// Copyright 2016 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/os_crypt/sync/os_crypt.h" #include <stddef.h> #include <algorithm> #include <iterator> #include <memory> #include "base/logging.h" #include "base/memory/singleton.h" #include "base/metrics/histogram_functions.h" #include "base/no_destructor.h" #include "base/strings/string_util.h" #include "base/strings/utf_string_conversions.h" #include "base/synchronization/lock.h" #include "base/task/single_thread_task_runner.h" #include "components/os_crypt/sync/key_storage_config_linux.h" #include "components/os_crypt/sync/key_storage_linux.h" #include "crypto/encryptor.h" #include "crypto/symmetric_key.h" namespace { // Salt for Symmetric key derivation. constexpr char kSalt[] = …; // Key size required for 128 bit AES. constexpr size_t kDerivedKeySizeInBits = …; // Constant for Symmetric key derivation. constexpr size_t kEncryptionIterations = …; // Size of initialization vector for AES 128-bit. constexpr size_t kIVBlockSizeAES128 = …; // Prefixes for cypher text returned by obfuscation version. We prefix the // ciphertext with this string so that future data migration can detect // this and migrate to full encryption without data loss. kObfuscationPrefixV10 // means that the hardcoded password will be used. kObfuscationPrefixV11 means // that a password is/will be stored using an OS-level library (e.g Libsecret). // V11 will not be used if such a library is not available. constexpr char kObfuscationPrefixV10[] = …; constexpr char kObfuscationPrefixV11[] = …; // The UMA metric name for whether the false was decryptable with an empty key. constexpr char kMetricDecryptedWithEmptyKey[] = …; // Generates a newly allocated SymmetricKey object based on a password. // Ownership of the key is passed to the caller. Returns null key if a key // generation error occurs. std::unique_ptr<crypto::SymmetricKey> GenerateEncryptionKey( const std::string& password) { … } // Decrypt `ciphertext` using `encryption_key` and store the result in // `encryption_key`. bool DecryptWith(const std::string& ciphertext, crypto::SymmetricKey* encryption_key, std::string* plaintext) { … } } // namespace namespace OSCrypt { void SetConfig(std::unique_ptr<os_crypt::Config> config) { … } bool EncryptString16(const std::u16string& plaintext, std::string* ciphertext) { … } bool DecryptString16(const std::string& ciphertext, std::u16string* plaintext) { … } bool EncryptString(const std::string& plaintext, std::string* ciphertext) { … } bool DecryptString(const std::string& ciphertext, std::string* plaintext) { … } std::string GetRawEncryptionKey() { … } void SetRawEncryptionKey(const std::string& key) { … } bool IsEncryptionAvailable() { … } void UseMockKeyStorageForTesting( base::OnceCallback<std::unique_ptr<KeyStorageLinux>()> storage_provider_factory) { … } void ClearCacheForTesting() { … } void SetEncryptionPasswordForTesting(const std::string& password) { … } } // namespace OSCrypt OSCryptImpl* OSCryptImpl::GetInstance() { … } OSCryptImpl::OSCryptImpl() = default; OSCryptImpl::~OSCryptImpl() = default; bool OSCryptImpl::EncryptString16(const std::u16string& plaintext, std::string* ciphertext) { … } bool OSCryptImpl::DecryptString16(const std::string& ciphertext, std::u16string* plaintext) { … } bool OSCryptImpl::EncryptString(const std::string& plaintext, std::string* ciphertext) { … } bool OSCryptImpl::DecryptString(const std::string& ciphertext, std::string* plaintext) { … } void OSCryptImpl::SetConfig(std::unique_ptr<os_crypt::Config> config) { … } bool OSCryptImpl::IsEncryptionAvailable() { … } void OSCryptImpl::SetRawEncryptionKey(const std::string& raw_key) { … } std::string OSCryptImpl::GetRawEncryptionKey() { … } void OSCryptImpl::ClearCacheForTesting() { … } void OSCryptImpl::UseMockKeyStorageForTesting( base::OnceCallback<std::unique_ptr<KeyStorageLinux>()> storage_provider_factory) { … } void OSCryptImpl::SetEncryptionPasswordForTesting(const std::string& password) { … } // Returns a cached string of "peanuts". Is thread-safe. crypto::SymmetricKey* OSCryptImpl::GetPasswordV10() { … } // Caches and returns the password from the KeyStorage or null if there is no // service. Is thread-safe. crypto::SymmetricKey* OSCryptImpl::GetPasswordV11(bool probe) { … } // static base::Lock& OSCryptImpl::GetLock() { … }
Codebase Browser
chromium