diff options
Diffstat (limited to 'chromeos/cryptohome')
| -rw-r--r-- | chromeos/cryptohome/cryptohome_library.cc | 119 | ||||
| -rw-r--r-- | chromeos/cryptohome/cryptohome_library.h | 15 | ||||
| -rw-r--r-- | chromeos/cryptohome/mock_cryptohome_library.cc | 14 | ||||
| -rw-r--r-- | chromeos/cryptohome/mock_cryptohome_library.h | 35 |
4 files changed, 11 insertions, 172 deletions
diff --git a/chromeos/cryptohome/cryptohome_library.cc b/chromeos/cryptohome/cryptohome_library.cc index 721f932..29745ca 100644 --- a/chromeos/cryptohome/cryptohome_library.cc +++ b/chromeos/cryptohome/cryptohome_library.cc @@ -14,17 +14,12 @@ #include "chromeos/dbus/cryptohome_client.h" #include "chromeos/dbus/dbus_method_call_status.h" #include "chromeos/dbus/dbus_thread_manager.h" -#include "crypto/encryptor.h" -#include "crypto/nss_util.h" -#include "crypto/sha2.h" -#include "crypto/symmetric_key.h" namespace chromeos { namespace { const char kStubSystemSalt[] = "stub_system_salt"; -const size_t kNonceSize = 16; } // namespace @@ -42,33 +37,8 @@ class CryptohomeLibraryImpl : public CryptohomeLibrary { return system_salt_; } - virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE { - // Don't care about token encryption while debugging. - if (!base::SysInfo::IsRunningOnChromeOS()) - return token; - - if (!LoadSystemSaltKey()) { - LOG(WARNING) << "System salt key is not available for encrypt."; - return std::string(); - } - return EncryptTokenWithKey(system_salt_key_.get(), - system_salt_, - token); - } - - virtual std::string DecryptWithSystemSalt( - const std::string& encrypted_token_hex) OVERRIDE { - // Don't care about token encryption while debugging. - if (!base::SysInfo::IsRunningOnChromeOS()) - return encrypted_token_hex; - - if (!LoadSystemSaltKey()) { - LOG(WARNING) << "System salt key is not available for decrypt."; - return std::string(); - } - return DecryptTokenWithKey(system_salt_key_.get(), - system_salt_, - encrypted_token_hex); + virtual std::string GetCachedSystemSalt() OVERRIDE { + return system_salt_; } private: @@ -85,104 +55,25 @@ class CryptohomeLibraryImpl : public CryptohomeLibrary { reinterpret_cast<const void*>(salt.data()), salt.size())); } - // TODO: should this use the system salt for both the password and the salt - // value, or should this use a separate salt value? - bool LoadSystemSaltKey() { - if (system_salt_.empty()) - return false; - if (!system_salt_key_.get()) - system_salt_key_.reset(PassphraseToKey(system_salt_, system_salt_)); - return system_salt_key_.get(); - } - - crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, - const std::string& salt) { - return crypto::SymmetricKey::DeriveKeyFromPassword( - crypto::SymmetricKey::AES, passphrase, salt, 1000, 256); - } - - - // Encrypts (AES) the token given |key| and |salt|. - std::string EncryptTokenWithKey(crypto::SymmetricKey* key, - const std::string& salt, - const std::string& token) { - crypto::Encryptor encryptor; - if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) { - LOG(WARNING) << "Failed to initialize Encryptor."; - return std::string(); - } - std::string nonce = salt.substr(0, kNonceSize); - std::string encoded_token; - CHECK(encryptor.SetCounter(nonce)); - if (!encryptor.Encrypt(token, &encoded_token)) { - LOG(WARNING) << "Failed to encrypt token."; - return std::string(); - } - - return StringToLowerASCII(base::HexEncode( - reinterpret_cast<const void*>(encoded_token.data()), - encoded_token.size())); - } - - // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. - std::string DecryptTokenWithKey(crypto::SymmetricKey* key, - const std::string& salt, - const std::string& encrypted_token_hex) { - std::vector<uint8> encrypted_token_bytes; - if (!base::HexStringToBytes(encrypted_token_hex, &encrypted_token_bytes)) { - LOG(WARNING) << "Corrupt encrypted token found."; - return std::string(); - } - - std::string encrypted_token( - reinterpret_cast<char*>(encrypted_token_bytes.data()), - encrypted_token_bytes.size()); - crypto::Encryptor encryptor; - if (!encryptor.Init(key, crypto::Encryptor::CTR, std::string())) { - LOG(WARNING) << "Failed to initialize Encryptor."; - return std::string(); - } - - std::string nonce = salt.substr(0, kNonceSize); - std::string token; - CHECK(encryptor.SetCounter(nonce)); - if (!encryptor.Decrypt(encrypted_token, &token)) { - LOG(WARNING) << "Failed to decrypt token."; - return std::string(); - } - return token; - } - std::string system_salt_; - // A key based on the system salt. Useful for encrypting device-level - // data for which we have no additional credentials. - scoped_ptr<crypto::SymmetricKey> system_salt_key_; DISALLOW_COPY_AND_ASSIGN(CryptohomeLibraryImpl); }; class CryptohomeLibraryStubImpl : public CryptohomeLibrary { public: - CryptohomeLibraryStubImpl() - : locked_(false) {} + CryptohomeLibraryStubImpl() {} virtual ~CryptohomeLibraryStubImpl() {} virtual std::string GetSystemSalt() OVERRIDE { return kStubSystemSalt; } - virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE { - return token; - } - - virtual std::string DecryptWithSystemSalt( - const std::string& encrypted_token_hex) OVERRIDE { - return encrypted_token_hex; + virtual std::string GetCachedSystemSalt() OVERRIDE { + return kStubSystemSalt; } private: - std::map<std::string, std::string> install_attrs_; - bool locked_; DISALLOW_COPY_AND_ASSIGN(CryptohomeLibraryStubImpl); }; diff --git a/chromeos/cryptohome/cryptohome_library.h b/chromeos/cryptohome/cryptohome_library.h index 2de89b4..b427ae2 100644 --- a/chromeos/cryptohome/cryptohome_library.h +++ b/chromeos/cryptohome/cryptohome_library.h @@ -36,17 +36,14 @@ class CHROMEOS_EXPORT CryptohomeLibrary { // Returns system hash in hex encoded ascii format. Note: this may return // an empty string (e.g. if cryptohome is not running). It is up to the // calling function to try again after a delay if desired. + // + // TODO(hashimoto): Make it asynchronous. crbug.com/141009. virtual std::string GetSystemSalt() = 0; - // Encrypts |token| with the system salt key (stable for the lifetime - // of the device). Useful to avoid storing plain text in place like - // Local State. - virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; - - // Decrypts |token| with the system salt key (stable for the lifetime - // of the device). - virtual std::string DecryptWithSystemSalt( - const std::string& encrypted_token_hex) = 0; + // Returns system hash in hex encoded ascii format, cached by a prior call + // to GetSystemSalt(). Note: this may return an empty string (e.g. if + // GetSystemSalt() is not yet called). + virtual std::string GetCachedSystemSalt() = 0; protected: CryptohomeLibrary(); diff --git a/chromeos/cryptohome/mock_cryptohome_library.cc b/chromeos/cryptohome/mock_cryptohome_library.cc deleted file mode 100644 index 1916f9e..0000000 --- a/chromeos/cryptohome/mock_cryptohome_library.cc +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "chromeos/cryptohome/mock_cryptohome_library.h" - -namespace chromeos { - -MockCryptohomeLibrary::MockCryptohomeLibrary() { -} - -MockCryptohomeLibrary::~MockCryptohomeLibrary() {} - -} // namespace chromeos diff --git a/chromeos/cryptohome/mock_cryptohome_library.h b/chromeos/cryptohome/mock_cryptohome_library.h deleted file mode 100644 index 5a08ac0..0000000 --- a/chromeos/cryptohome/mock_cryptohome_library.h +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CHROMEOS_CRYPTOHOME_MOCK_CRYPTOHOME_LIBRARY_H_ -#define CHROMEOS_CRYPTOHOME_MOCK_CRYPTOHOME_LIBRARY_H_ - -#include <string> - -#include "base/basictypes.h" -#include "chromeos/cryptohome/cryptohome_library.h" -#include "testing/gmock/include/gmock/gmock.h" - -using ::testing::Invoke; -using ::testing::WithArgs; -using ::testing::_; - -namespace chromeos { - -class MockCryptohomeLibrary : public CryptohomeLibrary { - public: - MockCryptohomeLibrary(); - virtual ~MockCryptohomeLibrary(); - MOCK_METHOD0(GetSystemSalt, std::string(void)); - - MOCK_METHOD1(EncryptWithSystemSalt, std::string(const std::string&)); - MOCK_METHOD1(DecryptWithSystemSalt, std::string(const std::string&)); - - private: - DISALLOW_COPY_AND_ASSIGN(MockCryptohomeLibrary); -}; - -} // namespace chromeos - -#endif // CHROMEOS_CRYPTOHOME_MOCK_CRYPTOHOME_LIBRARY_H_ |