libweave: Remove use of chromeos::Blob and chromeos::SecureBlob
Replaced with std::vector<uint8_t>
BUG=brillo:1257
TEST=`FEATURES=test emerge-gizmo libweave buffet`
Change-Id: I4ba2c23d84cb50815da056b1d75d322d8b365846
Reviewed-on: https://chromium-review.googlesource.com/293611
Reviewed-by: Vitaly Buka <vitalybuka@chromium.org>
Commit-Queue: Vitaly Buka <vitalybuka@chromium.org>
Tested-by: Vitaly Buka <vitalybuka@chromium.org>
diff --git a/libweave/include/weave/http_server.h b/libweave/include/weave/http_server.h
index 59e7542..9e5f276 100644
--- a/libweave/include/weave/http_server.h
+++ b/libweave/include/weave/http_server.h
@@ -8,8 +8,6 @@
#include <string>
#include <vector>
-#include <chromeos/secure_blob.h>
-
#include <base/callback.h>
namespace weave {
@@ -46,7 +44,8 @@
virtual uint16_t GetHttpPort() const = 0;
virtual uint16_t GetHttpsPort() const = 0;
- virtual const chromeos::Blob& GetHttpsCertificateFingerprint() const = 0;
+ virtual const std::vector<uint8_t>& GetHttpsCertificateFingerprint()
+ const = 0;
protected:
virtual ~HttpServer() = default;
diff --git a/libweave/src/data_encoding.cc b/libweave/src/data_encoding.cc
index 817cbfc..419e2d4 100644
--- a/libweave/src/data_encoding.cc
+++ b/libweave/src/data_encoding.cc
@@ -122,7 +122,7 @@
return wrapped;
}
-bool Base64Decode(const std::string& input, chromeos::Blob* output) {
+bool Base64Decode(const std::string& input, std::vector<uint8_t>* output) {
std::string temp_buffer;
const std::string* data = &input;
if (input.find_first_of("\r\n") != std::string::npos) {
diff --git a/libweave/src/data_encoding.h b/libweave/src/data_encoding.h
index ff6973d..f952fa1 100644
--- a/libweave/src/data_encoding.h
+++ b/libweave/src/data_encoding.h
@@ -9,8 +9,6 @@
#include <utility>
#include <vector>
-#include <chromeos/secure_blob.h>
-
namespace weave {
using WebParamList = std::vector<std::pair<std::string, std::string>>;
@@ -49,14 +47,14 @@
std::string Base64EncodeWrapLines(const void* data, size_t size);
// Decodes the input string from Base64.
-bool Base64Decode(const std::string& input, chromeos::Blob* output);
+bool Base64Decode(const std::string& input, std::vector<uint8_t>* output);
-// Helper wrappers to use std::string and chromeos::Blob as binary data
+// Helper wrappers to use std::string and std::vector<uint8_t> as binary data
// containers.
-inline std::string Base64Encode(const chromeos::Blob& input) {
+inline std::string Base64Encode(const std::vector<uint8_t>& input) {
return Base64Encode(input.data(), input.size());
}
-inline std::string Base64EncodeWrapLines(const chromeos::Blob& input) {
+inline std::string Base64EncodeWrapLines(const std::vector<uint8_t>& input) {
return Base64EncodeWrapLines(input.data(), input.size());
}
inline std::string Base64Encode(const std::string& input) {
@@ -66,7 +64,7 @@
return Base64EncodeWrapLines(input.data(), input.size());
}
inline bool Base64Decode(const std::string& input, std::string* output) {
- chromeos::Blob blob;
+ std::vector<uint8_t> blob;
if (!Base64Decode(input, &blob))
return false;
*output = std::string{blob.begin(), blob.end()};
diff --git a/libweave/src/data_encoding_unittest.cc b/libweave/src/data_encoding_unittest.cc
index 28d6b85..76265cd 100644
--- a/libweave/src/data_encoding_unittest.cc
+++ b/libweave/src/data_encoding_unittest.cc
@@ -52,7 +52,7 @@
"RlZ2VyIGVyYXQgaXBzdW0sIGludGVnZXIgbW9sZXN0aWUsIGFyY3UgaW4sIHNpdCBtYXVya"
"XMgYWMgYSBzZWQgc2l0IGV0aWFtLg==";
- chromeos::Blob data3(256);
+ std::vector<uint8_t> data3(256);
std::iota(data3.begin(), data3.end(), 0); // Fills the buffer with 0x00-0xFF.
const std::string encoded3 =
"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ"
@@ -80,7 +80,7 @@
"bmNpZHVudCBpbnRlZ2VyIGVyYXQgaXBzdW0sIGludGVnZXIgbW9sZXN0aWUsIGFy\n"
"Y3UgaW4sIHNpdCBtYXVyaXMgYWMgYSBzZWQgc2l0IGV0aWFtLg==\n";
- chromeos::Blob data3(256);
+ std::vector<uint8_t> data3(256);
std::iota(data3.begin(), data3.end(), 0); // Fills the buffer with 0x00-0xFF.
const std::string encoded3 =
"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4v\n"
@@ -115,7 +115,7 @@
"prbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en"
"6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU"
"1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w==";
- chromeos::Blob decoded3(256);
+ std::vector<uint8_t> decoded3(256);
std::iota(decoded3.begin(), decoded3.end(), 0); // Fill with 0x00..0xFF.
std::string decoded;
@@ -125,7 +125,7 @@
EXPECT_TRUE(Base64Decode(encoded2, &decoded));
EXPECT_EQ(decoded2, decoded);
- chromeos::Blob decoded_blob;
+ std::vector<uint8_t> decoded_blob;
EXPECT_TRUE(Base64Decode(encoded3, &decoded_blob));
EXPECT_EQ(decoded3, decoded_blob);
@@ -133,10 +133,10 @@
EXPECT_TRUE(decoded_blob.empty());
EXPECT_TRUE(Base64Decode("/w==", &decoded_blob));
- EXPECT_EQ((chromeos::Blob{0xFF}), decoded_blob);
+ EXPECT_EQ((std::vector<uint8_t>{0xFF}), decoded_blob);
EXPECT_TRUE(Base64Decode("//8=", &decoded_blob));
- EXPECT_EQ((chromeos::Blob{0xFF, 0xFF}), decoded_blob);
+ EXPECT_EQ((std::vector<uint8_t>{0xFF, 0xFF}), decoded_blob);
EXPECT_FALSE(Base64Decode("AAECAwQFB,cI", &decoded_blob));
EXPECT_TRUE(decoded_blob.empty());
diff --git a/libweave/src/notification/xmpp_channel.cc b/libweave/src/notification/xmpp_channel.cc
index 2715dd9..de0ba44 100644
--- a/libweave/src/notification/xmpp_channel.cc
+++ b/libweave/src/notification/xmpp_channel.cc
@@ -6,6 +6,7 @@
#include <string>
+#include <base/base64.h>
#include <base/bind.h>
#include <weave/network.h>
#include <weave/task_runner.h>
@@ -15,6 +16,7 @@
#include "libweave/src/notification/notification_delegate.h"
#include "libweave/src/notification/notification_parser.h"
#include "libweave/src/notification/xml_node.h"
+#include "libweave/src/privet/openssl_utils.h"
#include "libweave/src/utils.h"
namespace weave {
@@ -29,7 +31,7 @@
std::string BuildXmppAuthenticateCommand(const std::string& account,
const std::string& token) {
- chromeos::Blob credentials;
+ std::vector<uint8_t> credentials;
credentials.push_back(0);
credentials.insert(credentials.end(), account.begin(), account.end());
credentials.push_back(0);
diff --git a/libweave/src/privet/openssl_utils.cc b/libweave/src/privet/openssl_utils.cc
index 910b722..a7a4137 100644
--- a/libweave/src/privet/openssl_utils.cc
+++ b/libweave/src/privet/openssl_utils.cc
@@ -14,9 +14,9 @@
namespace weave {
namespace privet {
-chromeos::Blob HmacSha256(const chromeos::SecureBlob& key,
- const chromeos::Blob& data) {
- chromeos::Blob mac(kSha256OutputSize);
+std::vector<uint8_t> HmacSha256(const std::vector<uint8_t>& key,
+ const std::vector<uint8_t>& data) {
+ std::vector<uint8_t> mac(kSha256OutputSize);
uint32_t len = 0;
CHECK(HMAC(EVP_sha256(), key.data(), key.size(), data.data(), data.size(),
mac.data(), &len));
diff --git a/libweave/src/privet/openssl_utils.h b/libweave/src/privet/openssl_utils.h
index bd7e637..0206681 100644
--- a/libweave/src/privet/openssl_utils.h
+++ b/libweave/src/privet/openssl_utils.h
@@ -8,16 +8,13 @@
#include <string>
#include <vector>
-#include <chromeos/secure_blob.h>
-
namespace weave {
namespace privet {
const size_t kSha256OutputSize = 32;
-chromeos::Blob HmacSha256(const chromeos::SecureBlob& key,
- const chromeos::Blob& data);
-
+std::vector<uint8_t> HmacSha256(const std::vector<uint8_t>& key,
+ const std::vector<uint8_t>& data);
} // namespace privet
} // namespace weave
diff --git a/libweave/src/privet/security_delegate.h b/libweave/src/privet/security_delegate.h
index d82ef4a..e168a87 100644
--- a/libweave/src/privet/security_delegate.h
+++ b/libweave/src/privet/security_delegate.h
@@ -10,7 +10,6 @@
#include <string>
#include <base/time/time.h>
-#include <chromeos/secure_blob.h>
#include <weave/privet.h>
#include "libweave/src/privet/privet_types.h"
diff --git a/libweave/src/privet/security_manager.cc b/libweave/src/privet/security_manager.cc
index 5888b41..2125744 100644
--- a/libweave/src/privet/security_manager.cc
+++ b/libweave/src/privet/security_manager.cc
@@ -157,24 +157,25 @@
// Returns "base64([hmac]scope:id:time)".
std::string SecurityManager::CreateAccessToken(const UserInfo& user_info,
const base::Time& time) {
- chromeos::SecureBlob data(CreateTokenData(user_info, time));
- chromeos::Blob hash(HmacSha256(secret_, data));
- return Base64Encode(chromeos::SecureBlob::Combine(
- chromeos::SecureBlob(hash.begin(), hash.end()), data));
+ std::string data_str{CreateTokenData(user_info, time)};
+ std::vector<uint8_t> data{data_str.begin(), data_str.end()};
+ std::vector<uint8_t> hash{HmacSha256(secret_, data)};
+ hash.insert(hash.end(), data.begin(), data.end());
+ return Base64Encode(hash);
}
// Parses "base64([hmac]scope:id:time)".
UserInfo SecurityManager::ParseAccessToken(const std::string& token,
base::Time* time) const {
- chromeos::Blob decoded;
+ std::vector<uint8_t> decoded;
if (!Base64Decode(token, &decoded) || decoded.size() <= kSha256OutputSize) {
return UserInfo{};
}
- chromeos::SecureBlob data(decoded.begin() + kSha256OutputSize, decoded.end());
+ std::vector<uint8_t> data(decoded.begin() + kSha256OutputSize, decoded.end());
decoded.resize(kSha256OutputSize);
if (decoded != HmacSha256(secret_, data))
return UserInfo{};
- return SplitTokenData(data.to_string(), time);
+ return SplitTokenData(std::string(data.begin(), data.end()), time);
}
std::set<PairingType> SecurityManager::GetPairingTypes() const {
@@ -191,13 +192,15 @@
bool SecurityManager::IsValidPairingCode(const std::string& auth_code) const {
if (is_security_disabled_)
return true;
- chromeos::Blob auth_decoded;
+ std::vector<uint8_t> auth_decoded;
if (!Base64Decode(auth_code, &auth_decoded))
return false;
for (const auto& session : confirmed_sessions_) {
+ const std::string& key = session.second->GetKey();
+ const std::string& id = session.first;
if (auth_decoded ==
- HmacSha256(chromeos::SecureBlob{session.second->GetKey()},
- chromeos::SecureBlob{session.first})) {
+ HmacSha256(std::vector<uint8_t>(key.begin(), key.end()),
+ std::vector<uint8_t>(id.begin(), id.end()))) {
pairing_attemts_ = 0;
block_pairing_until_ = base::Time{};
return true;
@@ -317,7 +320,7 @@
}
CHECK(!certificate_fingerprint_.empty());
- chromeos::Blob commitment;
+ std::vector<uint8_t> commitment;
if (!Base64Decode(client_commitment, &commitment)) {
ClosePendingSession(session_id);
chromeos::Error::AddToPrintf(
@@ -335,13 +338,12 @@
return false;
}
- std::string key = session->second->GetKey();
+ const std::string& key = session->second->GetKey();
VLOG(3) << "KEY " << base::HexEncode(key.data(), key.size());
*fingerprint = Base64Encode(certificate_fingerprint_);
- chromeos::Blob cert_hmac =
- HmacSha256(chromeos::SecureBlob(session->second->GetKey()),
- certificate_fingerprint_);
+ std::vector<uint8_t> cert_hmac = HmacSha256(
+ std::vector<uint8_t>(key.begin(), key.end()), certificate_fingerprint_);
*signature = Base64Encode(cert_hmac);
confirmed_sessions_.emplace(session->first, std::move(session->second));
task_runner_->PostDelayedTask(
diff --git a/libweave/src/privet/security_manager.h b/libweave/src/privet/security_manager.h
index 5afeac5..3beacb6 100644
--- a/libweave/src/privet/security_manager.h
+++ b/libweave/src/privet/security_manager.h
@@ -15,7 +15,6 @@
#include <base/files/file_path.h>
#include <base/memory/weak_ptr.h>
#include <chromeos/errors/error.h>
-#include <chromeos/secure_blob.h>
#include "libweave/src/privet/security_delegate.h"
@@ -80,7 +79,7 @@
void RegisterPairingListeners(const PairingStartListener& on_start,
const PairingEndListener& on_end);
- void SetCertificateFingerprint(const chromeos::Blob& fingerprint) {
+ void SetCertificateFingerprint(const std::vector<uint8_t>& fingerprint) {
certificate_fingerprint_ = fingerprint;
}
@@ -102,8 +101,8 @@
std::map<std::string, std::unique_ptr<KeyExchanger>> confirmed_sessions_;
mutable int pairing_attemts_{0};
mutable base::Time block_pairing_until_;
- chromeos::SecureBlob secret_;
- chromeos::Blob certificate_fingerprint_;
+ std::vector<uint8_t> secret_;
+ std::vector<uint8_t> certificate_fingerprint_;
PairingStartListener on_start_;
PairingEndListener on_end_;
diff --git a/libweave/src/privet/security_manager_unittest.cc b/libweave/src/privet/security_manager_unittest.cc
index 44e01cf..a6ea288 100644
--- a/libweave/src/privet/security_manager_unittest.cc
+++ b/libweave/src/privet/security_manager_unittest.cc
@@ -66,7 +66,7 @@
class SecurityManagerTest : public testing::Test {
public:
void SetUp() override {
- chromeos::Blob fingerprint;
+ std::vector<uint8_t> fingerprint;
fingerprint.resize(256 / 8);
base::RandBytes(fingerprint.data(), fingerprint.size());
security_.SetCertificateFingerprint(fingerprint);
@@ -99,14 +99,15 @@
EXPECT_TRUE(IsBase64(*fingerprint));
EXPECT_TRUE(IsBase64(*signature));
- chromeos::Blob device_commitment;
+ std::vector<uint8_t> device_commitment;
ASSERT_TRUE(Base64Decode(device_commitment_base64, &device_commitment));
spake.ProcessMessage(
chromeos::string_utils::GetBytesAsString(device_commitment));
- chromeos::Blob auth_code{
- HmacSha256(chromeos::SecureBlob{spake.GetUnverifiedKey()},
- chromeos::SecureBlob{session_id})};
+ const std::string& key = spake.GetUnverifiedKey();
+ std::vector<uint8_t> auth_code{
+ HmacSha256(std::vector<uint8_t>{key.begin(), key.end()},
+ std::vector<uint8_t>{session_id.begin(), session_id.end()})};
std::string auth_code_base64{Base64Encode(auth_code)};
