diff options
| author | bartfab <bartfab@chromium.org> | 2014-09-15 07:40:04 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2014-09-15 15:02:23 +0000 |
| commit | e7e066d00108649cb3761fc5f450a8d9068fa8b3 (patch) | |
| tree | 6e8ef2a5cddda660e8a9535176400fd492682f9c /chromeos | |
| parent | 908d52405f9961fd87d3b65287ab50f67a1d7c1b (diff) | |
| download | chromium_src-e7e066d00108649cb3761fc5f450a8d9068fa8b3.zip chromium_src-e7e066d00108649cb3761fc5f450a8d9068fa8b3.tar.gz chromium_src-e7e066d00108649cb3761fc5f450a8d9068fa8b3.tar.bz2 | |
Merge cryptohome::RetrievedKeyData with cryptohome::KeyDefinition
cryptohome::RetrievedKeyData and cryptohome::KeyDefinition both represent
subsets of the Key protobuf. This CL merges the two classes and makes the
resulting cryptohome::KeyDefinition contain all of Key's fields.
TBR=pamg (manager_password_service.cc)
BUG=367847
TEST=Updated unit tests
Review URL: https://codereview.chromium.org/526353002
Cr-Commit-Position: refs/heads/master@{#294823}
Diffstat (limited to 'chromeos')
| -rw-r--r-- | chromeos/cryptohome/cryptohome_parameters.cc | 152 | ||||
| -rw-r--r-- | chromeos/cryptohome/cryptohome_parameters.h | 109 | ||||
| -rw-r--r-- | chromeos/cryptohome/homedir_methods.cc | 152 | ||||
| -rw-r--r-- | chromeos/cryptohome/homedir_methods.h | 4 | ||||
| -rw-r--r-- | chromeos/cryptohome/homedir_methods_unittest.cc | 37 | ||||
| -rw-r--r-- | chromeos/cryptohome/mock_homedir_methods.cc | 5 | ||||
| -rw-r--r-- | chromeos/login/auth/cryptohome_authenticator.cc | 45 | ||||
| -rw-r--r-- | chromeos/login/auth/extended_authenticator.cc | 2 |
8 files changed, 340 insertions, 166 deletions
diff --git a/chromeos/cryptohome/cryptohome_parameters.cc b/chromeos/cryptohome/cryptohome_parameters.cc index 41246f3..d784d4e 100644 --- a/chromeos/cryptohome/cryptohome_parameters.cc +++ b/chromeos/cryptohome/cryptohome_parameters.cc @@ -15,25 +15,135 @@ bool Identification::operator==(const Identification& other) const { return user_id == other.user_id; } -KeyDefinition::KeyDefinition(const std::string& key, +KeyDefinition::AuthorizationData::Secret::Secret() : encrypt(false), + sign(false), + wrapped(false) { +} + +KeyDefinition::AuthorizationData::Secret::Secret( + bool encrypt, + bool sign, + const std::string& symmetric_key, + const std::string& public_key, + bool wrapped) + : encrypt(encrypt), + sign(sign), + symmetric_key(symmetric_key), + public_key(public_key), + wrapped(wrapped) { +} + +bool KeyDefinition::AuthorizationData::Secret::operator==( + const Secret& other) const { + return encrypt == other.encrypt && + sign == other.sign && + symmetric_key == other.symmetric_key && + public_key == other.public_key && + wrapped == other.wrapped; +} + +KeyDefinition::AuthorizationData::AuthorizationData() : type(TYPE_HMACSHA256) { +} + +KeyDefinition::AuthorizationData::AuthorizationData( + bool encrypt, + bool sign, + const std::string& symmetric_key) : type(TYPE_HMACSHA256) { + secrets.push_back(Secret(encrypt, + sign, + symmetric_key, + std::string() /* public_key */, + false /* wrapped */)); +} + + +KeyDefinition::AuthorizationData::~AuthorizationData() { +} + +bool KeyDefinition::AuthorizationData::operator==( + const AuthorizationData& other) const { + if (type != other.type || secrets.size() != other.secrets.size()) + return false; + for (size_t i = 0; i < secrets.size(); ++i) { + if (!(secrets[i] == other.secrets[i])) + return false; + } + return true; +} + +KeyDefinition::ProviderData::ProviderData() { +} + +KeyDefinition::ProviderData::ProviderData(const std::string& name) + : name(name) { +} + +KeyDefinition::ProviderData::ProviderData(const ProviderData& other) + : name(other.name) { + if (other.number) + number.reset(new int64(*other.number)); + if (other.bytes) + bytes.reset(new std::string(*other.bytes)); +} + +void KeyDefinition::ProviderData::operator=(const ProviderData& other) { + name = other.name; + number.reset(other.number ? new int64(*other.number) : NULL); + bytes.reset(other.bytes ? new std::string(*other.bytes) : NULL); +} + +KeyDefinition::ProviderData::~ProviderData() { +} + +bool KeyDefinition::ProviderData::operator==(const ProviderData& other) const { + const bool has_number = number; + const bool other_has_number = other.number; + const bool has_bytes = bytes; + const bool other_has_bytes = other.bytes; + return name == other.name && + has_number == other_has_number && + has_bytes == other_has_bytes && + (!has_number || (*number == *other.number)) && + (!has_bytes || (*bytes == *other.bytes)); +} + +KeyDefinition::KeyDefinition() : type(TYPE_PASSWORD), + privileges(0), + revision(0) { +} + +KeyDefinition::KeyDefinition(const std::string& secret, const std::string& label, int /*AuthKeyPrivileges*/ privileges) - : label(label), - revision(1), - key(key), - privileges(privileges) { + : type(TYPE_PASSWORD), + label(label), + privileges(privileges), + revision(0), + secret(secret) { } KeyDefinition::~KeyDefinition() { } bool KeyDefinition::operator==(const KeyDefinition& other) const { - return label == other.label && - revision == other.revision && - key == other.key && - encryption_key == other.encryption_key && - signature_key == other.signature_key && - privileges == other.privileges; + if (type != other.type || + label != other.label || + privileges != other.privileges || + revision != other.revision || + authorization_data.size() != other.authorization_data.size() || + provider_data.size() != other.provider_data.size()) { + return false; + } + + for (size_t i = 0; i < authorization_data.size(); ++i) { + if (!(authorization_data[i] == other.authorization_data[i])) + return false; + } + for (size_t i = 0; i < provider_data.size(); ++i) { + if (!(provider_data[i] == other.provider_data[i])) + return false; + } + return true; } Authorization::Authorization(const std::string& key, const std::string& label) @@ -42,7 +152,7 @@ Authorization::Authorization(const std::string& key, const std::string& label) } Authorization::Authorization(const KeyDefinition& key_def) - : key(key_def.key), + : key(key_def.secret), label(key_def.label) { } @@ -50,24 +160,6 @@ bool Authorization::operator==(const Authorization& other) const { return key == other.key && label == other.label; } -RetrievedKeyData::ProviderData::ProviderData(const std::string& name) - : name(name) { -} - -RetrievedKeyData::ProviderData::~ProviderData() { -} - -RetrievedKeyData::RetrievedKeyData(Type type, - const std::string& label, - int64 revision) : type(type), - label(label), - privileges(0), - revision(revision) { -} - -RetrievedKeyData::~RetrievedKeyData() { -} - MountParameters::MountParameters(bool ephemeral) : ephemeral(ephemeral) { } diff --git a/chromeos/cryptohome/cryptohome_parameters.h b/chromeos/cryptohome/cryptohome_parameters.h index fe43f2c..2ec1d40 100644 --- a/chromeos/cryptohome/cryptohome_parameters.h +++ b/chromeos/cryptohome/cryptohome_parameters.h @@ -10,7 +10,6 @@ #include "base/basictypes.h" #include "base/memory/scoped_ptr.h" -#include "base/memory/scoped_vector.h" #include "chromeos/chromeos_export.h" namespace cryptohome { @@ -34,68 +33,96 @@ struct CHROMEOS_EXPORT Identification { }; // Definition of the key (e.g. password) for the cryptohome. -// It contains authorization data along with extra parameters like perimissions +// It contains authorization data along with extra parameters like permissions // associated with this key. struct CHROMEOS_EXPORT KeyDefinition { - KeyDefinition(const std::string& key, - const std::string& label, - int /*AuthKeyPrivileges*/ privileges); - ~KeyDefinition(); - - bool operator==(const KeyDefinition& other) const; - - std::string label; - - int revision; - std::string key; - - std::string encryption_key; - std::string signature_key; - // Privileges associated with key. Combination of |AuthKeyPrivileges| values. - int privileges; -}; - -// Authorization attempt data for user. -struct CHROMEOS_EXPORT Authorization { - Authorization(const std::string& key, const std::string& label); - explicit Authorization(const KeyDefinition& key); - - bool operator==(const Authorization& other) const; - - std::string key; - std::string label; -}; - -// Information about keys returned by GetKeyDataEx(). -struct CHROMEOS_EXPORT RetrievedKeyData { enum Type { TYPE_PASSWORD = 0 }; - enum AuthorizationType { - AUTHORIZATION_TYPE_HMACSHA256 = 0, - AUTHORIZATION_TYPE_AES256CBC_HMACSHA256 + struct AuthorizationData { + enum Type { + TYPE_HMACSHA256 = 0, + TYPE_AES256CBC_HMACSHA256 + }; + + struct Secret { + Secret(); + Secret(bool encrypt, + bool sign, + const std::string& symmetric_key, + const std::string& public_key, + bool wrapped); + + bool operator==(const Secret& other) const; + + bool encrypt; + bool sign; + std::string symmetric_key; + std::string public_key; + bool wrapped; + }; + + AuthorizationData(); + AuthorizationData(bool encrypt, + bool sign, + const std::string& symmetric_key); + ~AuthorizationData(); + + bool operator==(const AuthorizationData& other) const; + + Type type; + std::vector<Secret> secrets; }; + // This struct holds metadata that will be stored alongside the key. Each + // |ProviderData| entry must have a |name| and may hold either a |number| or a + // sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is + // stored with the key and returned when requested but is never interpreted by + // cryptohome in any way. The metadata can be used to store information such + // as the hashing algorithm and the salt used to create the key. struct ProviderData { + ProviderData(); explicit ProviderData(const std::string& name); + explicit ProviderData(const ProviderData& other); + void operator=(const ProviderData& other); ~ProviderData(); + bool operator==(const ProviderData& other) const; + std::string name; scoped_ptr<int64> number; scoped_ptr<std::string> bytes; }; - RetrievedKeyData(Type type, const std::string& label, int64 revision); - ~RetrievedKeyData(); + KeyDefinition(); + KeyDefinition(const std::string& secret, + const std::string& label, + int privileges); + ~KeyDefinition(); + + bool operator==(const KeyDefinition& other) const; Type type; std::string label; // Privileges associated with key. Combination of |AuthKeyPrivileges| values. int privileges; - int64 revision; - std::vector<AuthorizationType> authorization_types; - ScopedVector<ProviderData> provider_data; + int revision; + std::string secret; + + std::vector<AuthorizationData> authorization_data; + std::vector<ProviderData> provider_data; +}; + +// Authorization attempt data for user. +struct CHROMEOS_EXPORT Authorization { + Authorization(const std::string& key, const std::string& label); + explicit Authorization(const KeyDefinition& key); + + bool operator==(const Authorization& other) const; + + std::string key; + std::string label; }; // Parameters for Mount call. diff --git a/chromeos/cryptohome/homedir_methods.cc b/chromeos/cryptohome/homedir_methods.cc index 73a741b..371108a 100644 --- a/chromeos/cryptohome/homedir_methods.cc +++ b/chromeos/cryptohome/homedir_methods.cc @@ -27,8 +27,10 @@ namespace { HomedirMethods* g_homedir_methods = NULL; void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) { - key->set_secret(key_def.key); + key->set_secret(key_def.secret); KeyData* data = key->mutable_data(); + DCHECK_EQ(KeyDefinition::TYPE_PASSWORD, key_def.type); + data->set_type(KeyData::KEY_TYPE_PASSWORD); data->set_label(key_def.label); if (key_def.revision > 0) @@ -44,20 +46,48 @@ void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) { PRIV_AUTHORIZED_UPDATE); } - if (key_def.encryption_key.empty() && key_def.signature_key.empty()) - return; + for (std::vector<KeyDefinition::AuthorizationData>::const_iterator auth_it = + key_def.authorization_data.begin(); + auth_it != key_def.authorization_data.end(); ++auth_it) { + KeyAuthorizationData* auth_data = data->add_authorization_data(); + switch (auth_it->type) { + case KeyDefinition::AuthorizationData::TYPE_HMACSHA256: + auth_data->set_type( + KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256); + break; + case KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256: + auth_data->set_type( + KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256); + break; + default: + NOTREACHED(); + break; + } - KeyAuthorizationData* auth_data = data->add_authorization_data(); - auth_data->set_type(KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256); - if (!key_def.encryption_key.empty()) { - KeyAuthorizationSecret* secret = auth_data->add_secrets(); - secret->mutable_usage()->set_encrypt(true); - secret->set_symmetric_key(key_def.encryption_key); + for (std::vector<KeyDefinition::AuthorizationData::Secret>::const_iterator + secret_it = auth_it->secrets.begin(); + secret_it != auth_it->secrets.end(); ++secret_it) { + KeyAuthorizationSecret* secret = auth_data->add_secrets(); + secret->mutable_usage()->set_encrypt(secret_it->encrypt); + secret->mutable_usage()->set_sign(secret_it->sign); + if (!secret_it->symmetric_key.empty()) + secret->set_symmetric_key(secret_it->symmetric_key); + if (!secret_it->public_key.empty()) + secret->set_public_key(secret_it->public_key); + secret->set_wrapped(secret_it->wrapped); + } } - if (!key_def.signature_key.empty()) { - KeyAuthorizationSecret* secret = auth_data->add_secrets(); - secret->mutable_usage()->set_sign(true); - secret->set_symmetric_key(key_def.signature_key); + + for (std::vector<KeyDefinition::ProviderData>::const_iterator it = + key_def.provider_data.begin(); it != key_def.provider_data.end(); + ++it) { + KeyProviderData::Entry* entry = + data->mutable_provider_data()->add_entry(); + entry->set_name(it->name); + if (it->number) + entry->set_number(*it->number); + if (it->bytes) + entry->set_bytes(*it->bytes); } } @@ -77,6 +107,35 @@ void FillAuthorizationProtobuf(const Authorization& auth, key->set_secret(auth.key); } +void ParseAuthorizationDataProtobuf( + const KeyAuthorizationData& authorization_data_proto, + KeyDefinition::AuthorizationData* authorization_data) { + switch (authorization_data_proto.type()) { + case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256: + authorization_data->type = + KeyDefinition::AuthorizationData::TYPE_HMACSHA256; + break; + case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256: + authorization_data->type = + KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256; + break; + default: + NOTREACHED(); + return; + } + + for (RepeatedPtrField<KeyAuthorizationSecret>::const_iterator it = + authorization_data_proto.secrets().begin(); + it != authorization_data_proto.secrets().end(); ++it) { + authorization_data->secrets.push_back( + KeyDefinition::AuthorizationData::Secret(it->usage().encrypt(), + it->usage().sign(), + it->symmetric_key(), + it->public_key(), + it->wrapped())); + } +} + MountError MapError(CryptohomeErrorCode code) { switch (code) { case CRYPTOHOME_ERROR_NOT_SET: @@ -257,69 +316,60 @@ class HomedirMethodsImpl : public HomedirMethods { bool result, const BaseReply& reply) { if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS) { - callback.Run(false, MOUNT_ERROR_FATAL, ScopedVector<RetrievedKeyData>()); + callback.Run(false, MOUNT_ERROR_FATAL, std::vector<KeyDefinition>()); return; } if (reply.has_error()) { if (reply.error() != CRYPTOHOME_ERROR_NOT_SET) { callback.Run(false, MapError(reply.error()), - ScopedVector<RetrievedKeyData>()); + std::vector<KeyDefinition>()); return; } } if (!reply.HasExtension(GetKeyDataReply::reply)) { - callback.Run(false, MOUNT_ERROR_FATAL, ScopedVector<RetrievedKeyData>()); + callback.Run(false, MOUNT_ERROR_FATAL, std::vector<KeyDefinition>()); return; } // Extract the contents of the |KeyData| protos returned. - const RepeatedPtrField<KeyData>& key_data_proto = + const RepeatedPtrField<KeyData>& key_data = reply.GetExtension(GetKeyDataReply::reply).key_data(); - ScopedVector<RetrievedKeyData> key_data_list; - for (RepeatedPtrField<KeyData>::const_iterator it = key_data_proto.begin(); - it != key_data_proto.end(); ++it) { + std::vector<KeyDefinition> key_definitions; + for (RepeatedPtrField<KeyData>::const_iterator it = key_data.begin(); + it != key_data.end(); ++it) { // Extract |type|, |label| and |revision|. DCHECK_EQ(KeyData::KEY_TYPE_PASSWORD, it->type()); - key_data_list.push_back(new RetrievedKeyData( - RetrievedKeyData::TYPE_PASSWORD, - it->label(), - it->revision())); - RetrievedKeyData* key_data = key_data_list.back(); + key_definitions.push_back(KeyDefinition(std::string() /* secret */, + it->label(), + 0 /* privileges */)); + KeyDefinition& key_definition = key_definitions.back(); + key_definition.revision = it->revision(); // Extract |privileges|. const KeyPrivileges& privileges = it->privileges(); if (privileges.mount()) - key_data->privileges |= PRIV_MOUNT; + key_definition.privileges |= PRIV_MOUNT; if (privileges.add()) - key_data->privileges |= PRIV_ADD; + key_definition.privileges |= PRIV_ADD; if (privileges.remove()) - key_data->privileges |= PRIV_REMOVE; + key_definition.privileges |= PRIV_REMOVE; if (privileges.update()) - key_data->privileges |= PRIV_MIGRATE; + key_definition.privileges |= PRIV_MIGRATE; if (privileges.authorized_update()) - key_data->privileges |= PRIV_AUTHORIZED_UPDATE; + key_definition.privileges |= PRIV_AUTHORIZED_UPDATE; // Extract |authorization_data|. for (RepeatedPtrField<KeyAuthorizationData>::const_iterator auth_it = it->authorization_data().begin(); auth_it != it->authorization_data().end(); ++auth_it) { - switch (auth_it->type()) { - case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256: - key_data->authorization_types.push_back( - RetrievedKeyData::AUTHORIZATION_TYPE_HMACSHA256); - break; - case KeyAuthorizationData:: - KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256: - key_data->authorization_types.push_back( - RetrievedKeyData::AUTHORIZATION_TYPE_AES256CBC_HMACSHA256); - break; - default: - NOTREACHED(); - break; - } + key_definition.authorization_data.push_back( + KeyDefinition::AuthorizationData()); + ParseAuthorizationDataProtobuf( + *auth_it, + &key_definition.authorization_data.back()); } // Extract |provider_data|. @@ -328,22 +378,22 @@ class HomedirMethodsImpl : public HomedirMethods { provider_data_it != it->provider_data().entry().end(); ++provider_data_it) { // Extract |name|. - key_data->provider_data.push_back( - new RetrievedKeyData::ProviderData(provider_data_it->name())); - RetrievedKeyData::ProviderData* provider_data = - key_data->provider_data.back(); + key_definition.provider_data.push_back( + KeyDefinition::ProviderData(provider_data_it->name())); + KeyDefinition::ProviderData& provider_data = + key_definition.provider_data.back(); int data_items = 0; // Extract |number|. if (provider_data_it->has_number()) { - provider_data->number.reset(new int64(provider_data_it->number())); + provider_data.number.reset(new int64(provider_data_it->number())); ++data_items; } // Extract |bytes|. if (provider_data_it->has_bytes()) { - provider_data->bytes.reset( + provider_data.bytes.reset( new std::string(provider_data_it->bytes())); ++data_items; } @@ -352,7 +402,7 @@ class HomedirMethodsImpl : public HomedirMethods { } } - callback.Run(true, MOUNT_ERROR_NONE, key_data_list.Pass()); + callback.Run(true, MOUNT_ERROR_NONE, key_definitions); } void OnMountExCallback(const MountCallback& callback, diff --git a/chromeos/cryptohome/homedir_methods.h b/chromeos/cryptohome/homedir_methods.h index e55e30b..cabfded 100644 --- a/chromeos/cryptohome/homedir_methods.h +++ b/chromeos/cryptohome/homedir_methods.h @@ -6,10 +6,10 @@ #define CHROMEOS_CRYPTOHOME_HOMEDIR_METHODS_H_ #include <string> +#include <vector> #include "base/basictypes.h" #include "base/callback_forward.h" -#include "base/memory/scoped_vector.h" #include "chromeos/chromeos_export.h" #include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/dbus/cryptohome_client.h" @@ -27,7 +27,7 @@ class CHROMEOS_EXPORT HomedirMethods { typedef base::Callback<void( bool success, MountError return_code, - ScopedVector<RetrievedKeyData> key_data)> GetKeyDataCallback; + const std::vector<KeyDefinition>& key_definitions)> GetKeyDataCallback; typedef base::Callback< void(bool success, MountError return_code, const std::string& mount_hash)> MountCallback; diff --git a/chromeos/cryptohome/homedir_methods_unittest.cc b/chromeos/cryptohome/homedir_methods_unittest.cc index 96a86f4..f22fa62 100644 --- a/chromeos/cryptohome/homedir_methods_unittest.cc +++ b/chromeos/cryptohome/homedir_methods_unittest.cc @@ -55,9 +55,10 @@ class HomedirMethodsTest : public testing::Test { void RunProtobufMethodCallback( const chromeos::CryptohomeClient::ProtobufMethodCallback& callback); - void StoreGetKeyDataExResult(bool success, - MountError return_code, - ScopedVector<RetrievedKeyData> key_data); + void StoreGetKeyDataExResult( + bool success, + MountError return_code, + const std::vector<KeyDefinition>& key_definitions); protected: chromeos::MockCryptohomeClient* cryptohome_client_; @@ -68,7 +69,7 @@ class HomedirMethodsTest : public testing::Test { // The results of the most recent |HomedirMethods| method call. bool success_; MountError return_code_; - ScopedVector<RetrievedKeyData> key_data_; + std::vector<KeyDefinition> key_definitions_; private: DISALLOW_COPY_AND_ASSIGN(HomedirMethodsTest); @@ -106,10 +107,10 @@ void HomedirMethodsTest::RunProtobufMethodCallback( void HomedirMethodsTest::StoreGetKeyDataExResult( bool success, MountError return_code, - ScopedVector<RetrievedKeyData> key_data) { + const std::vector<KeyDefinition>& key_definitions) { success_ = success; return_code_ = return_code; - key_data_.swap(key_data); + key_definitions_ = key_definitions; } // Verifies that the result of a GetKeyDataEx() call is correctly parsed. @@ -158,23 +159,23 @@ TEST_F(HomedirMethodsTest, GetKeyDataEx) { // Verify that the call was successful and the result was correctly parsed. EXPECT_TRUE(success_); EXPECT_EQ(MOUNT_ERROR_NONE, return_code_); - ASSERT_EQ(1u, key_data_.size()); - const RetrievedKeyData* retrieved_key_data = key_data_.front(); - EXPECT_EQ(RetrievedKeyData::TYPE_PASSWORD, retrieved_key_data->type); + ASSERT_EQ(1u, key_definitions_.size()); + const KeyDefinition& key_definition = key_definitions_.front(); + EXPECT_EQ(KeyDefinition::TYPE_PASSWORD, key_definition.type); EXPECT_EQ(PRIV_MOUNT | PRIV_ADD | PRIV_REMOVE, - retrieved_key_data->privileges); - EXPECT_EQ(kKeyRevision, retrieved_key_data->revision); - ASSERT_EQ(1u, retrieved_key_data->authorization_types.size()); - EXPECT_EQ(RetrievedKeyData::AUTHORIZATION_TYPE_HMACSHA256, - retrieved_key_data->authorization_types.front()); - ASSERT_EQ(2u, retrieved_key_data->provider_data.size()); - const RetrievedKeyData::ProviderData* provider_data = - retrieved_key_data->provider_data[0]; + key_definition.privileges); + EXPECT_EQ(kKeyRevision, key_definition.revision); + ASSERT_EQ(1u, key_definition.authorization_data.size()); + EXPECT_EQ(KeyDefinition::AuthorizationData::TYPE_HMACSHA256, + key_definition.authorization_data.front().type); + ASSERT_EQ(2u, key_definition.provider_data.size()); + const KeyDefinition::ProviderData* provider_data = + &key_definition.provider_data[0]; EXPECT_EQ(kProviderData1Name, provider_data->name); ASSERT_TRUE(provider_data->number); EXPECT_EQ(kProviderData1Number, *provider_data->number.get()); EXPECT_FALSE(provider_data->bytes); - provider_data = retrieved_key_data->provider_data[1]; + provider_data = &key_definition.provider_data[1]; EXPECT_EQ(kProviderData2Name, provider_data->name); EXPECT_FALSE(provider_data->number); ASSERT_TRUE(provider_data->bytes); diff --git a/chromeos/cryptohome/mock_homedir_methods.cc b/chromeos/cryptohome/mock_homedir_methods.cc index db6edb5..dfc506f 100644 --- a/chromeos/cryptohome/mock_homedir_methods.cc +++ b/chromeos/cryptohome/mock_homedir_methods.cc @@ -4,7 +4,8 @@ #include "chromeos/cryptohome/mock_homedir_methods.h" -#include "base/memory/scoped_vector.h" +#include <vector> + #include "chromeos/cryptohome/cryptohome_parameters.h" #include "chromeos/cryptohome/mock_async_method_caller.h" @@ -41,7 +42,7 @@ void MockHomedirMethods::DoCallback(const Callback& callback) { } void MockHomedirMethods::DoGetDataCallback(const GetKeyDataCallback& callback) { - callback.Run(success_, return_code_, ScopedVector<RetrievedKeyData>()); + callback.Run(success_, return_code_, std::vector<KeyDefinition>()); } void MockHomedirMethods::DoMountCallback(const MountCallback& callback) { diff --git a/chromeos/login/auth/cryptohome_authenticator.cc b/chromeos/login/auth/cryptohome_authenticator.cc index d00cf29..0c3c162 100644 --- a/chromeos/login/auth/cryptohome_authenticator.cc +++ b/chromeos/login/auth/cryptohome_authenticator.cc @@ -4,6 +4,8 @@ #include "chromeos/login/auth/cryptohome_authenticator.h" +#include <vector> + #include "base/basictypes.h" #include "base/bind.h" #include "base/files/file_path.h" @@ -175,32 +177,33 @@ void OnGetSystemSalt(AuthAttemptState* attempt, // |attempt->user_context| can be transformed with Chrome's default hashing // algorithm and the system salt. // The resulting key is then passed to cryptohome's MountEx(). -void OnGetKeyDataEx(AuthAttemptState* attempt, - scoped_refptr<CryptohomeAuthenticator> resolver, - bool ephemeral, - bool create_if_nonexistent, - bool success, - cryptohome::MountError return_code, - ScopedVector<cryptohome::RetrievedKeyData> key_data) { +void OnGetKeyDataEx( + AuthAttemptState* attempt, + scoped_refptr<CryptohomeAuthenticator> resolver, + bool ephemeral, + bool create_if_nonexistent, + bool success, + cryptohome::MountError return_code, + const std::vector<cryptohome::KeyDefinition>& key_definitions) { if (success) { - if (key_data.size() == 1) { - cryptohome::RetrievedKeyData* key_data_entry = key_data.front(); - DCHECK_EQ(kCryptohomeGAIAKeyLabel, key_data_entry->label); + if (key_definitions.size() == 1) { + const cryptohome::KeyDefinition& key_definition = key_definitions.front(); + DCHECK_EQ(kCryptohomeGAIAKeyLabel, key_definition.label); - // Extract the key type and salt from |key_data|, if present. + // Extract the key type and salt from |key_definition|, if present. scoped_ptr<int64> type; scoped_ptr<std::string> salt; - for (ScopedVector<cryptohome::RetrievedKeyData::ProviderData>:: - const_iterator it = key_data_entry->provider_data.begin(); - it != key_data_entry->provider_data.end(); ++it) { - if ((*it)->name == kKeyProviderDataTypeName) { - if ((*it)->number) - type.reset(new int64(*(*it)->number)); + for (std::vector<cryptohome::KeyDefinition::ProviderData>:: + const_iterator it = key_definition.provider_data.begin(); + it != key_definition.provider_data.end(); ++it) { + if (it->name == kKeyProviderDataTypeName) { + if (it->number) + type.reset(new int64(*it->number)); else NOTREACHED(); - } else if ((*it)->name == kKeyProviderDataSaltName) { - if ((*it)->bytes) - salt.reset(new std::string(*(*it)->bytes)); + } else if (it->name == kKeyProviderDataSaltName) { + if (it->bytes) + salt.reset(new std::string(*it->bytes)); else NOTREACHED(); } @@ -226,7 +229,7 @@ void OnGetKeyDataEx(AuthAttemptState* attempt, return; } } else { - LOG(ERROR) << "GetKeyDataEx() returned " << key_data.size() + LOG(ERROR) << "GetKeyDataEx() returned " << key_definitions.size() << " entries."; } } diff --git a/chromeos/login/auth/extended_authenticator.cc b/chromeos/login/auth/extended_authenticator.cc index 7a99d72..0b81439 100644 --- a/chromeos/login/auth/extended_authenticator.cc +++ b/chromeos/login/auth/extended_authenticator.cc @@ -89,7 +89,7 @@ void ExtendedAuthenticator::CreateMount( mount.create_keys.push_back(keys[i]); } UserContext context(user_id); - Key key(keys.front().key); + Key key(keys.front().secret); key.SetLabel(keys.front().label); context.SetKey(key); |