• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
6 #define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
7 
8 #include <string>
9 
10 #include "base/basictypes.h"
11 #include "base/memory/scoped_ptr.h"
12 
13 namespace crypto {
14 class SymmetricKey;
15 }
16 
17 namespace chromeos {
18 
19 // Interface class for classes that encrypt and decrypt tokens using the
20 // system salt.
21 class TokenEncryptor {
22  public:
~TokenEncryptor()23   virtual ~TokenEncryptor() {}
24 
25   // Encrypts |token| with the system salt key (stable for the lifetime
26   // of the device).  Useful to avoid storing plain text in place like
27   // Local State.
28   virtual std::string EncryptWithSystemSalt(const std::string& token) = 0;
29 
30   // Decrypts |token| with the system salt key (stable for the lifetime
31   // of the device).
32   virtual std::string DecryptWithSystemSalt(
33       const std::string& encrypted_token_hex) = 0;
34 };
35 
36 // TokenEncryptor based on the system salt from cryptohome daemon. This
37 // implementation is used in production.
38 class CryptohomeTokenEncryptor : public TokenEncryptor {
39  public:
40   explicit CryptohomeTokenEncryptor(const std::string& system_salt);
41   virtual ~CryptohomeTokenEncryptor();
42 
43   // TokenEncryptor overrides:
44   virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE;
45   virtual std::string DecryptWithSystemSalt(
46       const std::string& encrypted_token_hex) OVERRIDE;
47 
48  private:
49   // Converts |passphrase| to a SymmetricKey using the given |salt|.
50   crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase,
51                                         const std::string& salt);
52 
53   // Encrypts (AES) the token given |key| and |salt|.
54   std::string EncryptTokenWithKey(crypto::SymmetricKey* key,
55                                   const std::string& salt,
56                                   const std::string& token);
57 
58   // Decrypts (AES) hex encoded encrypted token given |key| and |salt|.
59   std::string DecryptTokenWithKey(crypto::SymmetricKey* key,
60                                   const std::string& salt,
61                                   const std::string& encrypted_token_hex);
62 
63   // The cached system salt passed to the constructor, originally coming
64   // from cryptohome daemon.
65   std::string system_salt_;
66 
67   // A key based on the system salt.  Useful for encrypting device-level
68   // data for which we have no additional credentials.
69   scoped_ptr<crypto::SymmetricKey> system_salt_key_;
70 
71   DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor);
72 };
73 
74 }  // namespace chromeos
75 
76 #endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_
77