1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
|
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/prefs/pref_hash_calculator.h"
#include <vector>
#include "base/bind.h"
#include "base/json/json_string_value_serializer.h"
#include "base/logging.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/threading/thread_restrictions.h"
#include "base/values.h"
#include "chrome/browser/prefs/tracked/pref_hash_calculator_helper.h"
#include "crypto/hmac.h"
namespace {
// Calculates an HMAC of |message| using |key|, encoded as a hexadecimal string.
std::string GetDigestString(const std::string& key,
const std::string& message) {
crypto::HMAC hmac(crypto::HMAC::SHA256);
std::vector<uint8> digest(hmac.DigestLength());
if (!hmac.Init(key) || !hmac.Sign(message, &digest[0], digest.size())) {
NOTREACHED();
return std::string();
}
return base::HexEncode(&digest[0], digest.size());
}
// Verifies that |digest_string| is a valid HMAC of |message| using |key|.
// |digest_string| must be encoded as a hexadecimal string.
bool VerifyDigestString(const std::string& key,
const std::string& message,
const std::string& digest_string) {
crypto::HMAC hmac(crypto::HMAC::SHA256);
std::vector<uint8> digest;
return base::HexStringToBytes(digest_string, &digest) &&
hmac.Init(key) &&
hmac.Verify(message,
base::StringPiece(reinterpret_cast<char*>(&digest[0]),
digest.size()));
}
// Renders |value| as a string. |value| may be NULL, in which case the result
// is an empty string. This method can be expensive and its result should be
// re-used rather than recomputed where possible.
std::string ValueAsString(const base::Value* value) {
// Dictionary values may contain empty lists and sub-dictionaries. Make a
// deep copy with those removed to make the hash more stable.
const base::DictionaryValue* dict_value;
scoped_ptr<base::DictionaryValue> canonical_dict_value;
if (value && value->GetAsDictionary(&dict_value)) {
canonical_dict_value.reset(dict_value->DeepCopyWithoutEmptyChildren());
value = canonical_dict_value.get();
}
std::string value_as_string;
if (value) {
JSONStringValueSerializer serializer(&value_as_string);
serializer.Serialize(*value);
}
return value_as_string;
}
// Concatenates |device_id|, |path|, and |value_as_string| to give the hash
// input.
std::string GetMessage(const std::string& device_id,
const std::string& path,
const std::string& value_as_string) {
std::string message;
message.reserve(device_id.size() + path.size() + value_as_string.size());
message.append(device_id);
message.append(path);
message.append(value_as_string);
return message;
}
// Generates a device ID based on the input device ID. The derived device ID has
// no useful properties beyond those of the input device ID except that it is
// consistent with previous implementations.
std::string GenerateDeviceIdLikePrefMetricsServiceDid(
const std::string& original_device_id) {
if (original_device_id.empty())
return std::string();
return StringToLowerASCII(
GetDigestString(original_device_id, "PrefMetricsService"));
}
} // namespace
PrefHashCalculator::PrefHashCalculator(const std::string& seed,
const std::string& device_id)
: seed_(seed),
device_id_(GenerateDeviceIdLikePrefMetricsServiceDid(device_id)),
raw_device_id_(device_id),
get_legacy_device_id_callback_(base::Bind(&GetLegacyDeviceId)) {}
PrefHashCalculator::PrefHashCalculator(
const std::string& seed,
const std::string& device_id,
const GetLegacyDeviceIdCallback& get_legacy_device_id_callback)
: seed_(seed),
device_id_(GenerateDeviceIdLikePrefMetricsServiceDid(device_id)),
raw_device_id_(device_id),
get_legacy_device_id_callback_(get_legacy_device_id_callback) {}
PrefHashCalculator::~PrefHashCalculator() {}
std::string PrefHashCalculator::Calculate(const std::string& path,
const base::Value* value) const {
return GetDigestString(seed_,
GetMessage(device_id_, path, ValueAsString(value)));
}
PrefHashCalculator::ValidationResult PrefHashCalculator::Validate(
const std::string& path,
const base::Value* value,
const std::string& digest_string) const {
const std::string value_as_string(ValueAsString(value));
if (VerifyDigestString(seed_, GetMessage(device_id_, path, value_as_string),
digest_string)) {
return VALID;
}
if (VerifyDigestString(seed_,
GetMessage(RetrieveLegacyDeviceId(), path,
value_as_string),
digest_string)) {
return VALID_SECURE_LEGACY;
}
if (VerifyDigestString(seed_, value_as_string, digest_string))
return VALID_WEAK_LEGACY;
return INVALID;
}
std::string PrefHashCalculator::RetrieveLegacyDeviceId() const {
if (!legacy_device_id_instance_) {
// Allow IO on this thread to retrieve the legacy device ID. The result of
// this operation is stored in |legacy_device_id_instance_| and will thus
// only happen at most once per PrefHashCalculator. This is not ideal, but
// this value is required synchronously to be able to continue loading prefs
// for this profile. This profile should then be migrated to a modern device
// ID and subsequent loads of this profile shouldn't need to run this code
// ever again.
// TODO(gab): Remove this when the legacy device ID (M33) becomes
// irrelevant.
base::ThreadRestrictions::ScopedAllowIO allow_io;
legacy_device_id_instance_.reset(
new std::string(GenerateDeviceIdLikePrefMetricsServiceDid(
get_legacy_device_id_callback_.Run(raw_device_id_))));
}
return *legacy_device_id_instance_;
}
|
