chromium/ash/components/arc/session/serial_number_util.cc

// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "ash/components/arc/session/serial_number_util.h"

#include <string_view>

#include "ash/components/arc/arc_prefs.h"
#include "base/files/file_util.h"
#include "base/logging.h"
#include "base/strings/string_number_conversions.h"
#include "crypto/random.h"
#include "crypto/sha2.h"

namespace arc {

namespace {

constexpr const size_t kArcSaltFileSize = 16;

// Returns true if the hex-encoded salt in Local State is valid.
bool IsValidHexSalt(std::string_view hex_salt) {
  std::string salt;
  if (!base::HexStringToString(hex_salt, &salt)) {
    LOG(WARNING) << "Not a hex string: " << hex_salt;
    return false;
  }
  if (salt.size() != kArcSaltFileSize) {
    LOG(WARNING) << "Salt size invalid: " << salt.size();
    return false;
  }
  return true;
}

}  // namespace

std::string GenerateFakeSerialNumber(std::string_view chromeos_user,
                                     std::string_view salt) {
  constexpr size_t kMaxHardwareIdLen = 20;
  std::string input(chromeos_user);
  input.append(salt.begin(), salt.end());
  const std::string hash(crypto::SHA256HashString(input));
  return base::HexEncode(hash).substr(0, kMaxHardwareIdLen);
}

std::string GetOrCreateSerialNumber(PrefService* local_state,
                                    std::string_view chromeos_user,
                                    std::string_view arc_salt_on_disk) {
  DCHECK(local_state);
  DCHECK(!chromeos_user.empty());

  std::string hex_salt = local_state->GetString(prefs::kArcSerialNumberSalt);
  if (hex_salt.empty() || !IsValidHexSalt(hex_salt)) {
    // This path is taken 1) on the very first ARC boot, 2) on the first boot
    // after powerwash, 3) on the first boot after upgrading to ARCVM, or 4)
    // when the salt in local state is corrupted.
    if (arc_salt_on_disk.empty()) {
      // The device doesn't have the salt file for ARC container. Create it from
      // scratch in the same way as ARC container.
      uint8_t rand_value[kArcSaltFileSize];
      crypto::RandBytes(rand_value);
      hex_salt = base::HexEncode(rand_value);
    } else {
      // The device has the one for container. Reuse it for ARCVM.
      DCHECK_EQ(kArcSaltFileSize, arc_salt_on_disk.size());
      hex_salt = base::HexEncode(arc_salt_on_disk);
    }
    local_state->SetString(prefs::kArcSerialNumberSalt, hex_salt);
  }

  // We store hex-encoded version of the salt in the local state, but to compute
  // the serial number, we use the decoded version to be compatible with the
  // arc-setup code for P.
  std::string decoded_salt;
  const bool result = base::HexStringToString(hex_salt, &decoded_salt);
  DCHECK(result) << hex_salt;
  return GenerateFakeSerialNumber(chromeos_user, decoded_salt);
}

std::optional<std::string> ReadSaltOnDisk(const base::FilePath& salt_path) {
  if (!base::PathExists(salt_path)) {
    VLOG(2) << "ARC salt file doesn't exist: " << salt_path;
    return std::string();
  }
  std::string salt;
  if (!base::ReadFileToString(salt_path, &salt)) {
    PLOG(ERROR) << "Failed to read " << salt_path;
    return std::nullopt;
  }
  if (salt.size() != kArcSaltFileSize) {
    LOG(WARNING) << "Ignoring invalid ARC salt on disk. size=" << salt.size();
    salt.clear();
  }
  VLOG(1) << "Successfully read ARC salt on disk: " << salt_path;
  return salt;
}

}  // namespace arc