Skip to content

GitLab

T
tangled
Commit e7e066d0 authored by bartfab's avatar bartfab Committed by Commit bot
Browse files
Options

Merge cryptohome::RetrievedKeyData with cryptohome::KeyDefinition 

cryptohome::RetrievedKeyData and cryptohome::KeyDefinition both represent
subsets of the Key protobuf. This CL merges the two classes and makes the
resulting cryptohome::KeyDefinition contain all of Key's fields.

TBR=pamg (manager_password_service.cc)

BUG=367847
TEST=Updated unit tests

Review URL: https://codereview.chromium.org/526353002

Cr-Commit-Position: refs/heads/master@{#294823}
parent 908d5240
Hide whitespace changes
Inline Side-by-side
Showing with 376 additions and 192 deletions
chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc
View file @ e7e066d0
......@@ -5,13 +5,13 @@
#include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h"
#include <string>
#include <vector>
#include "base/basictypes.h"
#include "base/command_line.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/scoped_vector.h"
#include "base/message_loop/message_loop.h"
#include "base/run_loop.h"
#include "base/strings/string_util.h"
......@@ -258,25 +258,22 @@ class CryptohomeAuthenticatorTest : public testing::Test {
void ExpectGetKeyDataExCall(scoped_ptr<int64> key_type,
scoped_ptr<std::string> salt) {
key_data_.clear();
key_data_.push_back(new cryptohome::RetrievedKeyData(
cryptohome::RetrievedKeyData::TYPE_PASSWORD,
kCryptohomeGAIAKeyLabel,
1));
key_data_.front()->privileges = cryptohome::PRIV_DEFAULT;
key_data_.front()->authorization_types.push_back(
cryptohome::RetrievedKeyData::AUTHORIZATION_TYPE_HMACSHA256);
key_definitions_.clear();
key_definitions_.push_back(cryptohome::KeyDefinition(
std::string() /* secret */,
kCryptohomeGAIAKeyLabel,
cryptohome::PRIV_DEFAULT));
cryptohome::KeyDefinition& key_definition = key_definitions_.back();
key_definition.revision = 1;
if (key_type) {
scoped_ptr<cryptohome::RetrievedKeyData::ProviderData> provider_data(
new cryptohome::RetrievedKeyData::ProviderData("type"));
provider_data->number = key_type.Pass();
key_data_.front()->provider_data.push_back(provider_data.release());
key_definition.provider_data.push_back(
cryptohome::KeyDefinition::ProviderData("type"));
key_definition.provider_data.back().number = key_type.Pass();
}
if (salt) {
scoped_ptr<cryptohome::RetrievedKeyData::ProviderData> provider_data(
new cryptohome::RetrievedKeyData::ProviderData("salt"));
provider_data->bytes = salt.Pass();
key_data_.front()->provider_data.push_back(provider_data.release());
key_definition.provider_data.push_back(
cryptohome::KeyDefinition::ProviderData("salt"));
key_definition.provider_data.back().bytes = salt.Pass();
}
EXPECT_CALL(*mock_homedir_methods_, GetKeyDataEx(
cryptohome::Identification(user_context_.GetUserID()),
......@@ -333,7 +330,7 @@ class CryptohomeAuthenticatorTest : public testing::Test {
UserContext user_context_with_transformed_key_;
Key transformed_key_;
ScopedVector<cryptohome::RetrievedKeyData> key_data_;
std::vector<cryptohome::KeyDefinition> key_definitions_;
ScopedDeviceSettingsTestHelper device_settings_test_helper_;
ScopedTestCrosSettings test_cros_settings_;
......@@ -359,7 +356,7 @@ class CryptohomeAuthenticatorTest : public testing::Test {
const cryptohome::HomedirMethods::GetKeyDataCallback& callback) {
callback.Run(true /* success */,
cryptohome::MOUNT_ERROR_NONE,
key_data_.Pass());
key_definitions_);
}
};
......
chrome/browser/chromeos/login/supervised/supervised_user_creation_controller_new.cc
View file @ e7e066d0
......@@ -270,10 +270,18 @@ void SupervisedUserCreationControllerNew::OnMountSuccess(
creation_context_->salted_password,
kCryptohomeSupervisedUserKeyLabel,
kCryptohomeSupervisedUserKeyPrivileges);
base::Base64Decode(creation_context_->encryption_key,
&password_key.encryption_key);
base::Base64Decode(creation_context_->signature_key,
&password_key.signature_key);
std::string encryption_key;
base::Base64Decode(creation_context_->encryption_key, &encryption_key);
password_key.authorization_data.push_back(
cryptohome::KeyDefinition::AuthorizationData(true /* encrypt */,
false /* sign */,
encryption_key));
std::string signature_key;
base::Base64Decode(creation_context_->signature_key, &signature_key);
password_key.authorization_data.push_back(
cryptohome::KeyDefinition::AuthorizationData(false /* encrypt */,
true /* sign */,
signature_key));
Key key(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234,
std::string(), // The salt is stored elsewhere.
......
chrome/browser/supervised_user/chromeos/manager_password_service.cc
View file @ e7e066d0
......@@ -164,9 +164,14 @@ void ManagerPasswordService::GetSupervisedUsersCallback(
kCryptohomeSupervisedUserKeyLabel,
cryptohome::PRIV_AUTHORIZED_UPDATE || cryptohome::PRIV_MOUNT);
new_key_definition.revision = revision;
new_key_definition.encryption_key = encryption_key;
new_key_definition.signature_key = signature_key;
new_key_definition.authorization_data.push_back(
cryptohome::KeyDefinition::AuthorizationData(true /* encrypt */,
false /* sign */,
encryption_key));
new_key_definition.authorization_data.push_back(
cryptohome::KeyDefinition::AuthorizationData(false /* encrypt */,
true /* sign */,
signature_key));
authenticator_->AddKey(manager_key,
new_key_definition,
......
chromeos/cryptohome/cryptohome_parameters.cc
View file @ e7e066d0
......@@ -15,25 +15,135 @@ bool Identification::operator==(const Identification& other) const {
return user_id == other.user_id;
}
KeyDefinition::KeyDefinition(const std::string& key,
KeyDefinition::AuthorizationData::Secret::Secret() : encrypt(false),
sign(false),
wrapped(false) {
}
KeyDefinition::AuthorizationData::Secret::Secret(
bool encrypt,
bool sign,
const std::string& symmetric_key,
const std::string& public_key,
bool wrapped)
: encrypt(encrypt),
sign(sign),
symmetric_key(symmetric_key),
public_key(public_key),
wrapped(wrapped) {
}
bool KeyDefinition::AuthorizationData::Secret::operator==(
const Secret& other) const {
return encrypt == other.encrypt &&
sign == other.sign &&
symmetric_key == other.symmetric_key &&
public_key == other.public_key &&
wrapped == other.wrapped;
}
KeyDefinition::AuthorizationData::AuthorizationData() : type(TYPE_HMACSHA256) {
}
KeyDefinition::AuthorizationData::AuthorizationData(
bool encrypt,
bool sign,
const std::string& symmetric_key) : type(TYPE_HMACSHA256) {
secrets.push_back(Secret(encrypt,
sign,
symmetric_key,
std::string() /* public_key */,
false /* wrapped */));
}
KeyDefinition::AuthorizationData::~AuthorizationData() {
}
bool KeyDefinition::AuthorizationData::operator==(
const AuthorizationData& other) const {
if (type != other.type || secrets.size() != other.secrets.size())
return false;
for (size_t i = 0; i < secrets.size(); ++i) {
if (!(secrets[i] == other.secrets[i]))
return false;
}
return true;
}
KeyDefinition::ProviderData::ProviderData() {
}
KeyDefinition::ProviderData::ProviderData(const std::string& name)
: name(name) {
}
KeyDefinition::ProviderData::ProviderData(const ProviderData& other)
: name(other.name) {
if (other.number)
number.reset(new int64(*other.number));
if (other.bytes)
bytes.reset(new std::string(*other.bytes));
}
void KeyDefinition::ProviderData::operator=(const ProviderData& other) {
name = other.name;
number.reset(other.number ? new int64(*other.number) : NULL);
bytes.reset(other.bytes ? new std::string(*other.bytes) : NULL);
}
KeyDefinition::ProviderData::~ProviderData() {
}
bool KeyDefinition::ProviderData::operator==(const ProviderData& other) const {
const bool has_number = number;
const bool other_has_number = other.number;
const bool has_bytes = bytes;
const bool other_has_bytes = other.bytes;
return name == other.name &&
has_number == other_has_number &&
has_bytes == other_has_bytes &&
(!has_number || (*number == *other.number)) &&
(!has_bytes || (*bytes == *other.bytes));
}
KeyDefinition::KeyDefinition() : type(TYPE_PASSWORD),
privileges(0),
revision(0) {
}
KeyDefinition::KeyDefinition(const std::string& secret,
const std::string& label,
int /*AuthKeyPrivileges*/ privileges)
: label(label),
revision(1),
key(key),
privileges(privileges) {
: type(TYPE_PASSWORD),
label(label),
privileges(privileges),
revision(0),
secret(secret) {
}
KeyDefinition::~KeyDefinition() {
}
bool KeyDefinition::operator==(const KeyDefinition& other) const {
return label == other.label &&
revision == other.revision &&
key == other.key &&
encryption_key == other.encryption_key &&
signature_key == other.signature_key &&
privileges == other.privileges;
if (type != other.type ||
label != other.label ||
privileges != other.privileges ||
revision != other.revision ||
authorization_data.size() != other.authorization_data.size() ||
provider_data.size() != other.provider_data.size()) {
return false;
}
for (size_t i = 0; i < authorization_data.size(); ++i) {
if (!(authorization_data[i] == other.authorization_data[i]))
return false;
}
for (size_t i = 0; i < provider_data.size(); ++i) {
if (!(provider_data[i] == other.provider_data[i]))
return false;
}
return true;
}
Authorization::Authorization(const std::string& key, const std::string& label)
......@@ -42,7 +152,7 @@ Authorization::Authorization(const std::string& key, const std::string& label)
}
Authorization::Authorization(const KeyDefinition& key_def)
: key(key_def.key),
: key(key_def.secret),
label(key_def.label) {
}
......@@ -50,24 +160,6 @@ bool Authorization::operator==(const Authorization& other) const {
return key == other.key && label == other.label;
}
RetrievedKeyData::ProviderData::ProviderData(const std::string& name)
: name(name) {
}
RetrievedKeyData::ProviderData::~ProviderData() {
}
RetrievedKeyData::RetrievedKeyData(Type type,
const std::string& label,
int64 revision) : type(type),
label(label),
privileges(0),
revision(revision) {
}
RetrievedKeyData::~RetrievedKeyData() {
}
MountParameters::MountParameters(bool ephemeral) : ephemeral(ephemeral) {
}
......
chromeos/cryptohome/cryptohome_parameters.h
View file @ e7e066d0
......@@ -10,7 +10,6 @@
#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/scoped_vector.h"
#include "chromeos/chromeos_export.h"
namespace cryptohome {
......@@ -34,68 +33,96 @@ struct CHROMEOS_EXPORT Identification {
};
// Definition of the key (e.g. password) for the cryptohome.
// It contains authorization data along with extra parameters like perimissions
// It contains authorization data along with extra parameters like permissions
// associated with this key.
struct CHROMEOS_EXPORT KeyDefinition {
KeyDefinition(const std::string& key,
const std::string& label,
int /*AuthKeyPrivileges*/ privileges);
~KeyDefinition();
bool operator==(const KeyDefinition& other) const;
std::string label;
int revision;
std::string key;
std::string encryption_key;
std::string signature_key;
// Privileges associated with key. Combination of |AuthKeyPrivileges| values.
int privileges;
};
// Authorization attempt data for user.
struct CHROMEOS_EXPORT Authorization {
Authorization(const std::string& key, const std::string& label);
explicit Authorization(const KeyDefinition& key);
bool operator==(const Authorization& other) const;
std::string key;
std::string label;
};
// Information about keys returned by GetKeyDataEx().
struct CHROMEOS_EXPORT RetrievedKeyData {
enum Type {
TYPE_PASSWORD = 0
};
enum AuthorizationType {
AUTHORIZATION_TYPE_HMACSHA256 = 0,
AUTHORIZATION_TYPE_AES256CBC_HMACSHA256
struct AuthorizationData {
enum Type {
TYPE_HMACSHA256 = 0,
TYPE_AES256CBC_HMACSHA256
};
struct Secret {
Secret();
Secret(bool encrypt,
bool sign,
const std::string& symmetric_key,
const std::string& public_key,
bool wrapped);
bool operator==(const Secret& other) const;
bool encrypt;
bool sign;
std::string symmetric_key;
std::string public_key;
bool wrapped;
};
AuthorizationData();
AuthorizationData(bool encrypt,
bool sign,
const std::string& symmetric_key);
~AuthorizationData();
bool operator==(const AuthorizationData& other) const;
Type type;
std::vector<Secret> secrets;
};
// This struct holds metadata that will be stored alongside the key. Each
// |ProviderData| entry must have a |name| and may hold either a |number| or a
// sequence of |bytes|. The metadata is entirely opaque to cryptohome. It is
// stored with the key and returned when requested but is never interpreted by
// cryptohome in any way. The metadata can be used to store information such
// as the hashing algorithm and the salt used to create the key.
struct ProviderData {
ProviderData();
explicit ProviderData(const std::string& name);
explicit ProviderData(const ProviderData& other);
void operator=(const ProviderData& other);
~ProviderData();
bool operator==(const ProviderData& other) const;
std::string name;
scoped_ptr<int64> number;
scoped_ptr<std::string> bytes;
};
RetrievedKeyData(Type type, const std::string& label, int64 revision);
~RetrievedKeyData();
KeyDefinition();
KeyDefinition(const std::string& secret,
const std::string& label,
int privileges);
~KeyDefinition();
bool operator==(const KeyDefinition& other) const;
Type type;
std::string label;
// Privileges associated with key. Combination of |AuthKeyPrivileges| values.
int privileges;
int64 revision;
std::vector<AuthorizationType> authorization_types;
ScopedVector<ProviderData> provider_data;
int revision;
std::string secret;
std::vector<AuthorizationData> authorization_data;
std::vector<ProviderData> provider_data;
};
// Authorization attempt data for user.
struct CHROMEOS_EXPORT Authorization {
Authorization(const std::string& key, const std::string& label);
explicit Authorization(const KeyDefinition& key);
bool operator==(const Authorization& other) const;
std::string key;
std::string label;
};
// Parameters for Mount call.
......
chromeos/cryptohome/homedir_methods.cc
View file @ e7e066d0
......@@ -27,8 +27,10 @@ namespace {
HomedirMethods* g_homedir_methods = NULL;
void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) {
key->set_secret(key_def.key);
key->set_secret(key_def.secret);
KeyData* data = key->mutable_data();
DCHECK_EQ(KeyDefinition::TYPE_PASSWORD, key_def.type);
data->set_type(KeyData::KEY_TYPE_PASSWORD);
data->set_label(key_def.label);
if (key_def.revision > 0)
......@@ -44,20 +46,48 @@ void FillKeyProtobuf(const KeyDefinition& key_def, Key* key) {
PRIV_AUTHORIZED_UPDATE);
}
if (key_def.encryption_key.empty() && key_def.signature_key.empty())
return;
for (std::vector<KeyDefinition::AuthorizationData>::const_iterator auth_it =
key_def.authorization_data.begin();
auth_it != key_def.authorization_data.end(); ++auth_it) {
KeyAuthorizationData* auth_data = data->add_authorization_data();
switch (auth_it->type) {
case KeyDefinition::AuthorizationData::TYPE_HMACSHA256:
auth_data->set_type(
KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256);
break;
case KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256:
auth_data->set_type(
KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256);
break;
default:
NOTREACHED();
break;
}
KeyAuthorizationData* auth_data = data->add_authorization_data();
auth_data->set_type(KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256);
if (!key_def.encryption_key.empty()) {
KeyAuthorizationSecret* secret = auth_data->add_secrets();
secret->mutable_usage()->set_encrypt(true);
secret->set_symmetric_key(key_def.encryption_key);
for (std::vector<KeyDefinition::AuthorizationData::Secret>::const_iterator
secret_it = auth_it->secrets.begin();
secret_it != auth_it->secrets.end(); ++secret_it) {
KeyAuthorizationSecret* secret = auth_data->add_secrets();
secret->mutable_usage()->set_encrypt(secret_it->encrypt);
secret->mutable_usage()->set_sign(secret_it->sign);
if (!secret_it->symmetric_key.empty())
secret->set_symmetric_key(secret_it->symmetric_key);
if (!secret_it->public_key.empty())
secret->set_public_key(secret_it->public_key);
secret->set_wrapped(secret_it->wrapped);
}
}
if (!key_def.signature_key.empty()) {
KeyAuthorizationSecret* secret = auth_data->add_secrets();
secret->mutable_usage()->set_sign(true);
secret->set_symmetric_key(key_def.signature_key);
for (std::vector<KeyDefinition::ProviderData>::const_iterator it =
key_def.provider_data.begin(); it != key_def.provider_data.end();
++it) {
KeyProviderData::Entry* entry =
data->mutable_provider_data()->add_entry();
entry->set_name(it->name);
if (it->number)
entry->set_number(*it->number);
if (it->bytes)
entry->set_bytes(*it->bytes);
}
}
......@@ -77,6 +107,35 @@ void FillAuthorizationProtobuf(const Authorization& auth,
key->set_secret(auth.key);
}
void ParseAuthorizationDataProtobuf(
const KeyAuthorizationData& authorization_data_proto,
KeyDefinition::AuthorizationData* authorization_data) {
switch (authorization_data_proto.type()) {
case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256:
authorization_data->type =
KeyDefinition::AuthorizationData::TYPE_HMACSHA256;
break;
case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256:
authorization_data->type =
KeyDefinition::AuthorizationData::TYPE_AES256CBC_HMACSHA256;
break;
default:
NOTREACHED();
return;
}
for (RepeatedPtrField<KeyAuthorizationSecret>::const_iterator it =
authorization_data_proto.secrets().begin();
it != authorization_data_proto.secrets().end(); ++it) {
authorization_data->secrets.push_back(
KeyDefinition::AuthorizationData::Secret(it->usage().encrypt(),
it->usage().sign(),
it->symmetric_key(),
it->public_key(),
it->wrapped()));
}
}
MountError MapError(CryptohomeErrorCode code) {
switch (code) {
case CRYPTOHOME_ERROR_NOT_SET:
......@@ -257,69 +316,60 @@ class HomedirMethodsImpl : public HomedirMethods {
bool result,
const BaseReply& reply) {
if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS) {
callback.Run(false, MOUNT_ERROR_FATAL, ScopedVector<RetrievedKeyData>());
callback.Run(false, MOUNT_ERROR_FATAL, std::vector<KeyDefinition>());
return;
}
if (reply.has_error()) {
if (reply.error() != CRYPTOHOME_ERROR_NOT_SET) {
callback.Run(false,
MapError(reply.error()),
ScopedVector<RetrievedKeyData>());
std::vector<KeyDefinition>());
return;
}
}
if (!reply.HasExtension(GetKeyDataReply::reply)) {
callback.Run(false, MOUNT_ERROR_FATAL, ScopedVector<RetrievedKeyData>());
callback.Run(false, MOUNT_ERROR_FATAL, std::vector<KeyDefinition>());
return;
}
// Extract the contents of the |KeyData| protos returned.
const RepeatedPtrField<KeyData>& key_data_proto =
const RepeatedPtrField<KeyData>& key_data =
reply.GetExtension(GetKeyDataReply::reply).key_data();
ScopedVector<RetrievedKeyData> key_data_list;
for (RepeatedPtrField<KeyData>::const_iterator it = key_data_proto.begin();
it != key_data_proto.end(); ++it) {
std::vector<KeyDefinition> key_definitions;
for (RepeatedPtrField<KeyData>::const_iterator it = key_data.begin();
it != key_data.end(); ++it) {
// Extract |type|, |label| and |revision|.
DCHECK_EQ(KeyData::KEY_TYPE_PASSWORD, it->type());
key_data_list.push_back(new RetrievedKeyData(
RetrievedKeyData::TYPE_PASSWORD,
it->label(),
it->revision()));
RetrievedKeyData* key_data = key_data_list.back();
key_definitions.push_back(KeyDefinition(std::string() /* secret */,
it->label(),
0 /* privileges */));
KeyDefinition& key_definition = key_definitions.back();
key_definition.revision = it->revision();
// Extract |privileges|.
const KeyPrivileges& privileges = it->privileges();
if (privileges.mount())
key_data->privileges |= PRIV_MOUNT;
key_definition.privileges |= PRIV_MOUNT;
if (privileges.add())
key_data->privileges |= PRIV_ADD;
key_definition.privileges |= PRIV_ADD;
if (privileges.remove())
key_data->privileges |= PRIV_REMOVE;
key_definition.privileges |= PRIV_REMOVE;
if (privileges.update())
key_data->privileges |= PRIV_MIGRATE;
key_definition.privileges |= PRIV_MIGRATE;
if (privileges.authorized_update())
key_data->privileges |= PRIV_AUTHORIZED_UPDATE;
key_definition.privileges |= PRIV_AUTHORIZED_UPDATE;
// Extract |authorization_data|.
for (RepeatedPtrField<KeyAuthorizationData>::const_iterator auth_it =
it->authorization_data().begin();
auth_it != it->authorization_data().end(); ++auth_it) {
switch (auth_it->type()) {
case KeyAuthorizationData::KEY_AUTHORIZATION_TYPE_HMACSHA256:
key_data->authorization_types.push_back(
RetrievedKeyData::AUTHORIZATION_TYPE_HMACSHA256);
break;
case KeyAuthorizationData::
KEY_AUTHORIZATION_TYPE_AES256CBC_HMACSHA256:
key_data->authorization_types.push_back(
RetrievedKeyData::AUTHORIZATION_TYPE_AES256CBC_HMACSHA256);
break;
default:
NOTREACHED();
break;
}
key_definition.authorization_data.push_back(
KeyDefinition::AuthorizationData());
ParseAuthorizationDataProtobuf(
*auth_it,
&key_definition.authorization_data.back());
}
// Extract |provider_data|.
......@@ -328,22 +378,22 @@ class HomedirMethodsImpl : public HomedirMethods {
provider_data_it != it->provider_data().entry().end();
++provider_data_it) {
// Extract |name|.
key_data->provider_data.push_back(
new RetrievedKeyData::ProviderData(provider_data_it->name()));
RetrievedKeyData::ProviderData* provider_data =
key_data->provider_data.back();
key_definition.provider_data.push_back(
KeyDefinition::ProviderData(provider_data_it->name()));
KeyDefinition::ProviderData& provider_data =
key_definition.provider_data.back();
int data_items = 0;
// Extract |number|.
if (provider_data_it->has_number()) {
provider_data->number.reset(new int64(provider_data_it->number()));
provider_data.number.reset(new int64(provider_data_it->number()));
++data_items;
}
// Extract |bytes|.
if (provider_data_it->has_bytes()) {
provider_data->bytes.reset(
provider_data.bytes.reset(
new std::string(provider_data_it->bytes()));
++data_items;
}
......@@ -352,7 +402,7 @@ class HomedirMethodsImpl : public HomedirMethods {
}
}
callback.Run(true, MOUNT_ERROR_NONE, key_data_list.Pass());
callback.Run(true, MOUNT_ERROR_NONE, key_definitions);
}
void OnMountExCallback(const MountCallback& callback,
......
chromeos/cryptohome/homedir_methods.h
View file @ e7e066d0
......@@ -6,10 +6,10 @@
#define CHROMEOS_CRYPTOHOME_HOMEDIR_METHODS_H_
#include <string>
#include <vector>
#include "base/basictypes.h"
#include "base/callback_forward.h"
#include "base/memory/scoped_vector.h"
#include "chromeos/chromeos_export.h"
#include "chromeos/cryptohome/cryptohome_parameters.h"
#include "chromeos/dbus/cryptohome_client.h"
......@@ -27,7 +27,7 @@ class CHROMEOS_EXPORT HomedirMethods {
typedef base::Callback<void(
bool success,
MountError return_code,
ScopedVector<RetrievedKeyData> key_data)> GetKeyDataCallback;
const std::vector<KeyDefinition>& key_definitions)> GetKeyDataCallback;
typedef base::Callback<
void(bool success, MountError return_code, const std::string& mount_hash)>
MountCallback;
......
chromeos/cryptohome/homedir_methods_unittest.cc
View file @ e7e066d0
......@@ -55,9 +55,10 @@ class HomedirMethodsTest : public testing::Test {
void RunProtobufMethodCallback(
const chromeos::CryptohomeClient::ProtobufMethodCallback& callback);
void StoreGetKeyDataExResult(bool success,
MountError return_code,
ScopedVector<RetrievedKeyData> key_data);
void StoreGetKeyDataExResult(
bool success,
MountError return_code,
const std::vector<KeyDefinition>& key_definitions);
protected:
chromeos::MockCryptohomeClient* cryptohome_client_;
......@@ -68,7 +69,7 @@ class HomedirMethodsTest : public testing::Test {
// The results of the most recent |HomedirMethods| method call.
bool success_;
MountError return_code_;
ScopedVector<RetrievedKeyData> key_data_;
std::vector<KeyDefinition> key_definitions_;
private:
DISALLOW_COPY_AND_ASSIGN(HomedirMethodsTest);
......@@ -106,10 +107,10 @@ void HomedirMethodsTest::RunProtobufMethodCallback(
void HomedirMethodsTest::StoreGetKeyDataExResult(
bool success,
MountError return_code,
ScopedVector<RetrievedKeyData> key_data) {
const std::vector<KeyDefinition>& key_definitions) {
success_ = success;
return_code_ = return_code;
key_data_.swap(key_data);
key_definitions_ = key_definitions;
}
// Verifies that the result of a GetKeyDataEx() call is correctly parsed.
......@@ -158,23 +159,23 @@ TEST_F(HomedirMethodsTest, GetKeyDataEx) {
// Verify that the call was successful and the result was correctly parsed.
EXPECT_TRUE(success_);
EXPECT_EQ(MOUNT_ERROR_NONE, return_code_);
ASSERT_EQ(1u, key_data_.size());
const RetrievedKeyData* retrieved_key_data = key_data_.front();
EXPECT_EQ(RetrievedKeyData::TYPE_PASSWORD, retrieved_key_data->type);
ASSERT_EQ(1u, key_definitions_.size());
const KeyDefinition& key_definition = key_definitions_.front();
EXPECT_EQ(KeyDefinition::TYPE_PASSWORD, key_definition.type);
EXPECT_EQ(PRIV_MOUNT | PRIV_ADD | PRIV_REMOVE,
retrieved_key_data->privileges);
EXPECT_EQ(kKeyRevision, retrieved_key_data->revision);
ASSERT_EQ(1u, retrieved_key_data->authorization_types.size());
EXPECT_EQ(RetrievedKeyData::AUTHORIZATION_TYPE_HMACSHA256,
retrieved_key_data->authorization_types.front());
ASSERT_EQ(2u, retrieved_key_data->provider_data.size());
const RetrievedKeyData::ProviderData* provider_data =
retrieved_key_data->provider_data[0];
key_definition.privileges);
EXPECT_EQ(kKeyRevision, key_definition.revision);
ASSERT_EQ(1u, key_definition.authorization_data.size());
EXPECT_EQ(KeyDefinition::AuthorizationData::TYPE_HMACSHA256,
key_definition.authorization_data.front().type);
ASSERT_EQ(2u, key_definition.provider_data.size());
const KeyDefinition::ProviderData* provider_data =
&key_definition.provider_data[0];
EXPECT_EQ(kProviderData1Name, provider_data->name);
ASSERT_TRUE(provider_data->number);
EXPECT_EQ(kProviderData1Number, *provider_data->number.get());
EXPECT_FALSE(provider_data->bytes);
provider_data = retrieved_key_data->provider_data[1];
provider_data = &key_definition.provider_data[1];
EXPECT_EQ(kProviderData2Name, provider_data->name);
EXPECT_FALSE(provider_data->number);
ASSERT_TRUE(provider_data->bytes);
......
chromeos/cryptohome/mock_homedir_methods.cc
View file @ e7e066d0
......@@ -4,7 +4,8 @@
#include "chromeos/cryptohome/mock_homedir_methods.h"
#include "base/memory/scoped_vector.h"
#include <vector>
#include "chromeos/cryptohome/cryptohome_parameters.h"
#include "chromeos/cryptohome/mock_async_method_caller.h"
......@@ -41,7 +42,7 @@ void MockHomedirMethods::DoCallback(const Callback& callback) {
}
void MockHomedirMethods::DoGetDataCallback(const GetKeyDataCallback& callback) {
callback.Run(success_, return_code_, ScopedVector<RetrievedKeyData>());
callback.Run(success_, return_code_, std::vector<KeyDefinition>());
}
void MockHomedirMethods::DoMountCallback(const MountCallback& callback) {
......
chromeos/login/auth/cryptohome_authenticator.cc
View file @ e7e066d0
......@@ -4,6 +4,8 @@
#include "chromeos/login/auth/cryptohome_authenticator.h"
#include <vector>
#include "base/basictypes.h"
#include "base/bind.h"
#include "base/files/file_path.h"
......@@ -175,32 +177,33 @@ void OnGetSystemSalt(AuthAttemptState* attempt,
// |attempt->user_context| can be transformed with Chrome's default hashing
// algorithm and the system salt.
// The resulting key is then passed to cryptohome's MountEx().
void OnGetKeyDataEx(AuthAttemptState* attempt,
scoped_refptr<CryptohomeAuthenticator> resolver,
bool ephemeral,
bool create_if_nonexistent,
bool success,
cryptohome::MountError return_code,
ScopedVector<cryptohome::RetrievedKeyData> key_data) {
void OnGetKeyDataEx(
AuthAttemptState* attempt,
scoped_refptr<CryptohomeAuthenticator> resolver,
bool ephemeral,
bool create_if_nonexistent,
bool success,
cryptohome::MountError return_code,
const std::vector<cryptohome::KeyDefinition>& key_definitions) {
if (success) {
if (key_data.size() == 1) {
cryptohome::RetrievedKeyData* key_data_entry = key_data.front();
DCHECK_EQ(kCryptohomeGAIAKeyLabel, key_data_entry->label);
if (key_definitions.size() == 1) {
const cryptohome::KeyDefinition& key_definition = key_definitions.front();
DCHECK_EQ(kCryptohomeGAIAKeyLabel, key_definition.label);
// Extract the key type and salt from |key_data|, if present.
// Extract the key type and salt from |key_definition|, if present.
scoped_ptr<int64> type;
scoped_ptr<std::string> salt;
for (ScopedVector<cryptohome::RetrievedKeyData::ProviderData>::
const_iterator it = key_data_entry->provider_data.begin();
it != key_data_entry->provider_data.end(); ++it) {
if ((*it)->name == kKeyProviderDataTypeName) {
if ((*it)->number)
type.reset(new int64(*(*it)->number));
for (std::vector<cryptohome::KeyDefinition::ProviderData>::
const_iterator it = key_definition.provider_data.begin();
it != key_definition.provider_data.end(); ++it) {
if (it->name == kKeyProviderDataTypeName) {
if (it->number)
type.reset(new int64(*it->number));
else
NOTREACHED();
} else if ((*it)->name == kKeyProviderDataSaltName) {
if ((*it)->bytes)
salt.reset(new std::string(*(*it)->bytes));
} else if (it->name == kKeyProviderDataSaltName) {
if (it->bytes)
salt.reset(new std::string(*it->bytes));
else
NOTREACHED();
}
......@@ -226,7 +229,7 @@ void OnGetKeyDataEx(AuthAttemptState* attempt,
return;
}
} else {
LOG(ERROR) << "GetKeyDataEx() returned " << key_data.size()
LOG(ERROR) << "GetKeyDataEx() returned " << key_definitions.size()
<< " entries.";
}
}
......
chromeos/login/auth/extended_authenticator.cc
View file @ e7e066d0
......@@ -89,7 +89,7 @@ void ExtendedAuthenticator::CreateMount(
mount.create_keys.push_back(keys[i]);
}
UserContext context(user_id);
Key key(keys.front().key);
Key key(keys.front().secret);
key.SetLabel(keys.front().label);
context.SetKey(key);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment