Delete EncryptionKeyCreationUtil class.
The metrics is collected. No follow-up is planned.
Bug: 1037179,791541
Change-Id: I4db51f2595761fcff3a68abf7d912950112c42c5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2004993
Commit-Queue: Vasilii Sukhanov <[email protected]>
Reviewed-by: Christos Froussios <[email protected]>
Reviewed-by: Ilya Sherman <[email protected]>
Cr-Commit-Position: refs/heads/master@{#732823}
diff --git a/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc b/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc
index ab0f64b..5db145d 100644
--- a/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc
+++ b/chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.cc
@@ -146,7 +146,6 @@
#endif // defined(OS_CHROMEOS)
#if defined(OS_MACOSX)
-#include "components/os_crypt/os_crypt_pref_names_mac.h"
#include "device/fido/mac/credential_store.h"
#endif // defined(OS_MACOSX)
diff --git a/chrome/browser/chrome_browser_main_mac.mm b/chrome/browser/chrome_browser_main_mac.mm
index 8a40acb..d5d6cca 100644
--- a/chrome/browser/chrome_browser_main_mac.mm
+++ b/chrome/browser/chrome_browser_main_mac.mm
@@ -138,9 +138,6 @@
PrefService* local_state = g_browser_process->local_state();
DCHECK(local_state);
- // Initialize the OSCrypt.
- OSCrypt::Init(local_state);
-
// AppKit only restores windows to their original spaces when relaunching
// apps after a restart, and puts them all on the current space when an app
// is manually quit and relaunched. If Chrome restarted itself, ask AppKit to
diff --git a/chrome/browser/prefs/browser_prefs.cc b/chrome/browser/prefs/browser_prefs.cc
index 330f0981..3d7f841 100644
--- a/chrome/browser/prefs/browser_prefs.cc
+++ b/chrome/browser/prefs/browser_prefs.cc
@@ -516,6 +516,11 @@
const char kBlacklistedCredentialsNormalized[] =
"profile.blacklisted_credentials_normalized";
+// Deprecated 1/2020
+#if defined(OS_MACOSX)
+const char kKeyCreated[] = "os_crypt.key_created";
+#endif // defined(OS_MACOSX)
+
// Register prefs used only for migration (clearing or moving to a new key).
void RegisterProfilePrefsForMigration(
user_prefs::PrefRegistrySyncable* registry) {
@@ -737,9 +742,10 @@
QuitWithAppsController::RegisterPrefs(registry);
system_media_permissions::RegisterSystemMediaPermissionStatesPrefs(registry);
AppShimRegistry::Get()->RegisterLocalPrefs(registry);
+ registry->RegisterBooleanPref(kKeyCreated, false);
#endif
-#if defined(OS_WIN) || defined(OS_MACOSX)
+#if defined(OS_WIN)
OSCrypt::RegisterLocalPrefs(registry);
#endif
@@ -1076,6 +1082,14 @@
local_state->ClearPref(kLastStartupTimestamp);
local_state->ClearPref(kLastStartupVersion);
local_state->ClearPref(kSameVersionStartupCount);
+
+ // Added 1/2019
+ local_state->ClearPref(kLastStartupTimestamp);
+
+ // Added 1/2020
+#if defined(OS_MACOSX)
+ local_state->ClearPref(kKeyCreated);
+#endif // defined(OS_MACOSX)
}
// This method should be periodically pruned of year+ old migrations.
diff --git a/components/os_crypt/BUILD.gn b/components/os_crypt/BUILD.gn
index 0a35a9b6..36fbda0 100644
--- a/components/os_crypt/BUILD.gn
+++ b/components/os_crypt/BUILD.gn
@@ -32,16 +32,10 @@
component("os_crypt") {
sources = [
- "encryption_key_creation_util_ios.cc",
- "encryption_key_creation_util_ios.h",
- "encryption_key_creation_util_mac.cc",
- "encryption_key_creation_util_mac.h",
"keychain_password_mac.h",
"keychain_password_mac.mm",
"os_crypt.h",
"os_crypt_mac.mm",
- "os_crypt_pref_names_mac.cc",
- "os_crypt_pref_names_mac.h",
"os_crypt_switches.cc",
"os_crypt_switches.h",
"os_crypt_win.cc",
@@ -74,11 +68,6 @@
set_sources_assignment_filter(sources_assignment_filter)
}
- if (is_ios || is_mac) {
- sources += [ "encryption_key_creation_util.h" ]
- libs = [ "CoreFoundation.framework" ]
- }
-
if (is_win) {
libs = [ "crypt32.lib" ]
}
diff --git a/components/os_crypt/encryption_key_creation_util.h b/components/os_crypt/encryption_key_creation_util.h
deleted file mode 100644
index e171ab3..0000000
--- a/components/os_crypt/encryption_key_creation_util.h
+++ /dev/null
@@ -1,80 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_H_
-#define COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_H_
-
-#include "base/component_export.h"
-
-namespace crypto {
-class AppleKeychain;
-}
-
-namespace os_crypt {
-
-// An interface for the utility that logs statistics on the encryption key on
-// Mac.
-// This class is used on Mac and iOS, but does nothing on iOS. The object for
-// the Mac class has to be created on the main thread.
-class EncryptionKeyCreationUtil {
- public:
- // The action that is taken by KeychainPassword::GetPassword method.
- // This enum is used for reporting metrics.
- enum class GetKeyAction {
- // Key was found in the Keychain and the preference that it was created in
- // the past is set.
- kKeyFound = 0,
- // Key was found in the Keychain, but the preference that it was created in
- // the past was not set.
- kKeyFoundFirstTime = 1,
- kOverwritingPrevented_OBSOLETE = 2,
- // Key was added to the Keychain and the preference is set.
- kNewKeyAddedToKeychain = 3,
- // Some other error occurred during lookup.
- kKeychainLookupFailed = 4,
- // The preference was set but a new key was added to the Keychain.
- kKeyPotentiallyOverwritten = 5,
- // The preference was set but a new key was not created due to an error.
- kKeyOverwriteFailed = 6,
- // A new key should be created but an error occured.
- kNewKeyAddError = 7,
- kMaxValue = kNewKeyAddError,
- };
-
- // Result of FindGenericPassword. This enum is used for reporting metrics.
- // These values are persisted to logs. Entries should not be renumbered and
- // numeric values should never be reused.
- enum class FindPasswordResult {
- kOtherError = 0,
- kFound = 1,
- kNotFound = 2,
- kMaxValue = kNotFound,
- };
-
- virtual ~EncryptionKeyCreationUtil() = default;
-
- // This method is called when the encryption key is successfully retrieved
- // from the Keychain. If this is called for the very first time, it
- // asynchronously updates the preference on the main thread that the key was
- // created. This method doesn't need to be called on the main thread.
- virtual void OnKeyWasFound() = 0;
-
- // Called when the encryption key was not in the Keychain just before a new
- // key is stored. This method doesn't need to be called on the main thread.
- virtual void OnKeyNotFound(const crypto::AppleKeychain& keychain) = 0;
-
- // Called when the encryption key was not in the Keychain. |new_key_stored|
- // is true iff a new key was stored successfully. This method doesn't need to
- // be called on the main thread.
- virtual void OnKeyStored(bool new_key_stored) = 0;
-
- // This method is called when the Keychain returns error other than
- // errSecItemNotFound (e.g., user is not authorized to use Keychain, or
- // Keychain is unavailable for some other reasons).
- virtual void OnKeychainLookupFailed(int error) = 0;
-};
-
-} // namespace os_crypt
-
-#endif // COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_H_
diff --git a/components/os_crypt/encryption_key_creation_util_ios.cc b/components/os_crypt/encryption_key_creation_util_ios.cc
deleted file mode 100644
index 9b31dc7..0000000
--- a/components/os_crypt/encryption_key_creation_util_ios.cc
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/os_crypt/encryption_key_creation_util_ios.h"
-
-namespace os_crypt {
-
-EncryptionKeyCreationUtilIOS::EncryptionKeyCreationUtilIOS() = default;
-
-EncryptionKeyCreationUtilIOS::~EncryptionKeyCreationUtilIOS() = default;
-
-void EncryptionKeyCreationUtilIOS::OnKeyWasFound() {}
-
-void EncryptionKeyCreationUtilIOS::OnKeyNotFound(
- const crypto::AppleKeychain& keychain) {}
-
-void EncryptionKeyCreationUtilIOS::OnKeyStored(bool new_key_stored) {}
-
-void EncryptionKeyCreationUtilIOS::OnKeychainLookupFailed(int error) {}
-
-} // namespace os_crypt
diff --git a/components/os_crypt/encryption_key_creation_util_ios.h b/components/os_crypt/encryption_key_creation_util_ios.h
deleted file mode 100644
index 8632c16..0000000
--- a/components/os_crypt/encryption_key_creation_util_ios.h
+++ /dev/null
@@ -1,32 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_IOS_H_
-#define COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_IOS_H_
-
-#include "base/component_export.h"
-#include "base/macros.h"
-#include "components/os_crypt/encryption_key_creation_util.h"
-
-namespace os_crypt {
-
-// A key creation utility for iOS which does nothing. This class is a stub.
-class COMPONENT_EXPORT(OS_CRYPT) EncryptionKeyCreationUtilIOS
- : public EncryptionKeyCreationUtil {
- public:
- EncryptionKeyCreationUtilIOS();
- ~EncryptionKeyCreationUtilIOS() override;
-
- void OnKeyWasFound() override;
- void OnKeyNotFound(const crypto::AppleKeychain& keychain) override;
- void OnKeyStored(bool new_key_stored) override;
- void OnKeychainLookupFailed(int error) override;
-
- private:
- DISALLOW_COPY_AND_ASSIGN(EncryptionKeyCreationUtilIOS);
-};
-
-} // namespace os_crypt
-
-#endif // COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_IOS_H_
diff --git a/components/os_crypt/encryption_key_creation_util_mac.cc b/components/os_crypt/encryption_key_creation_util_mac.cc
deleted file mode 100644
index d6be9839..0000000
--- a/components/os_crypt/encryption_key_creation_util_mac.cc
+++ /dev/null
@@ -1,106 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/os_crypt/encryption_key_creation_util_mac.h"
-
-#include "base/bind.h"
-#include "base/feature_list.h"
-#include "base/logging.h"
-#include "base/metrics/histogram_functions.h"
-#include "base/metrics/histogram_macros.h"
-#include "base/metrics/user_metrics.h"
-#include "base/single_thread_task_runner.h"
-#include "components/os_crypt/keychain_password_mac.h"
-#include "components/os_crypt/os_crypt_pref_names_mac.h"
-#include "components/prefs/pref_service.h"
-#include "crypto/apple_keychain.h"
-
-namespace os_crypt {
-
-using GetKeyAction = EncryptionKeyCreationUtil::GetKeyAction;
-
-namespace {
-
-void LogGetEncryptionKeyActionMetric(
- EncryptionKeyCreationUtil::GetKeyAction action) {
- UMA_HISTOGRAM_ENUMERATION("OSCrypt.GetEncryptionKeyAction", action);
-}
-
-} // namespace
-
-EncryptionKeyCreationUtilMac::EncryptionKeyCreationUtilMac(
- PrefService* local_state,
- scoped_refptr<base::SingleThreadTaskRunner> main_thread_task_runner)
- : local_state_(local_state),
- main_thread_task_runner_(main_thread_task_runner),
- key_already_created_(local_state_->GetBoolean(prefs::kKeyCreated)) {}
-
-EncryptionKeyCreationUtilMac::~EncryptionKeyCreationUtilMac() = default;
-
-void EncryptionKeyCreationUtilMac::OnKeyWasFound() {
- if (key_already_created_) {
- LogGetEncryptionKeyActionMetric(GetKeyAction::kKeyFound);
- } else {
- LogGetEncryptionKeyActionMetric(GetKeyAction::kKeyFoundFirstTime);
- }
-
- UpdateKeyCreationPreference();
-}
-
-void EncryptionKeyCreationUtilMac::OnKeyNotFound(
- const crypto::AppleKeychain& keychain) {
- if (!key_already_created_)
- return;
- // Make another request to the Keychain without decrypting the password value.
- // It should succeed even if the user locked the Keychain.
- SecKeychainItemRef item_ref = 0;
- OSStatus error = keychain.FindGenericPassword(
- strlen(KeychainPassword::service_name), KeychainPassword::service_name,
- strlen(KeychainPassword::account_name), KeychainPassword::account_name,
- nullptr, nullptr, &item_ref);
- if (item_ref)
- CFRelease(item_ref);
-
- FindPasswordResult result = FindPasswordResult::kOtherError;
- if (error == noErr)
- result = FindPasswordResult::kFound;
- else if (error == errSecItemNotFound)
- result = FindPasswordResult::kNotFound;
- UMA_HISTOGRAM_ENUMERATION("OSCrypt.FindPasswordAgain", result);
-}
-
-void EncryptionKeyCreationUtilMac::OnKeyStored(bool new_key_stored) {
- if (key_already_created_) {
- if (new_key_stored)
- LogGetEncryptionKeyActionMetric(GetKeyAction::kKeyPotentiallyOverwritten);
- else
- LogGetEncryptionKeyActionMetric(GetKeyAction::kKeyOverwriteFailed);
- } else {
- if (new_key_stored) {
- LogGetEncryptionKeyActionMetric(GetKeyAction::kNewKeyAddedToKeychain);
- UpdateKeyCreationPreference();
- } else {
- LogGetEncryptionKeyActionMetric(GetKeyAction::kNewKeyAddError);
- }
- }
-}
-
-void EncryptionKeyCreationUtilMac::OnKeychainLookupFailed(int error) {
- LogGetEncryptionKeyActionMetric(GetKeyAction::kKeychainLookupFailed);
- base::UmaHistogramSparse("OSCrypt.EncryptionKeyLookupError", error);
-}
-
-void EncryptionKeyCreationUtilMac::UpdateKeyCreationPreference() {
- if (key_already_created_)
- return;
- key_already_created_ = true;
- main_thread_task_runner_->PostTask(
- FROM_HERE, base::BindOnce(
- [](PrefService* local_state) {
- local_state->SetBoolean(prefs::kKeyCreated, true);
- },
- local_state_));
-}
-
-} // namespace os_crypt
diff --git a/components/os_crypt/encryption_key_creation_util_mac.h b/components/os_crypt/encryption_key_creation_util_mac.h
deleted file mode 100644
index fbf1c3e..0000000
--- a/components/os_crypt/encryption_key_creation_util_mac.h
+++ /dev/null
@@ -1,52 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_MAC_H_
-#define COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_MAC_H_
-
-#include "base/component_export.h"
-#include "base/memory/scoped_refptr.h"
-#include "components/os_crypt/encryption_key_creation_util.h"
-
-class PrefService;
-
-namespace base {
-class SingleThreadTaskRunner;
-} // namespace base
-
-namespace os_crypt {
-
-// A utility class which provides a method to check whether the encryption key
-// should be available in the Keychain (meaning it was created in the past).
-class COMPONENT_EXPORT(OS_CRYPT) EncryptionKeyCreationUtilMac
- : public EncryptionKeyCreationUtil {
- public:
- // This class has to be initialized on the main UI thread since it uses
- // the local state.
- EncryptionKeyCreationUtilMac(
- PrefService* local_state,
- scoped_refptr<base::SingleThreadTaskRunner> main_thread_task_runner);
- ~EncryptionKeyCreationUtilMac() override;
-
- // os_crypt::EncryptionKeyCreationUtil:
- void OnKeyWasFound() override;
- void OnKeyNotFound(const crypto::AppleKeychain& keychain) override;
- void OnKeyStored(bool new_key_stored) override;
- void OnKeychainLookupFailed(int error) override;
-
- private:
- // Asynchronously updates the preference on the main thread that the
- // encryption key was created.
- void UpdateKeyCreationPreference();
-
- PrefService* local_state_;
- scoped_refptr<base::SingleThreadTaskRunner> main_thread_task_runner_;
- volatile bool key_already_created_;
-
- DISALLOW_COPY_AND_ASSIGN(EncryptionKeyCreationUtilMac);
-};
-
-} // namespace os_crypt
-
-#endif // COMPONENTS_OS_CRYPT_ENCRYPTION_KEY_CREATION_UTIL_MAC_H_
diff --git a/components/os_crypt/keychain_password_mac.h b/components/os_crypt/keychain_password_mac.h
index 9b656dc..6fda024 100644
--- a/components/os_crypt/keychain_password_mac.h
+++ b/components/os_crypt/keychain_password_mac.h
@@ -14,17 +14,9 @@
class AppleKeychain;
}
-namespace os_crypt {
-class EncryptionKeyCreationUtil;
-}
-
-using os_crypt::EncryptionKeyCreationUtil;
-
class COMPONENT_EXPORT(OS_CRYPT) KeychainPassword {
public:
- KeychainPassword(
- const crypto::AppleKeychain& keychain,
- std::unique_ptr<EncryptionKeyCreationUtil> key_creation_util);
+ KeychainPassword(const crypto::AppleKeychain& keychain);
~KeychainPassword();
// Get the OSCrypt password for this system. If no password exists
@@ -41,7 +33,6 @@
private:
const crypto::AppleKeychain& keychain_;
- std::unique_ptr<EncryptionKeyCreationUtil> key_creation_util_;
DISALLOW_COPY_AND_ASSIGN(KeychainPassword);
};
diff --git a/components/os_crypt/keychain_password_mac.mm b/components/os_crypt/keychain_password_mac.mm
index e66a829..3b85434 100644
--- a/components/os_crypt/keychain_password_mac.mm
+++ b/components/os_crypt/keychain_password_mac.mm
@@ -11,7 +11,6 @@
#include "base/mac/scoped_cftyperef.h"
#include "base/rand_util.h"
#include "build/branding_buildflags.h"
-#include "components/os_crypt/encryption_key_creation_util.h"
#include "crypto/apple_keychain.h"
using crypto::AppleKeychain;
@@ -56,16 +55,12 @@
const char KeychainPassword::account_name[] = "Chromium";
#endif
-KeychainPassword::KeychainPassword(
- const AppleKeychain& keychain,
- std::unique_ptr<EncryptionKeyCreationUtil> key_creation_util)
- : keychain_(keychain), key_creation_util_(std::move(key_creation_util)) {}
+KeychainPassword::KeychainPassword(const AppleKeychain& keychain)
+ : keychain_(keychain) {}
KeychainPassword::~KeychainPassword() = default;
std::string KeychainPassword::GetPassword() const {
- DCHECK(key_creation_util_);
-
UInt32 password_length = 0;
void* password_data = nullptr;
OSStatus error = keychain_.FindGenericPassword(
@@ -76,19 +71,15 @@
std::string password =
std::string(static_cast<char*>(password_data), password_length);
keychain_.ItemFreeContent(password_data);
- key_creation_util_->OnKeyWasFound();
return password;
}
if (error == errSecItemNotFound) {
- key_creation_util_->OnKeyNotFound(keychain_);
std::string password =
AddRandomPasswordToKeychain(keychain_, service_name, account_name);
- key_creation_util_->OnKeyStored(!password.empty());
return password;
}
- key_creation_util_->OnKeychainLookupFailed(error);
OSSTATUS_DLOG(ERROR, error) << "Keychain lookup failed";
return std::string();
}
diff --git a/components/os_crypt/keychain_password_mac_unittest.mm b/components/os_crypt/keychain_password_mac_unittest.mm
index 92d810e..f0b740b 100644
--- a/components/os_crypt/keychain_password_mac_unittest.mm
+++ b/components/os_crypt/keychain_password_mac_unittest.mm
@@ -8,115 +8,44 @@
#include "crypto/mock_apple_keychain.h"
#include "testing/gtest/include/gtest/gtest.h"
-#if defined(OS_IOS)
-#include "components/os_crypt/encryption_key_creation_util_ios.h"
-#else
-#include "base/test/metrics/histogram_tester.h"
-#include "base/test/task_environment.h"
-#include "base/threading/thread_task_runner_handle.h"
-#include "components/os_crypt/encryption_key_creation_util_mac.h"
-#include "components/os_crypt/os_crypt_pref_names_mac.h"
-#include "components/prefs/pref_registry_simple.h"
-#include "components/prefs/testing_pref_service.h"
-#endif
-
namespace {
using crypto::MockAppleKeychain;
-using os_crypt::EncryptionKeyCreationUtil;
-using GetKeyAction = EncryptionKeyCreationUtil::GetKeyAction;
// An environment for KeychainPassword which initializes mock keychain with
-// the given value that is going to be returned when accessing the Keychain and
-// key creation utility with the given initial state (was the encryption key
-// previously added to the Keychain or not).
+// the given value that is going to be returned when accessing the Keychain.
class KeychainPasswordEnvironment {
public:
// |keychain_result| is the value that is going to be returned when accessing
- // the Keychain. If |is_key_already_created| is true, a preference that
- // indicates if the encryption key was created in the past will be set.
- KeychainPasswordEnvironment(OSStatus keychain_result,
- bool is_key_already_created);
-
+ // the Keychain.
+ explicit KeychainPasswordEnvironment(OSStatus keychain_result);
~KeychainPasswordEnvironment() = default;
+ KeychainPasswordEnvironment(KeychainPasswordEnvironment&) = delete;
+ KeychainPasswordEnvironment& operator=(KeychainPasswordEnvironment&) = delete;
+
MockAppleKeychain& keychain() { return keychain_; }
std::string GetPassword() const { return keychain_password_->GetPassword(); }
-#if !defined(OS_IOS)
- // Returns true if the preference for key creation is set.
- bool IsKeyCreationPrefSet() const {
- return testing_local_state_.GetBoolean(os_crypt::prefs::kKeyCreated);
- }
-#endif
-
private:
MockAppleKeychain keychain_;
std::unique_ptr<KeychainPassword> keychain_password_;
-#if !defined(OS_IOS)
- TestingPrefServiceSimple testing_local_state_;
-#endif
};
KeychainPasswordEnvironment::KeychainPasswordEnvironment(
- OSStatus keychain_find_generic_result,
- bool is_key_already_created) {
+ OSStatus keychain_find_generic_result) {
// Set the value that keychain is going to return.
keychain_.set_find_generic_result(keychain_find_generic_result);
-#if !defined(OS_IOS)
- // Initialize the preference on Mac.
- testing_local_state_.registry()->RegisterBooleanPref(
- os_crypt::prefs::kKeyCreated, false);
- if (is_key_already_created)
- testing_local_state_.SetBoolean(os_crypt::prefs::kKeyCreated, true);
-#endif
-
-// Initialize encryption key creation utility.
-#if defined(OS_IOS)
- std::unique_ptr<EncryptionKeyCreationUtil> util =
- std::make_unique<os_crypt::EncryptionKeyCreationUtilIOS>();
-#else
- std::unique_ptr<EncryptionKeyCreationUtil> util =
- std::make_unique<os_crypt::EncryptionKeyCreationUtilMac>(
- &testing_local_state_, base::ThreadTaskRunnerHandle::Get());
-#endif
-
// Initialize keychain password.
- keychain_password_ =
- std::make_unique<KeychainPassword>(keychain_, std::move(util));
+ keychain_password_ = std::make_unique<KeychainPassword>(keychain_);
}
-class KeychainPasswordTest : public testing::Test {
- protected:
- KeychainPasswordTest() = default;
-
-#if !defined(OS_IOS)
- // Waits until all tasks in the task runner's queue are finished.
- void RunUntilIdle() { task_environment_.RunUntilIdle(); }
-
- base::HistogramTester& histogram_tester() { return histogram_tester_; }
-
- void ExpectUniqueGetKeyAction(GetKeyAction action) {
- histogram_tester_.ExpectUniqueSample("OSCrypt.GetEncryptionKeyAction",
- action, 1);
- }
-#endif
-
- private:
-#if !defined(OS_IOS)
- base::HistogramTester histogram_tester_;
- base::test::TaskEnvironment task_environment_;
-#endif
-
- DISALLOW_COPY_AND_ASSIGN(KeychainPasswordTest);
-};
-
// Test that if we have an existing password in the Keychain and we are
// authorized by the user to read it then we get it back correctly.
-TEST_F(KeychainPasswordTest, FindPasswordSuccess) {
- KeychainPasswordEnvironment environment(noErr, true);
+TEST(KeychainPasswordTest, FindPasswordSuccess) {
+ KeychainPasswordEnvironment environment(noErr);
EXPECT_FALSE(environment.GetPassword().empty());
EXPECT_FALSE(environment.keychain().called_add_generic());
EXPECT_EQ(0, environment.keychain().password_data_count());
@@ -124,8 +53,8 @@
// Test that if we do not have an existing password in the Keychain then it
// gets added successfully and returned.
-TEST_F(KeychainPasswordTest, FindPasswordNotFound) {
- KeychainPasswordEnvironment environment(errSecItemNotFound, false);
+TEST(KeychainPasswordTest, FindPasswordNotFound) {
+ KeychainPasswordEnvironment environment(errSecItemNotFound);
EXPECT_EQ(24U, environment.GetPassword().length());
EXPECT_TRUE(environment.keychain().called_add_generic());
EXPECT_EQ(0, environment.keychain().password_data_count());
@@ -133,41 +62,31 @@
// Test that if get denied access by the user then we return an empty password.
// And we should not try to add one.
-TEST_F(KeychainPasswordTest, FindPasswordNotAuthorized) {
- KeychainPasswordEnvironment environment(errSecAuthFailed, false);
+TEST(KeychainPasswordTest, FindPasswordNotAuthorized) {
+ KeychainPasswordEnvironment environment(errSecAuthFailed);
EXPECT_TRUE(environment.GetPassword().empty());
EXPECT_FALSE(environment.keychain().called_add_generic());
EXPECT_EQ(0, environment.keychain().password_data_count());
-#if !defined(OS_IOS)
- // The key creation pref shouldn't be set.
- RunUntilIdle();
- EXPECT_FALSE(environment.IsKeyCreationPrefSet());
-#endif
}
// Test that if some random other error happens then we return an empty
// password, and we should not try to add one.
-TEST_F(KeychainPasswordTest, FindPasswordOtherError) {
- KeychainPasswordEnvironment environment(errSecNotAvailable, false);
+TEST(KeychainPasswordTest, FindPasswordOtherError) {
+ KeychainPasswordEnvironment environment(errSecNotAvailable);
EXPECT_TRUE(environment.GetPassword().empty());
EXPECT_FALSE(environment.keychain().called_add_generic());
EXPECT_EQ(0, environment.keychain().password_data_count());
-#if !defined(OS_IOS)
- // The key creation pref shouldn't be set.
- RunUntilIdle();
- EXPECT_FALSE(environment.IsKeyCreationPrefSet());
-#endif
}
// Test that subsequent additions to the keychain give different passwords.
-TEST_F(KeychainPasswordTest, PasswordsDiffer) {
- KeychainPasswordEnvironment environment1(errSecItemNotFound, false);
+TEST(KeychainPasswordTest, PasswordsDiffer) {
+ KeychainPasswordEnvironment environment1(errSecItemNotFound);
std::string password1 = environment1.GetPassword();
EXPECT_FALSE(password1.empty());
EXPECT_TRUE(environment1.keychain().called_add_generic());
EXPECT_EQ(0, environment1.keychain().password_data_count());
- KeychainPasswordEnvironment environment2(errSecItemNotFound, false);
+ KeychainPasswordEnvironment environment2(errSecItemNotFound);
std::string password2 = environment2.GetPassword();
EXPECT_FALSE(password2.empty());
EXPECT_TRUE(environment2.keychain().called_add_generic());
@@ -177,61 +96,4 @@
EXPECT_NE(password1, password2);
}
-#if !defined(OS_IOS)
-// Test that a key is overwritten even if it was created in the past.
-TEST_F(KeychainPasswordTest, OverwriteKey) {
- KeychainPasswordEnvironment environment(errSecItemNotFound, true);
- EXPECT_FALSE(environment.GetPassword().empty());
- EXPECT_TRUE(environment.keychain().called_add_generic());
- RunUntilIdle();
- ExpectUniqueGetKeyAction(GetKeyAction::kKeyPotentiallyOverwritten);
-}
-
-// Test that a new key is added if one doesn't already exist in the Keychain,
-// and that the key creation preference is set.
-TEST_F(KeychainPasswordTest, AddNewKey) {
- KeychainPasswordEnvironment environment(errSecItemNotFound, false);
-
- EXPECT_FALSE(environment.GetPassword().empty());
- EXPECT_TRUE(environment.keychain().called_add_generic());
- RunUntilIdle();
- EXPECT_TRUE(environment.IsKeyCreationPrefSet());
- ExpectUniqueGetKeyAction(GetKeyAction::kNewKeyAddedToKeychain);
-}
-
-// Test that the key creation preference is set when successfully accessing the
-// key from the Keychain for the first time.
-TEST_F(KeychainPasswordTest, FindKeyTheFirstTime) {
- KeychainPasswordEnvironment environment(noErr, false);
-
- EXPECT_FALSE(environment.GetPassword().empty());
- EXPECT_FALSE(environment.keychain().called_add_generic());
- RunUntilIdle();
- EXPECT_TRUE(environment.IsKeyCreationPrefSet());
- ExpectUniqueGetKeyAction(GetKeyAction::kKeyFoundFirstTime);
-}
-
-// Test that the key creation preference is not set, that an empty password is
-// returned and no password is added to the Keychain if an error other than
-// errSecItemNotFound is returned by the Keychain.
-TEST_F(KeychainPasswordTest, LookupOtherError) {
- KeychainPasswordEnvironment environment(errSecNotAvailable, false);
-
- EXPECT_TRUE(environment.GetPassword().empty());
- EXPECT_FALSE(environment.keychain().called_add_generic());
- RunUntilIdle();
- EXPECT_FALSE(environment.IsKeyCreationPrefSet());
- ExpectUniqueGetKeyAction(GetKeyAction::kKeychainLookupFailed);
-}
-
-TEST_F(KeychainPasswordTest, KeyFoundSecondTime) {
- KeychainPasswordEnvironment environment(noErr, true);
-
- EXPECT_FALSE(environment.GetPassword().empty());
- EXPECT_FALSE(environment.keychain().called_add_generic());
- RunUntilIdle();
- ExpectUniqueGetKeyAction(GetKeyAction::kKeyFound);
-}
-#endif // !defined(OS_IOS)
-
} // namespace
diff --git a/components/os_crypt/os_crypt.h b/components/os_crypt/os_crypt.h
index 5aa09425..e4b1781 100644
--- a/components/os_crypt/os_crypt.h
+++ b/components/os_crypt/os_crypt.h
@@ -73,7 +73,7 @@
const std::string& ciphertext,
std::string* plaintext);
-#if defined(OS_WIN) || (defined(OS_MACOSX) && !defined(OS_IOS))
+#if defined(OS_WIN)
// Registers preferences used by OSCrypt.
static COMPONENT_EXPORT(OS_CRYPT) void RegisterLocalPrefs(
PrefRegistrySimple* registry);
diff --git a/components/os_crypt/os_crypt_mac.mm b/components/os_crypt/os_crypt_mac.mm
index 1b5d658..49c22a9 100644
--- a/components/os_crypt/os_crypt_mac.mm
+++ b/components/os_crypt/os_crypt_mac.mm
@@ -21,16 +21,6 @@
#include "crypto/mock_apple_keychain.h"
#include "crypto/symmetric_key.h"
-#if defined(OS_IOS)
-#include "components/os_crypt/encryption_key_creation_util_ios.h"
-#else
-#include "base/threading/thread_task_runner_handle.h"
-#include "components/os_crypt/encryption_key_creation_util_mac.h"
-#include "components/os_crypt/os_crypt_pref_names_mac.h"
-#include "components/prefs/pref_registry_simple.h"
-#include "components/prefs/pref_service.h"
-#endif
-
using crypto::AppleKeychain;
namespace os_crypt {
@@ -60,11 +50,6 @@
// this and migrate to different encryption without data loss.
const char kEncryptionVersionPrefix[] = "v10";
-// A utility which prevents overwriting the encryption key. This is temporary
-// pointer that is non-NULL between initialization and getting the encryption
-// key for the first time.
-os_crypt::EncryptionKeyCreationUtil* g_key_creation_util = nullptr;
-
// This lock is used to make the GetEncrytionKey and
// OSCrypt::GetRawEncryptionKey methods thread-safe.
base::LazyInstance<base::Lock>::Leaky g_lock = LAZY_INSTANCE_INITIALIZER;
@@ -96,17 +81,9 @@
crypto::MockAppleKeychain keychain;
password = keychain.GetEncryptionPassword();
} else {
-#if defined(OS_IOS)
- DCHECK(!g_key_creation_util);
- g_key_creation_util = new os_crypt::EncryptionKeyCreationUtilIOS();
-#endif
- DCHECK(g_key_creation_util);
AppleKeychain keychain;
- KeychainPassword encryptor_password(
- keychain,
- std::unique_ptr<EncryptionKeyCreationUtil>(g_key_creation_util));
+ KeychainPassword encryptor_password(keychain);
password = encryptor_password.GetPassword();
- g_key_creation_util = nullptr;
}
// Subsequent code must guarantee that the correct key is cached before
@@ -234,19 +211,6 @@
return GetEncryptionKey() != nullptr;
}
-#if !defined(OS_IOS)
-void OSCrypt::RegisterLocalPrefs(PrefRegistrySimple* registry) {
- registry->RegisterBooleanPref(os_crypt::prefs::kKeyCreated, false);
-}
-
-bool OSCrypt::Init(PrefService* local_state) {
- base::AutoLock auto_lock(g_lock.Get());
- g_key_creation_util = new os_crypt::EncryptionKeyCreationUtilMac(
- local_state, base::ThreadTaskRunnerHandle::Get());
- return true;
-}
-#endif
-
void OSCrypt::UseMockKeychainForTesting(bool use_mock) {
use_mock_keychain = use_mock;
if (!use_mock_keychain)
diff --git a/components/os_crypt/os_crypt_pref_names_mac.cc b/components/os_crypt/os_crypt_pref_names_mac.cc
deleted file mode 100644
index 13f247d..0000000
--- a/components/os_crypt/os_crypt_pref_names_mac.cc
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/os_crypt/os_crypt_pref_names_mac.h"
-
-namespace os_crypt {
-namespace prefs {
-
-const char kKeyCreated[] = "os_crypt.key_created";
-
-} // namespace prefs
-} // namespace os_crypt
diff --git a/components/os_crypt/os_crypt_pref_names_mac.h b/components/os_crypt/os_crypt_pref_names_mac.h
deleted file mode 100644
index 02886d1..0000000
--- a/components/os_crypt/os_crypt_pref_names_mac.h
+++ /dev/null
@@ -1,27 +0,0 @@
-// Copyright 2018 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef COMPONENTS_OS_CRYPT_OS_CRYPT_PREF_NAMES_MAC_H_
-#define COMPONENTS_OS_CRYPT_OS_CRYPT_PREF_NAMES_MAC_H_
-
-#include "base/component_export.h"
-
-namespace os_crypt {
-namespace prefs {
-
-// The boolean which indicates the existence of the encryption key in the
-// Keychain.
-// Sometimes when the Keychain seems to be available, it may happen that Chrome
-// fails to retrieve the key from the Keychain, which causes Chrome to overwrite
-// the old key with a newly generated key. Overwriting the encryption key can
-// cause various problems. This flag should be set to true once the
-// encryption key is generated or successfully retrieved. If this flag is set to
-// true and Chrome couldn't get the encryption key from the Keychain, it signals
-// that something is going wrong on the machine.
-COMPONENT_EXPORT(OS_CRYPT) extern const char kKeyCreated[];
-
-} // namespace prefs
-} // namespace os_crypt
-
-#endif // COMPONENTS_OS_CRYPT_OS_CRYPT_PREF_NAMES_MAC_H_
diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml
index ec8cd5ae..0f0f2f4 100644
--- a/tools/metrics/histograms/histograms.xml
+++ b/tools/metrics/histograms/histograms.xml
@@ -103397,6 +103397,9 @@
<histogram name="OSCrypt.EncryptionKeyLookupError" units="units"
expires_after="M81">
+ <obsolete>
+ Obsolete as of Chrome M81.
+ </obsolete>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
@@ -103420,6 +103423,9 @@
<histogram name="OSCrypt.FindPasswordAgain" enum="FindPasswordResult"
expires_after="M81">
+ <obsolete>
+ Obsolete as of Chrome M81.
+ </obsolete>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
@@ -103428,7 +103434,11 @@
</summary>
</histogram>
-<histogram name="OSCrypt.GetEncryptionKeyAction" enum="GetEncryptionKeyAction">
+<histogram name="OSCrypt.GetEncryptionKeyAction" enum="GetEncryptionKeyAction"
+ expires_after="M81">
+ <obsolete>
+ Obsolete as of Chrome M81.
+ </obsolete>
<owner>[email protected]</owner>
<owner>[email protected]</owner>
<summary>
