Google Git
Sign in
chromium / chromium / src / eac08feb1fffd0b9faa2b1862985b09386789536
commiteac08feb1fffd0b9faa2b1862985b09386789536[log] [tgz]
authorElly <ellyjones@chromium.org>Tue Oct 29 17:21:17 2024
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Oct 29 17:21:17 2024
tree3b2ce55cf20bb0099f00917ba2e2b6448159cdb2
parentab3b514d58d77c18d50d893c66a201cc48146abf [diff]
onc: remove unused passphrase support

ONC configs can be encrypted with a passphrase, which is used to derive
a key with a specified key derivation function (which ONC calls a
"stretch").  Our low-level code for dealing with ONC configs supports
decrypting ONC configs with arbitrary passphrases, and we have tests
that exercise this behavior, but none of the production code paths into
this decryption function can ever actually supply a non-empty
passphrase. The result of that is that we cannot decrypt ONC configs in
production unless they use an empty passphrase anyway, at which point
the key is solely derived from the salt - included in the ONC config
itself, so providing no incremental security. As far as I can tell,
non-empty passphrases for decrypting ONC configs were never supported.

This change removes the passphrase parameter from the low-level ONC
decryption code and removes the test coverage for nonempty passphrases;
the decryption code is now hardcoded to use an empty passphrase for key
derivation. This simplifies reasoning about the security guarantees
provided a bit and will also make an upcoming refactor to use the new
crypto::kdf and crypto::aes_cbc APIs a bit more straightforward.

See the ONC spec for more details: //components/onc/docs/onc_spec.md

Fixed: 375231017
Change-Id: Ibc945d18aba6c4ab3518f00104e0dc2b63134318
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5958357
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>
Reviewed-by: Igor <igorcov@chromium.org>
Commit-Queue: Elly FJ <ellyjones@chromium.org>
Code-Coverage: findit-for-me@appspot.gserviceaccount.com <findit-for-me@appspot.gserviceaccount.com>
Reviewed-by: Nikhil Nayunigari <nikhilcn@google.com>
Cr-Commit-Position: refs/heads/main@{#1375342}
9 files changed
tree: 3b2ce55cf20bb0099f00917ba2e2b6448159cdb2
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. crypto/
  16. dbus/
  17. device/
  18. docs/
  19. extensions/
  20. fuchsia_web/
  21. gin/
  22. google_apis/
  23. gpu/
  24. headless/
  25. infra/
  26. ios/
  27. ipc/
  28. media/
  29. mojo/
  30. native_client_sdk/
  31. net/
  32. pdf/
  33. ppapi/
  34. printing/
  35. remoting/
  36. rlz/
  37. sandbox/
  38. services/
  39. skia/
  40. sql/
  41. storage/
  42. styleguide/
  43. testing/
  44. third_party/
  45. tools/
  46. ui/
  47. url/
  48. webkit/
  49. clank
  50. internal
  51. ios_internal
  52. native_client
  53. signing_keys
  54. v8
  55. .clang-format
  56. .clang-tidy
  57. .clangd
  58. .git-blame-ignore-revs
  59. .gitallowed
  60. .gitattributes
  61. .gitignore
  62. .gitmodules
  63. .gn
  64. .mailmap
  65. .rustfmt.toml
  66. .vpython3
  67. .yapfignore
  68. ATL_OWNERS
  69. AUTHORS
  70. BUILD.gn
  71. CODE_OF_CONDUCT.md
  72. codereview.settings
  73. CPPLINT.cfg
  74. CRYPTO_OWNERS
  75. DEPS
  76. DIR_METADATA
  77. LICENSE
  78. LICENSE.chromium_os
  79. OWNERS
  80. PRESUBMIT.py
  81. PRESUBMIT_test.py
  82. PRESUBMIT_test_mocks.py
  83. README.md
  84. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.