From 5bc745fcba8fbfa1b0cda45f28173b8e7bec1d45 Mon Sep 17 00:00:00 2001 From: "antrim@chromium.org" Date: Wed, 26 Mar 2014 00:37:42 +0000 Subject: [PATCH] Impelent signature generation for supervised user passwords. TBR=stevenjb@chromium.org for chromeos/chromeos.gyp BUG=244472 Review URL: https://codereview.chromium.org/209433007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@259419 0039d316-1c4b-4281-b951-d872f2087c98 --- .../managed/supervised_user_authentication.cc | 30 +++++++++++++++++++--- chrome/chrome_browser_chromeos.gypi | 2 ++ chromeos/chromeos.gyp | 14 ++++++++++ 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/chrome/browser/chromeos/login/managed/supervised_user_authentication.cc b/chrome/browser/chromeos/login/managed/supervised_user_authentication.cc index 0e3307c35f7f..a9b92cbd1a4e 100644 --- a/chrome/browser/chromeos/login/managed/supervised_user_authentication.cc +++ b/chrome/browser/chromeos/login/managed/supervised_user_authentication.cc @@ -17,7 +17,9 @@ #include "chrome/browser/chromeos/login/user_manager.h" #include "chrome/browser/chromeos/profiles/profile_helper.h" #include "chromeos/chromeos_switches.h" +#include "chromeos/cryptohome/signed_secret.pb.h" #include "content/public/browser/browser_thread.h" +#include "crypto/hmac.h" #include "crypto/random.h" #include "crypto/symmetric_key.h" @@ -28,11 +30,15 @@ namespace { // Byte size of hash salt. const unsigned kSaltSize = 32; -// Parameters of cryptographic hashing. +// Parameters of cryptographic hashing for new user schema. const unsigned kNumIterations = 1234; const unsigned kKeySizeInBits = 256; +// Size of key signature. const unsigned kHMACKeySizeInBits = 256; +const int kSignatureLength = 32; + +// Size of master key (in bytes). const int kMasterKeySize = 32; std::string CreateSalt() { @@ -69,8 +75,26 @@ std::string BuildRawHMACKey() { std::string BuildPasswordSignature(const std::string& password, int revision, const std::string& base64_signature_key) { - std::string raw_result, result; - // TODO(antrim) : implement signature as soon as wad@ lands sample code. + ac::chrome::managedaccounts::account::Secret secret; + secret.set_revision(revision); + secret.set_secret(password); + std::string buffer; + if (!secret.SerializeToString(&buffer)) + LOG(FATAL) << "Protobuf::SerializeToString failed"; + std::string signature_key; + base::Base64Decode(base64_signature_key, &signature_key); + + crypto::HMAC hmac(crypto::HMAC::SHA256); + if (!hmac.Init(signature_key)) + LOG(FATAL) << "HMAC::Init failed"; + + unsigned char out_bytes[kSignatureLength]; + if (!hmac.Sign(buffer, out_bytes, sizeof(out_bytes))) + LOG(FATAL) << "HMAC::Sign failed"; + + std::string raw_result(out_bytes, out_bytes + sizeof(out_bytes)); + + std::string result; base::Base64Encode(raw_result, &result); return result; } diff --git a/chrome/chrome_browser_chromeos.gypi b/chrome/chrome_browser_chromeos.gypi index 063dbe3b673e..9e52737a194f 100644 --- a/chrome/chrome_browser_chromeos.gypi +++ b/chrome/chrome_browser_chromeos.gypi @@ -46,6 +46,8 @@ '../build/linux/system.gyp:dbus', '../chromeos/chromeos.gyp:chromeos', '../chromeos/chromeos.gyp:chromeos_memory', + # browser_chromeos #includes signed_secret.pb.h directly. + '../chromeos/chromeos.gyp:cryptohome_signkey_proto', # browser_chromeos #includes power_supply_properties.pb.h directly. '../chromeos/chromeos.gyp:power_manager_proto', '../chromeos/ime/input_method.gyp:gencode', diff --git a/chromeos/chromeos.gyp b/chromeos/chromeos.gyp index f54da868b05a..311501466b39 100644 --- a/chromeos/chromeos.gyp +++ b/chromeos/chromeos.gyp @@ -559,5 +559,19 @@ }, 'includes': ['../build/protoc.gypi'], }, + { + # Protobuf compiler/generator for cryptohome key signing protocol buffer. + 'target_name': 'cryptohome_signkey_proto', + 'type': 'static_library', + 'sources': [ + '../third_party/cros_system_api/dbus/cryptohome/signed_secret.proto', + ], + 'variables': { + 'proto_in_dir': '../third_party/cros_system_api/dbus/cryptohome', + 'proto_out_dir': 'chromeos/cryptohome', + }, + 'includes': ['../build/protoc.gypi'], + }, + ], } -- 2.11.4.GIT