search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / chromeos / login / easy_unlock / secure_message_delegate_chromeos.cc
blob665106d36c3aabaf05e45043d42335cc9b984eb3
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/login/easy_unlock/secure_message_delegate_chromeos.h"
6
7 #include "base/bind.h"
8 #include "chromeos/dbus/dbus_thread_manager.h"
9 #include "chromeos/dbus/easy_unlock_client.h"
10 #include "components/proximity_auth/cryptauth/base64url.h"
11 #include "components/proximity_auth/logging/logging.h"
12 #include "third_party/cros_system_api/dbus/service_constants.h"
13
14 using proximity_auth::SecureMessageDelegate;
15
16 namespace chromeos {
17 namespace {
18
19 // Converts encryption type to a string representation used by EasyUnlock dbus
20 // client.
21 std::string EncSchemeToString(securemessage::EncScheme scheme) {
22 switch (scheme) {
23 case securemessage::AES_256_CBC:
24 return easy_unlock::kEncryptionTypeAES256CBC;
25 case securemessage::NONE:
26 return easy_unlock::kEncryptionTypeNone;
27 }
28
29 NOTREACHED();
30 return std::string();
31 }
32
33 // Converts signature type to a string representation used by EasyUnlock dbus
34 // client.
35 std::string SigSchemeToString(securemessage::SigScheme scheme) {
36 switch (scheme) {
37 case securemessage::ECDSA_P256_SHA256:
38 return easy_unlock::kSignatureTypeECDSAP256SHA256;
39 case securemessage::HMAC_SHA256:
40 return easy_unlock::kSignatureTypeHMACSHA256;
41 case securemessage::RSA2048_SHA256:
42 // RSA2048_SHA256 is not supported by the daemon.
43 NOTREACHED();
44 return std::string();
45 }
46
47 NOTREACHED();
48 return std::string();
49 }
50
51 // Parses the serialized HeaderAndBody string returned by the DBus client, and
52 // calls the corresponding SecureMessageDelegate unwrap callback.
53 void HandleUnwrapResult(
54 const SecureMessageDelegate::UnwrapSecureMessageCallback& callback,
55 const std::string& unwrap_result) {
56 securemessage::HeaderAndBody header_and_body;
57 if (!header_and_body.ParseFromString(unwrap_result)) {
58 callback.Run(false, std::string(), securemessage::Header());
59 } else {
60 callback.Run(true, header_and_body.body(), header_and_body.header());
61 }
62 }
63
64 // The SecureMessageDelegate expects the keys in the reverse order returned by
65 // the DBus client.
66 void HandleKeyPairResult(
67 const SecureMessageDelegate::GenerateKeyPairCallback& callback,
68 const std::string& private_key,
69 const std::string& public_key) {
70 callback.Run(public_key, private_key);
71 }
72
73 } // namespace
74
75 SecureMessageDelegateChromeOS::SecureMessageDelegateChromeOS()
76 : dbus_client_(chromeos::DBusThreadManager::Get()->GetEasyUnlockClient()) {
77 }
78
79 SecureMessageDelegateChromeOS::~SecureMessageDelegateChromeOS() {
80 }
81
82 void SecureMessageDelegateChromeOS::GenerateKeyPair(
83 const GenerateKeyPairCallback& callback) {
84 dbus_client_->GenerateEcP256KeyPair(
85 base::Bind(HandleKeyPairResult, callback));
86 }
87
88 void SecureMessageDelegateChromeOS::DeriveKey(
89 const std::string& private_key,
90 const std::string& public_key,
91 const DeriveKeyCallback& callback) {
92 dbus_client_->PerformECDHKeyAgreement(private_key, public_key, callback);
93 }
94
95 void SecureMessageDelegateChromeOS::CreateSecureMessage(
96 const std::string& payload,
97 const std::string& key,
98 const CreateOptions& create_options,
99 const CreateSecureMessageCallback& callback) {
100 if (create_options.signature_scheme == securemessage::RSA2048_SHA256) {
101 PA_LOG(ERROR) << "Unable to create message: RSA2048_SHA256 not supported "
102 << "by the ChromeOS daemon.";
103 callback.Run(std::string());
104 return;
105 }
106
107 chromeos::EasyUnlockClient::CreateSecureMessageOptions options;
108 options.key.assign(key);
109
110 if (!create_options.associated_data.empty())
111 options.associated_data.assign(create_options.associated_data);
112
113 if (!create_options.public_metadata.empty())
114 options.public_metadata.assign(create_options.public_metadata);
115
116 if (!create_options.verification_key_id.empty())
117 options.verification_key_id.assign(create_options.verification_key_id);
118
119 if (!create_options.decryption_key_id.empty())
120 options.decryption_key_id.assign(create_options.decryption_key_id);
121
122 options.encryption_type = EncSchemeToString(create_options.encryption_scheme);
123 options.signature_type = SigSchemeToString(create_options.signature_scheme);
124
125 dbus_client_->CreateSecureMessage(payload, options, callback);
126 }
127
128 void SecureMessageDelegateChromeOS::UnwrapSecureMessage(
129 const std::string& serialized_message,
130 const std::string& key,
131 const UnwrapOptions& unwrap_options,
132 const UnwrapSecureMessageCallback& callback) {
133 if (unwrap_options.signature_scheme == securemessage::RSA2048_SHA256) {
134 PA_LOG(ERROR) << "Unable to unwrap message: RSA2048_SHA256 not supported "
135 << "by the ChromeOS daemon.";
136 callback.Run(false, std::string(), securemessage::Header());
137 return;
138 }
139
140 chromeos::EasyUnlockClient::UnwrapSecureMessageOptions options;
141 options.key.assign(key);
142
143 if (!unwrap_options.associated_data.empty())
144 options.associated_data.assign(unwrap_options.associated_data);
145
146 options.encryption_type = EncSchemeToString(unwrap_options.encryption_scheme);
147 options.signature_type = SigSchemeToString(unwrap_options.signature_scheme);
148
149 dbus_client_->UnwrapSecureMessage(serialized_message, options,
150 base::Bind(&HandleUnwrapResult, callback));
151 }
152
153 } // namespace chromeos