// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "chrome/browser/enterprise/connectors/device_trust/key_management/browser/device_trust_key_manager_impl.h" #include <optional> #include "base/check.h" #include "base/containers/span.h" #include "base/functional/callback_helpers.h" #include "base/notreached.h" #include "base/task/bind_post_task.h" #include "base/task/task_traits.h" #include "base/task/thread_pool.h" #include "chrome/browser/enterprise/connectors/device_trust/key_management/browser/key_rotation_launcher.h" #include "chrome/browser/enterprise/connectors/device_trust/key_management/browser/metrics_utils.h" #include "chrome/browser/enterprise/connectors/device_trust/key_management/core/persistence/key_persistence_delegate.h" #include "chrome/browser/enterprise/connectors/device_trust/key_management/core/signing_key_pair.h" #include "chrome/browser/enterprise/connectors/device_trust/key_management/core/signing_key_util.h" #include "crypto/unexportable_key.h" BPKUR; namespace enterprise_connectors { KeyRotationResult; namespace { // Wrap the SignSlowly call into this anonymous synchronous function to ensure // that `str` lives throughout the execution. If that was not being done, `str` // would get destroyed in the calling sequence and, with span being just a // pointer, the called sequence would use its data pointer after the address // was freed up (use-after-free), which is a security issue. std::optional<std::vector<uint8_t>> SignString( const std::string& str, scoped_refptr<SigningKeyPair> key_pair) { … } void OnSignatureGenerated( BPKUR::KeyTrustLevel trust_level, base::TimeTicks start_time, DeviceTrustKeyManagerImpl::SignStringCallback callback, std::optional<std::vector<uint8_t>> signature) { … } std::optional<DeviceTrustKeyManager::PermanentFailure> RotationStatusToPermanentFailure(KeyRotationCommand::Status status, bool is_key_creation) { … } // Given the `result` from a LoadKey operation, determine whether key creation // should be kicked-off or not. bool ShouldTriggerKeyCreation(LoadPersistedKeyResult result) { … } } // namespace DeviceTrustKeyManagerImpl::DeviceTrustKeyManagerImpl( std::unique_ptr<KeyRotationLauncher> key_rotation_launcher, std::unique_ptr<KeyLoader> key_loader) : … { … } DeviceTrustKeyManagerImpl::~DeviceTrustKeyManagerImpl() = default; void DeviceTrustKeyManagerImpl::StartInitialization() { … } void DeviceTrustKeyManagerImpl::RotateKey(const std::string& nonce, RotateKeyCallback callback) { … } void DeviceTrustKeyManagerImpl::ExportPublicKeyAsync( ExportPublicKeyCallback callback) { … } void DeviceTrustKeyManagerImpl::SignStringAsync(const std::string& str, SignStringCallback callback) { … } std::optional<DeviceTrustKeyManagerImpl::KeyMetadata> DeviceTrustKeyManagerImpl::GetLoadedKeyMetadata() const { … } bool DeviceTrustKeyManagerImpl::HasPermanentFailure() const { … } void DeviceTrustKeyManagerImpl::AddPendingRequest( base::OnceClosure pending_request) { … } void DeviceTrustKeyManagerImpl::LoadKey(bool create_on_fail) { … } void DeviceTrustKeyManagerImpl::OnKeyLoaded( bool create_on_fail, KeyLoader::DTCLoadKeyResult load_key_result) { … } void DeviceTrustKeyManagerImpl::StartKeyRotationInner( const std::string& nonce, RotateKeyCallback callback) { … } void DeviceTrustKeyManagerImpl::OnKeyRotationFinished( const std::string& nonce, RotateKeyCallback callback, KeyRotationCommand::Status result_status) { … } bool DeviceTrustKeyManagerImpl::TryResumePendingRotationRequest() { … } void DeviceTrustKeyManagerImpl::ResumePendingCallbacks() { … } void DeviceTrustKeyManagerImpl::ResumeExportPublicKey( ExportPublicKeyCallback callback) { … } void DeviceTrustKeyManagerImpl::ResumeSignString(const std::string& str, SignStringCallback callback) { … } bool DeviceTrustKeyManagerImpl::IsFullyInitialized() const { … } DeviceTrustKeyManagerImpl::RotateKeyRequest::RotateKeyRequest( const std::string& nonce_param, RotateKeyCallback callback_param) : … { … } DeviceTrustKeyManagerImpl::RotateKeyRequest::~RotateKeyRequest() = default; } // namespace enterprise_connectors
Codebase Browser
chromium