libweave: Remove use of chromeos::Blob and chromeos::SecureBlob Replaced with std::vector<uint8_t> BUG=brillo:1257 TEST=`FEATURES=test emerge-gizmo libweave buffet` Change-Id: I4ba2c23d84cb50815da056b1d75d322d8b365846 Reviewed-on: https://chromium-review.googlesource.com/293611 Reviewed-by: Vitaly Buka <vitalybuka@chromium.org> Commit-Queue: Vitaly Buka <vitalybuka@chromium.org> Tested-by: Vitaly Buka <vitalybuka@chromium.org>
diff --git a/libweave/include/weave/http_server.h b/libweave/include/weave/http_server.h index 59e7542..9e5f276 100644 --- a/libweave/include/weave/http_server.h +++ b/libweave/include/weave/http_server.h
@@ -8,8 +8,6 @@ #include <string> #include <vector> -#include <chromeos/secure_blob.h> - #include <base/callback.h> namespace weave { @@ -46,7 +44,8 @@ virtual uint16_t GetHttpPort() const = 0; virtual uint16_t GetHttpsPort() const = 0; - virtual const chromeos::Blob& GetHttpsCertificateFingerprint() const = 0; + virtual const std::vector<uint8_t>& GetHttpsCertificateFingerprint() + const = 0; protected: virtual ~HttpServer() = default;
diff --git a/libweave/src/data_encoding.cc b/libweave/src/data_encoding.cc index 817cbfc..419e2d4 100644 --- a/libweave/src/data_encoding.cc +++ b/libweave/src/data_encoding.cc
@@ -122,7 +122,7 @@ return wrapped; } -bool Base64Decode(const std::string& input, chromeos::Blob* output) { +bool Base64Decode(const std::string& input, std::vector<uint8_t>* output) { std::string temp_buffer; const std::string* data = &input; if (input.find_first_of("\r\n") != std::string::npos) {
diff --git a/libweave/src/data_encoding.h b/libweave/src/data_encoding.h index ff6973d..f952fa1 100644 --- a/libweave/src/data_encoding.h +++ b/libweave/src/data_encoding.h
@@ -9,8 +9,6 @@ #include <utility> #include <vector> -#include <chromeos/secure_blob.h> - namespace weave { using WebParamList = std::vector<std::pair<std::string, std::string>>; @@ -49,14 +47,14 @@ std::string Base64EncodeWrapLines(const void* data, size_t size); // Decodes the input string from Base64. -bool Base64Decode(const std::string& input, chromeos::Blob* output); +bool Base64Decode(const std::string& input, std::vector<uint8_t>* output); -// Helper wrappers to use std::string and chromeos::Blob as binary data +// Helper wrappers to use std::string and std::vector<uint8_t> as binary data // containers. -inline std::string Base64Encode(const chromeos::Blob& input) { +inline std::string Base64Encode(const std::vector<uint8_t>& input) { return Base64Encode(input.data(), input.size()); } -inline std::string Base64EncodeWrapLines(const chromeos::Blob& input) { +inline std::string Base64EncodeWrapLines(const std::vector<uint8_t>& input) { return Base64EncodeWrapLines(input.data(), input.size()); } inline std::string Base64Encode(const std::string& input) { @@ -66,7 +64,7 @@ return Base64EncodeWrapLines(input.data(), input.size()); } inline bool Base64Decode(const std::string& input, std::string* output) { - chromeos::Blob blob; + std::vector<uint8_t> blob; if (!Base64Decode(input, &blob)) return false; *output = std::string{blob.begin(), blob.end()};
diff --git a/libweave/src/data_encoding_unittest.cc b/libweave/src/data_encoding_unittest.cc index 28d6b85..76265cd 100644 --- a/libweave/src/data_encoding_unittest.cc +++ b/libweave/src/data_encoding_unittest.cc
@@ -52,7 +52,7 @@ "RlZ2VyIGVyYXQgaXBzdW0sIGludGVnZXIgbW9sZXN0aWUsIGFyY3UgaW4sIHNpdCBtYXVya" "XMgYWMgYSBzZWQgc2l0IGV0aWFtLg=="; - chromeos::Blob data3(256); + std::vector<uint8_t> data3(256); std::iota(data3.begin(), data3.end(), 0); // Fills the buffer with 0x00-0xFF. const std::string encoded3 = "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ" @@ -80,7 +80,7 @@ "bmNpZHVudCBpbnRlZ2VyIGVyYXQgaXBzdW0sIGludGVnZXIgbW9sZXN0aWUsIGFy\n" "Y3UgaW4sIHNpdCBtYXVyaXMgYWMgYSBzZWQgc2l0IGV0aWFtLg==\n"; - chromeos::Blob data3(256); + std::vector<uint8_t> data3(256); std::iota(data3.begin(), data3.end(), 0); // Fills the buffer with 0x00-0xFF. const std::string encoded3 = "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n" @@ -115,7 +115,7 @@ "prbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en" "6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU" "1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w=="; - chromeos::Blob decoded3(256); + std::vector<uint8_t> decoded3(256); std::iota(decoded3.begin(), decoded3.end(), 0); // Fill with 0x00..0xFF. std::string decoded; @@ -125,7 +125,7 @@ EXPECT_TRUE(Base64Decode(encoded2, &decoded)); EXPECT_EQ(decoded2, decoded); - chromeos::Blob decoded_blob; + std::vector<uint8_t> decoded_blob; EXPECT_TRUE(Base64Decode(encoded3, &decoded_blob)); EXPECT_EQ(decoded3, decoded_blob); @@ -133,10 +133,10 @@ EXPECT_TRUE(decoded_blob.empty()); EXPECT_TRUE(Base64Decode("/w==", &decoded_blob)); - EXPECT_EQ((chromeos::Blob{0xFF}), decoded_blob); + EXPECT_EQ((std::vector<uint8_t>{0xFF}), decoded_blob); EXPECT_TRUE(Base64Decode("//8=", &decoded_blob)); - EXPECT_EQ((chromeos::Blob{0xFF, 0xFF}), decoded_blob); + EXPECT_EQ((std::vector<uint8_t>{0xFF, 0xFF}), decoded_blob); EXPECT_FALSE(Base64Decode("AAECAwQFB,cI", &decoded_blob)); EXPECT_TRUE(decoded_blob.empty());
diff --git a/libweave/src/notification/xmpp_channel.cc b/libweave/src/notification/xmpp_channel.cc index 2715dd9..de0ba44 100644 --- a/libweave/src/notification/xmpp_channel.cc +++ b/libweave/src/notification/xmpp_channel.cc
@@ -6,6 +6,7 @@ #include <string> +#include <base/base64.h> #include <base/bind.h> #include <weave/network.h> #include <weave/task_runner.h> @@ -15,6 +16,7 @@ #include "libweave/src/notification/notification_delegate.h" #include "libweave/src/notification/notification_parser.h" #include "libweave/src/notification/xml_node.h" +#include "libweave/src/privet/openssl_utils.h" #include "libweave/src/utils.h" namespace weave { @@ -29,7 +31,7 @@ std::string BuildXmppAuthenticateCommand(const std::string& account, const std::string& token) { - chromeos::Blob credentials; + std::vector<uint8_t> credentials; credentials.push_back(0); credentials.insert(credentials.end(), account.begin(), account.end()); credentials.push_back(0);
diff --git a/libweave/src/privet/openssl_utils.cc b/libweave/src/privet/openssl_utils.cc index 910b722..a7a4137 100644 --- a/libweave/src/privet/openssl_utils.cc +++ b/libweave/src/privet/openssl_utils.cc
@@ -14,9 +14,9 @@ namespace weave { namespace privet { -chromeos::Blob HmacSha256(const chromeos::SecureBlob& key, - const chromeos::Blob& data) { - chromeos::Blob mac(kSha256OutputSize); +std::vector<uint8_t> HmacSha256(const std::vector<uint8_t>& key, + const std::vector<uint8_t>& data) { + std::vector<uint8_t> mac(kSha256OutputSize); uint32_t len = 0; CHECK(HMAC(EVP_sha256(), key.data(), key.size(), data.data(), data.size(), mac.data(), &len));
diff --git a/libweave/src/privet/openssl_utils.h b/libweave/src/privet/openssl_utils.h index bd7e637..0206681 100644 --- a/libweave/src/privet/openssl_utils.h +++ b/libweave/src/privet/openssl_utils.h
@@ -8,16 +8,13 @@ #include <string> #include <vector> -#include <chromeos/secure_blob.h> - namespace weave { namespace privet { const size_t kSha256OutputSize = 32; -chromeos::Blob HmacSha256(const chromeos::SecureBlob& key, - const chromeos::Blob& data); - +std::vector<uint8_t> HmacSha256(const std::vector<uint8_t>& key, + const std::vector<uint8_t>& data); } // namespace privet } // namespace weave
diff --git a/libweave/src/privet/security_delegate.h b/libweave/src/privet/security_delegate.h index d82ef4a..e168a87 100644 --- a/libweave/src/privet/security_delegate.h +++ b/libweave/src/privet/security_delegate.h
@@ -10,7 +10,6 @@ #include <string> #include <base/time/time.h> -#include <chromeos/secure_blob.h> #include <weave/privet.h> #include "libweave/src/privet/privet_types.h"
diff --git a/libweave/src/privet/security_manager.cc b/libweave/src/privet/security_manager.cc index 5888b41..2125744 100644 --- a/libweave/src/privet/security_manager.cc +++ b/libweave/src/privet/security_manager.cc
@@ -157,24 +157,25 @@ // Returns "base64([hmac]scope:id:time)". std::string SecurityManager::CreateAccessToken(const UserInfo& user_info, const base::Time& time) { - chromeos::SecureBlob data(CreateTokenData(user_info, time)); - chromeos::Blob hash(HmacSha256(secret_, data)); - return Base64Encode(chromeos::SecureBlob::Combine( - chromeos::SecureBlob(hash.begin(), hash.end()), data)); + std::string data_str{CreateTokenData(user_info, time)}; + std::vector<uint8_t> data{data_str.begin(), data_str.end()}; + std::vector<uint8_t> hash{HmacSha256(secret_, data)}; + hash.insert(hash.end(), data.begin(), data.end()); + return Base64Encode(hash); } // Parses "base64([hmac]scope:id:time)". UserInfo SecurityManager::ParseAccessToken(const std::string& token, base::Time* time) const { - chromeos::Blob decoded; + std::vector<uint8_t> decoded; if (!Base64Decode(token, &decoded) || decoded.size() <= kSha256OutputSize) { return UserInfo{}; } - chromeos::SecureBlob data(decoded.begin() + kSha256OutputSize, decoded.end()); + std::vector<uint8_t> data(decoded.begin() + kSha256OutputSize, decoded.end()); decoded.resize(kSha256OutputSize); if (decoded != HmacSha256(secret_, data)) return UserInfo{}; - return SplitTokenData(data.to_string(), time); + return SplitTokenData(std::string(data.begin(), data.end()), time); } std::set<PairingType> SecurityManager::GetPairingTypes() const { @@ -191,13 +192,15 @@ bool SecurityManager::IsValidPairingCode(const std::string& auth_code) const { if (is_security_disabled_) return true; - chromeos::Blob auth_decoded; + std::vector<uint8_t> auth_decoded; if (!Base64Decode(auth_code, &auth_decoded)) return false; for (const auto& session : confirmed_sessions_) { + const std::string& key = session.second->GetKey(); + const std::string& id = session.first; if (auth_decoded == - HmacSha256(chromeos::SecureBlob{session.second->GetKey()}, - chromeos::SecureBlob{session.first})) { + HmacSha256(std::vector<uint8_t>(key.begin(), key.end()), + std::vector<uint8_t>(id.begin(), id.end()))) { pairing_attemts_ = 0; block_pairing_until_ = base::Time{}; return true; @@ -317,7 +320,7 @@ } CHECK(!certificate_fingerprint_.empty()); - chromeos::Blob commitment; + std::vector<uint8_t> commitment; if (!Base64Decode(client_commitment, &commitment)) { ClosePendingSession(session_id); chromeos::Error::AddToPrintf( @@ -335,13 +338,12 @@ return false; } - std::string key = session->second->GetKey(); + const std::string& key = session->second->GetKey(); VLOG(3) << "KEY " << base::HexEncode(key.data(), key.size()); *fingerprint = Base64Encode(certificate_fingerprint_); - chromeos::Blob cert_hmac = - HmacSha256(chromeos::SecureBlob(session->second->GetKey()), - certificate_fingerprint_); + std::vector<uint8_t> cert_hmac = HmacSha256( + std::vector<uint8_t>(key.begin(), key.end()), certificate_fingerprint_); *signature = Base64Encode(cert_hmac); confirmed_sessions_.emplace(session->first, std::move(session->second)); task_runner_->PostDelayedTask(
diff --git a/libweave/src/privet/security_manager.h b/libweave/src/privet/security_manager.h index 5afeac5..3beacb6 100644 --- a/libweave/src/privet/security_manager.h +++ b/libweave/src/privet/security_manager.h
@@ -15,7 +15,6 @@ #include <base/files/file_path.h> #include <base/memory/weak_ptr.h> #include <chromeos/errors/error.h> -#include <chromeos/secure_blob.h> #include "libweave/src/privet/security_delegate.h" @@ -80,7 +79,7 @@ void RegisterPairingListeners(const PairingStartListener& on_start, const PairingEndListener& on_end); - void SetCertificateFingerprint(const chromeos::Blob& fingerprint) { + void SetCertificateFingerprint(const std::vector<uint8_t>& fingerprint) { certificate_fingerprint_ = fingerprint; } @@ -102,8 +101,8 @@ std::map<std::string, std::unique_ptr<KeyExchanger>> confirmed_sessions_; mutable int pairing_attemts_{0}; mutable base::Time block_pairing_until_; - chromeos::SecureBlob secret_; - chromeos::Blob certificate_fingerprint_; + std::vector<uint8_t> secret_; + std::vector<uint8_t> certificate_fingerprint_; PairingStartListener on_start_; PairingEndListener on_end_;
diff --git a/libweave/src/privet/security_manager_unittest.cc b/libweave/src/privet/security_manager_unittest.cc index 44e01cf..a6ea288 100644 --- a/libweave/src/privet/security_manager_unittest.cc +++ b/libweave/src/privet/security_manager_unittest.cc
@@ -66,7 +66,7 @@ class SecurityManagerTest : public testing::Test { public: void SetUp() override { - chromeos::Blob fingerprint; + std::vector<uint8_t> fingerprint; fingerprint.resize(256 / 8); base::RandBytes(fingerprint.data(), fingerprint.size()); security_.SetCertificateFingerprint(fingerprint); @@ -99,14 +99,15 @@ EXPECT_TRUE(IsBase64(*fingerprint)); EXPECT_TRUE(IsBase64(*signature)); - chromeos::Blob device_commitment; + std::vector<uint8_t> device_commitment; ASSERT_TRUE(Base64Decode(device_commitment_base64, &device_commitment)); spake.ProcessMessage( chromeos::string_utils::GetBytesAsString(device_commitment)); - chromeos::Blob auth_code{ - HmacSha256(chromeos::SecureBlob{spake.GetUnverifiedKey()}, - chromeos::SecureBlob{session_id})}; + const std::string& key = spake.GetUnverifiedKey(); + std::vector<uint8_t> auth_code{ + HmacSha256(std::vector<uint8_t>{key.begin(), key.end()}, + std::vector<uint8_t>{session_id.begin(), session_id.end()})}; std::string auth_code_base64{Base64Encode(auth_code)};