blob: 3dec817a866bc1f7cce6f2103a61257685db34a8 [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "services/preferences/tracked/pref_hash_calculator.h"
#include <stdint.h>
#include <memory>
#include <vector>
#include "base/bind.h"
#include "base/json/json_string_value_serializer.h"
#include "base/notreached.h"
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/values.h"
#include "crypto/hmac.h"
namespace {
// Calculates an HMAC of |message| using |key|, encoded as a hexadecimal string.
std::string GetDigestString(const std::string& key,
const std::string& message) {
crypto::HMAC hmac(crypto::HMAC::SHA256);
std::vector<uint8_t> digest(hmac.DigestLength());
if (!hmac.Init(key) || !hmac.Sign(message, &digest[0], digest.size())) {
NOTREACHED();
return std::string();
}
return base::HexEncode(&digest[0], digest.size());
}
// Verifies that |digest_string| is a valid HMAC of |message| using |key|.
// |digest_string| must be encoded as a hexadecimal string.
bool VerifyDigestString(const std::string& key,
const std::string& message,
const std::string& digest_string) {
crypto::HMAC hmac(crypto::HMAC::SHA256);
std::string digest;
return base::HexStringToString(digest_string, &digest) && hmac.Init(key) &&
hmac.Verify(message, digest);
}
// Renders |value| as a string. |value| may be NULL, in which case the result
// is an empty string. This method can be expensive and its result should be
// re-used rather than recomputed where possible.
std::string ValueAsString(const base::Value* value) {
// Dictionary values may contain empty lists and sub-dictionaries. Make a
// deep copy with those removed to make the hash more stable.
const base::DictionaryValue* dict_value;
std::unique_ptr<base::DictionaryValue> canonical_dict_value;
if (value && value->GetAsDictionary(&dict_value)) {
canonical_dict_value = dict_value->DeepCopyWithoutEmptyChildren();
value = canonical_dict_value.get();
}
std::string value_as_string;
if (value) {
JSONStringValueSerializer serializer(&value_as_string);
serializer.Serialize(*value);
}
return value_as_string;
}
// Concatenates |device_id|, |path|, and |value_as_string| to give the hash
// input.
std::string GetMessage(const std::string& device_id,
const std::string& path,
const std::string& value_as_string) {
std::string message;
message.reserve(device_id.size() + path.size() + value_as_string.size());
message.append(device_id);
message.append(path);
message.append(value_as_string);
return message;
}
} // namespace
PrefHashCalculator::PrefHashCalculator(const std::string& seed,
const std::string& device_id,
const std::string& legacy_device_id)
: seed_(seed), device_id_(device_id), legacy_device_id_(legacy_device_id) {}
PrefHashCalculator::~PrefHashCalculator() {}
std::string PrefHashCalculator::Calculate(const std::string& path,
const base::Value* value) const {
return GetDigestString(seed_,
GetMessage(device_id_, path, ValueAsString(value)));
}
PrefHashCalculator::ValidationResult PrefHashCalculator::Validate(
const std::string& path,
const base::Value* value,
const std::string& digest_string) const {
const std::string value_as_string(ValueAsString(value));
if (VerifyDigestString(seed_, GetMessage(device_id_, path, value_as_string),
digest_string)) {
return VALID;
}
if (!legacy_device_id_.empty() &&
VerifyDigestString(seed_,
GetMessage(legacy_device_id_, path, value_as_string),
digest_string)) {
return VALID_SECURE_LEGACY;
}
return INVALID;
}