token_encryptor.h revision 4e180b6a0b4720a9b8e9e959a882386f690f08ff
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ 6#define CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ 7 8#include <string> 9 10#include "base/basictypes.h" 11#include "base/memory/scoped_ptr.h" 12 13namespace crypto { 14class SymmetricKey; 15} 16 17namespace chromeos { 18 19// Interface class for classes that encrypt and decrypt tokens using the 20// system salt. 21class TokenEncryptor { 22 public: 23 virtual ~TokenEncryptor() {} 24 25 // Encrypts |token| with the system salt key (stable for the lifetime 26 // of the device). Useful to avoid storing plain text in place like 27 // Local State. 28 virtual std::string EncryptWithSystemSalt(const std::string& token) = 0; 29 30 // Decrypts |token| with the system salt key (stable for the lifetime 31 // of the device). 32 virtual std::string DecryptWithSystemSalt( 33 const std::string& encrypted_token_hex) = 0; 34}; 35 36// TokenEncryptor based on the cryptohome daemon. This implementation is used 37// in production. 38class CryptohomeTokenEncryptor : public TokenEncryptor { 39 public: 40 CryptohomeTokenEncryptor(); 41 virtual ~CryptohomeTokenEncryptor(); 42 43 // TokenEncryptor overrides: 44 virtual std::string EncryptWithSystemSalt(const std::string& token) OVERRIDE; 45 virtual std::string DecryptWithSystemSalt( 46 const std::string& encrypted_token_hex) OVERRIDE; 47 48 private: 49 // Loads the system salt key based on the system salt from the cryptohome 50 // daemon. Returns true on success. 51 bool LoadSystemSaltKey(); 52 53 // Converts |passphrase| to a SymmetricKey using the given |salt|. 54 crypto::SymmetricKey* PassphraseToKey(const std::string& passphrase, 55 const std::string& salt); 56 57 // Encrypts (AES) the token given |key| and |salt|. 58 std::string EncryptTokenWithKey(crypto::SymmetricKey* key, 59 const std::string& salt, 60 const std::string& token); 61 62 // Decrypts (AES) hex encoded encrypted token given |key| and |salt|. 63 std::string DecryptTokenWithKey(crypto::SymmetricKey* key, 64 const std::string& salt, 65 const std::string& encrypted_token_hex); 66 67 // The cached system salt obtained from the cryptohome daemon. 68 std::string system_salt_; 69 70 // A key based on the system salt. Useful for encrypting device-level 71 // data for which we have no additional credentials. 72 scoped_ptr<crypto::SymmetricKey> system_salt_key_; 73 74 DISALLOW_COPY_AND_ASSIGN(CryptohomeTokenEncryptor); 75}; 76 77} // namespace chromeos 78 79#endif // CHROME_BROWSER_CHROMEOS_SETTINGS_TOKEN_ENCRYPTOR_H_ 80