped_temp_dir.h" #include "base/memory/scoped_ptr.h" -#include "base/sha1.h" #include "base/test/test_simple_task_runner.h" #include "components/policy/core/common/cloud/resource_cache.h" +#include "crypto/sha2.h" #include "testing/gtest/include/gtest/gtest.h" namespace policy { @@ -45,8 +45,8 @@ class CouldExternalDataStoreTest : public testing::Test { }; CouldExternalDataStoreTest::CouldExternalDataStoreTest() - : kData1Hash(base::SHA1HashString(kData1)), - kData2Hash(base::SHA1HashString(kData2)), + : kData1Hash(crypto::SHA256HashString(kData1)), + kData2Hash(crypto::SHA256HashString(kData2)), task_runner_(new base::TestSimpleTaskRunner) { } diff --git a/chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.cc b/chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.cc index 53cf19c..a58ddb4 100644 --- a/chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.cc +++ b/chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.cc @@ -14,7 +14,6 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/prefs/pref_value_map.h" -#include "base/sha1.h" #include "base/strings/string_number_conversions.h" #include "base/strings/string_util.h" #include "base/values.h" @@ -29,6 +28,7 @@ #include "components/policy/core/browser/policy_error_map.h" #include "components/policy/core/common/external_data_fetcher.h" #include "components/policy/core/common/policy_map.h" +#include "crypto/sha2.h" #include "grit/component_strings.h" #include "policy/policy_constants.h" #include "url/gurl.h" @@ -103,7 +103,7 @@ bool ExternalDataPolicyHandler::CheckPolicySettings(const PolicyMap& policies, std::vector<uint8> hash; if (!base::HexStringToBytes(hash_string, &hash) || - hash.size() != base::kSHA1Length) { + hash.size() != crypto::kSHA256Length) { errors->AddError(policy, kSubkeyHash, IDS_POLICY_VALUE_FORMAT_ERROR); return false; } diff --git a/chrome/browser/chromeos/policy/configuration_policy_handler_chromeos_unittest.cc b/chrome/browser/chromeos/policy/configuration_policy_handler_chromeos_unittest.cc index 5893406..d886a35 100644 --- a/chrome/browser/chromeos/policy/configuration_policy_handler_chromeos_unittest.cc +++ b/chrome/browser/chromeos/policy/configuration_policy_handler_chromeos_unittest.cc @@ -157,7 +157,9 @@ TEST(ExternalDataPolicyHandlerTest, InvalidHash) { TEST(ExternalDataPolicyHandlerTest, Valid) { scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue); dict->SetString("url", "http://localhost/"); - dict->SetString("hash", "1234567890123456789012345678901234567890"); + dict->SetString( + "hash", + "1234567890123456789012345678901234567890123456789012345678901234"); PolicyMap policy_map; policy_map.Set(key::kUserAvatarImage, POLICY_LEVEL_MANDATORY, diff --git a/chrome/browser/policy/test/policy_testserver.py b/chrome/browser/policy/test/policy_testserver.py index 6659495..be557b7 100644 --- a/chrome/browser/policy/test/policy_testserver.py +++ b/chrome/browser/policy/test/policy_testserver.py @@ -235,7 +235,7 @@ class PolicyRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): if data: settings.download_url = urlparse.urljoin( self.server.GetBaseURL(), 'externalpolicydata?key=%s' % policy_key) - settings.secure_hash = hashlib.sha1(data).digest() + settings.secure_hash = hashlib.sha256(data).digest() return settings.SerializeToString() def CheckGoogleLogin(self): diff --git a/components/policy/core/common/cloud/component_cloud_policy_service_unittest.cc b/components/policy/core/common/cloud/component_cloud_policy_service_unittest.cc index 5ff6e89..9c1dd11 100644 --- a/components/policy/core/common/cloud/component_cloud_policy_service_unittest.cc +++ b/components/policy/core/common/cloud/component_cloud_policy_service_unittest.cc @@ -11,7 +11,6 @@ #include "base/files/scoped_temp_dir.h" #include "base/message_loop/message_loop.h" #include "base/run_loop.h" -#include "base/sha1.h" #include "base/single_thread_task_runner.h" #include "base/stl_util.h" #include "base/values.h" @@ -25,6 +24,7 @@ #include "components/policy/core/common/policy_types.h" #include "components/policy/core/common/schema.h" #include "components/policy/core/common/schema_map.h" +#include "crypto/sha2.h" #include "net/url_request/test_url_fetcher_factory.h" #include "net/url_request/url_fetcher_delegate.h" #include "net/url_request/url_request_context.h" @@ -132,7 +132,7 @@ class ComponentCloudPolicyServiceTest : public testing::Test { dm_protocol::kChromeExtensionPolicyType); builder_.policy_data().set_settings_entity_id(kTestExtension); builder_.payload().set_download_url(kTestDownload); - builder_.payload().set_secure_hash(base::SHA1HashString(kTestPolicy)); + builder_.payload().set_secure_hash(crypto::SHA256HashString(kTestPolicy)); expected_policy_.Set("Name", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, base::Value::CreateStringValue("disabled"), NULL); @@ -529,7 +529,8 @@ TEST_F(ComponentCloudPolicyServiceTest, SignOut) { TEST_F(ComponentCloudPolicyServiceTest, LoadInvalidPolicyFromCache) { // Put the invalid test policy in the cache. One of its policies will be // loaded, the other should be filtered out by the schema. - builder_.payload().set_secure_hash(base::SHA1HashString(kInvalidTestPolicy)); + builder_.payload().set_secure_hash( + crypto::SHA256HashString(kInvalidTestPolicy)); EXPECT_TRUE(cache_->Store( "extension-policy", kTestExtension, CreateSerializedResponse())); EXPECT_TRUE(cache_->Store( diff --git a/components/policy/core/common/cloud/component_cloud_policy_store.cc b/components/policy/core/common/cloud/component_cloud_policy_store.cc index 7d2c6a1..e55688b 100644 --- a/components/policy/core/common/cloud/component_cloud_policy_store.cc +++ b/components/policy/core/common/cloud/component_cloud_policy_store.cc @@ -7,13 +7,13 @@ #include "base/callback.h" #include "base/json/json_reader.h" #include "base/logging.h" -#include "base/sha1.h" #include "base/strings/string_util.h" #include "base/values.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" #include "components/policy/core/common/cloud/cloud_policy_validator.h" #include "components/policy/core/common/external_data_fetcher.h" #include "components/policy/core/common/policy_map.h" +#include "crypto/sha2.h" #include "policy/proto/chrome_extension_policy.pb.h" #include "policy/proto/device_management_backend.pb.h" #include "url/gurl.h" @@ -317,7 +317,8 @@ bool ComponentCloudPolicyStore::ValidateData( const std::string& data, const std::string& secure_hash, PolicyMap* policy) { - return base::SHA1HashString(data) == secure_hash && ParsePolicy(data, policy); + return crypto::SHA256HashString(data) == secure_hash && + ParsePolicy(data, policy); } bool ComponentCloudPolicyStore::ParsePolicy(const std::string& data, diff --git a/components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc b/components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc index 66dee41..2f8d1ea 100644 --- a/components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc +++ b/components/policy/core/common/cloud/component_cloud_policy_store_unittest.cc @@ -12,12 +12,12 @@ #include "base/callback.h" #include "base/files/scoped_temp_dir.h" #include "base/memory/ref_counted.h" -#include "base/sha1.h" #include "base/test/test_simple_task_runner.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" #include "components/policy/core/common/cloud/policy_builder.h" #include "components/policy/core/common/cloud/resource_cache.h" #include "components/policy/core/common/external_data_fetcher.h" +#include "crypto/sha2.h" #include "policy/proto/chrome_extension_policy.pb.h" #include "policy/proto/device_management_backend.pb.h" #include "testing/gmock/include/gmock/gmock.h" @@ -45,7 +45,7 @@ const char kTestPolicy[] = "}"; std::string TestPolicyHash() { - return base::SHA1HashString(kTestPolicy); + return crypto::SHA256HashString(kTestPolicy); } bool NotEqual(const std::string& expected, const std::string& key) { @@ -231,7 +231,7 @@ TEST_F(ComponentCloudPolicyStoreTest, StoreAndLoad) { // Store policy with invalid JSON data. static const char kInvalidData[] = "{ not json }"; - const std::string invalid_data_hash = base::SHA1HashString(kInvalidData); + const std::string invalid_data_hash = crypto::SHA256HashString(kInvalidData); builder_.payload().set_secure_hash(invalid_data_hash); EXPECT_FALSE(store_->Store( ns, CreateSerializedResponse(), invalid_data_hash, kInvalidData)); diff --git a/components/policy/core/common/cloud/component_cloud_policy_updater_unittest.cc b/components/policy/core/common/cloud/component_cloud_policy_updater_unittest.cc index b6cee89..5463747 100644 --- a/components/policy/core/common/cloud/component_cloud_policy_updater_unittest.cc +++ b/components/policy/core/common/cloud/component_cloud_policy_updater_unittest.cc @@ -8,7 +8,6 @@ #include "base/compiler_specific.h" #include "base/files/scoped_temp_dir.h" #include "base/sequenced_task_runner.h" -#include "base/sha1.h" #include "base/test/test_simple_task_runner.h" #include "base/values.h" #include "components/policy/core/common/cloud/cloud_policy_constants.h" @@ -20,6 +19,7 @@ #include "components/policy/core/common/policy_bundle.h" #include "components/policy/core/common/policy_map.h" #include "components/policy/core/common/policy_types.h" +#include "crypto/sha2.h" #include "net/url_request/test_url_fetcher_factory.h" #include "net/url_request/url_fetcher_delegate.h" #include "net/url_request/url_request_context_getter.h" @@ -104,7 +104,7 @@ void ComponentCloudPolicyUpdaterTest::SetUp() { dm_protocol::kChromeExtensionPolicyType); builder_.policy_data().set_settings_entity_id(kTestExtension); builder_.payload().set_download_url(kTestDownload); - builder_.payload().set_secure_hash(base::SHA1HashString(kTestPolicy)); + builder_.payload().set_secure_hash(crypto::SHA256HashString(kTestPolicy)); PolicyNamespace ns(POLICY_DOMAIN_EXTENSIONS, kTestExtension); PolicyMap& policy = expected_bundle_.Get(ns); @@ -205,7 +205,7 @@ TEST_F(ComponentCloudPolicyUpdaterTest, AlreadyCached) { EXPECT_CALL(store_delegate_, OnComponentCloudPolicyStoreUpdated()); EXPECT_TRUE(store_->Store(ns, builder_.GetBlob(), - base::SHA1HashString(kTestPolicy), + crypto::SHA256HashString(kTestPolicy), kTestPolicy)); Mock::VerifyAndClearExpectations(&store_delegate_); diff --git a/components/policy/core/common/cloud/external_policy_data_updater.cc b/components/policy/core/common/cloud/external_policy_data_updater.cc index e584470..e3039b0 100644 --- a/components/policy/core/common/cloud/external_policy_data_updater.cc +++ b/components/policy/core/common/cloud/external_policy_data_updater.cc @@ -10,9 +10,9 @@ #include "base/location.h" #include "base/logging.h" #include "base/sequenced_task_runner.h" -#include "base/sha1.h" #include "base/stl_util.h" #include "components/policy/core/common/cloud/external_policy_data_fetcher.h" +#include "crypto/sha2.h" #include "net/base/backoff_entry.h" #include "url/gurl.h" @@ -254,7 +254,7 @@ void ExternalPolicyDataUpdater::FetchJob::OnFetchFinished( break; } - if (base::SHA1HashString(*data) != request_.hash) { + if (crypto::SHA256HashString(*data) != request_.hash) { // Received |data| does not match expected hash. This may be because the // data being served is stale. Try again much later. OnFailed(&retry_much_later_entry_); diff --git a/components/policy/core/common/cloud/external_policy_data_updater_unittest.cc b/components/policy/core/common/cloud/external_policy_data_updater_unittest.cc index 4a45be2..284eb2a 100644 --- a/components/policy/core/common/cloud/external_policy_data_updater_unittest.cc +++ b/components/policy/core/common/cloud/external_policy_data_updater_unittest.cc @@ -9,11 +9,11 @@ #include "base/callback.h" #include "base/compiler_specific.h" #include "base/memory/scoped_ptr.h" -#include "base/sha1.h" #include "base/test/test_pending_task.h" #include "base/test/test_simple_task_runner.h" #include "base/time/time.h" #include "components/policy/core/common/cloud/external_policy_data_fetcher.h" +#include "crypto/sha2.h" #include "net/base/net_errors.h" #include "net/url_request/test_url_fetcher_factory.h" #include "net/url_request/url_fetcher_delegate.h" @@ -109,7 +109,7 @@ ExternalPolicyDataUpdater::Request ExternalPolicyDataUpdaterTest::CreateRequest(const std::string& url) const { return ExternalPolicyDataUpdater::Request( url, - base::SHA1HashString(kExternalPolicyDataPayload), + crypto::SHA256HashString(kExternalPolicyDataPayload), kExternalPolicyDataMaxSize); } diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json index eca3c68..b361a22 100644 --- a/components/policy/resources/policy_templates.json +++ b/components/policy/resources/policy_templates.json @@ -5899,7 +5899,7 @@ 'hash': { "type": "string" } }, }, - 'supported_on': ['chrome_os:33-'], + 'supported_on': ['chrome_os:34-'], 'features': { 'dynamic_refresh': True, 'per_profile': True, @@ -5923,7 +5923,7 @@ "type": "string" }, "hash": { - "description": "The SHA-1 hash of the avatar image.", + "description": "The SHA-256 hash of the avatar image.", "type": "string" } } |