diff options
| author | Hardik Goyal <hardikgoyal@google.com> | 2020-07-15 09:39:27 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-07-23 11:13:07 +0000 |
| commit | 9d4a014d5ea2e68d1d52c8aa26ab277701a11098 (patch) | |
| tree | 5d980087745e2e8fe4d601131c4efea2af528d42 | |
| parent | 412876512162395e24ce081619210cb7b40ebaf2 (diff) | |
| download | platform_external_libbrillo-9d4a014d5ea2e68d1d52c8aa26ab277701a11098.tar.gz platform_external_libbrillo-9d4a014d5ea2e68d1d52c8aa26ab277701a11098.tar.bz2 platform_external_libbrillo-9d4a014d5ea2e68d1d52c8aa26ab277701a11098.zip | |
libbrillo: Add SanitizeUserNameWithSalt and tests
BUG=chromium:1084608
TEST=FEATURES=test emerge-${BOARD} libbrillo
Change-Id: Ia7098c9b4b5eb430927e192d55572f51f947976e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2299655
Tested-by: Hardik Goyal <hardikgoyal@chromium.org>
Commit-Queue: Mike Frysinger <vapier@chromium.org>
Auto-Submit: Hardik Goyal <hardikgoyal@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Cr-Mirrored-From: https://chromium.googlesource.com/chromiumos/platform2
Cr-Mirrored-Commit: d5a819ee61929c1958bf0fdcc9b0be93275a907e
| -rw-r--r-- | BUILD.gn | 6 | ||||
| -rw-r--r-- | brillo/cryptohome.cc | 7 | ||||
| -rw-r--r-- | brillo/cryptohome.h | 6 | ||||
| -rw-r--r-- | brillo/cryptohome_test.cc | 37 |
4 files changed, 54 insertions, 2 deletions
@@ -166,7 +166,10 @@ libbrillo_sublibs = [ { library_name = "brillo-cryptohome" all_dependent_pkg_deps = [ "openssl" ] - sources = [ "brillo/cryptohome.cc" ] + sources = [ + "brillo/cryptohome.cc", + "brillo/secure_blob.cc", + ] }, { @@ -475,6 +478,7 @@ if (use.test) { "brillo/asynchronous_signal_handler_test.cc", "brillo/backoff_entry_test.cc", "brillo/blkdev_utils/loop_device_test.cc", + "brillo/cryptohome_test.cc", "brillo/data_encoding_test.cc", "brillo/enum_flags_test.cc", "brillo/errors/error_codes_test.cc", diff --git a/brillo/cryptohome.cc b/brillo/cryptohome.cc index a0512e7..134f07b 100644 --- a/brillo/cryptohome.cc +++ b/brillo/cryptohome.cc @@ -76,13 +76,18 @@ std::string SanitizeUserName(const std::string& username) { if (!EnsureSystemSaltIsLoaded()) return std::string(); + return SanitizeUserNameWithSalt(username, SecureBlob(*salt)); +} + +std::string SanitizeUserNameWithSalt(const std::string& username, + const SecureBlob& salt) { unsigned char binmd[SHA_DIGEST_LENGTH]; std::string lowercase(username); std::transform( lowercase.begin(), lowercase.end(), lowercase.begin(), ::tolower); SHA_CTX ctx; SHA1_Init(&ctx); - SHA1_Update(&ctx, salt->data(), salt->size()); + SHA1_Update(&ctx, salt.data(), salt.size()); SHA1_Update(&ctx, lowercase.data(), lowercase.size()); SHA1_Final(binmd, &ctx); std::string final = base::HexEncode(binmd, sizeof(binmd)); diff --git a/brillo/cryptohome.h b/brillo/cryptohome.h index e5c9993..9ef1829 100644 --- a/brillo/cryptohome.h +++ b/brillo/cryptohome.h @@ -9,6 +9,7 @@ #include <base/files/file_path.h> #include <brillo/brillo_export.h> +#include <brillo/secure_blob.h> namespace brillo { namespace cryptohome { @@ -59,6 +60,11 @@ BRILLO_EXPORT bool IsSanitizedUserName(const std::string& sanitized); // SanitizeUserName(y). BRILLO_EXPORT std::string SanitizeUserName(const std::string& username); +// Returns a sanitized form of |username| with the salt provided. For x != y, +// SanitizeUserName(x) != SanitizeUserName(y). +BRILLO_EXPORT std::string SanitizeUserNameWithSalt(const std::string& username, + const SecureBlob& salt); + // Overrides the common prefix under which the mount points for user homes are // created. This is used for testing only. BRILLO_EXPORT void SetUserHomePrefix(const std::string& prefix); diff --git a/brillo/cryptohome_test.cc b/brillo/cryptohome_test.cc new file mode 100644 index 0000000..a85105c --- /dev/null +++ b/brillo/cryptohome_test.cc @@ -0,0 +1,37 @@ +// Copyright 2020 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include <brillo/cryptohome.h> + +#include <algorithm> +#include <numeric> + +#include <brillo/secure_blob.h> +#include <gtest/gtest.h> + +namespace brillo { + +namespace cryptohome { + +namespace home { + +TEST(cryptohome, SanitzeUsername) { + std::string username = "fakeuser"; + SecureBlob salt = SecureBlob("01234567890123456789"); + + EXPECT_EQ("856b54169cd5d2d6ca9a4b258ada5e3bee242829", + SanitizeUserNameWithSalt(username, salt)); +} + +TEST(cryptohome, SanitzeUsernameMixedCase) { + std::string username = "fakeuser"; + SecureBlob salt = SecureBlob("01234567890123456789"); + + EXPECT_EQ("856b54169cd5d2d6ca9a4b258ada5e3bee242829", + SanitizeUserNameWithSalt(username, salt)); +} + +} // namespace home +} // namespace cryptohome +} // namespace brillo |