cfroussios | 3b5a4e4 | 2016-05-31 11:02:18 | [diff] [blame] | 1 | // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "components/os_crypt/key_storage_linux.h" |
| 6 | |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 7 | #include "base/bind.h" |
cfroussios | 3ea4c69 | 2016-07-18 19:15:14 | [diff] [blame] | 8 | #include "base/environment.h" |
cfroussios | 3ea4c69 | 2016-07-18 19:15:14 | [diff] [blame] | 9 | #include "base/logging.h" |
| 10 | #include "base/nix/xdg_util.h" |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 11 | #include "base/sequenced_task_runner.h" |
| 12 | #include "base/synchronization/waitable_event.h" |
| 13 | #include "base/task_runner_util.h" |
| 14 | #include "base/threading/thread_restrictions.h" |
Nico Weber | 356b304 | 2019-08-23 15:30:41 | [diff] [blame] | 15 | #include "build/branding_buildflags.h" |
Christos Froussios | 494196d | 2017-07-14 10:10:04 | [diff] [blame] | 16 | #include "components/os_crypt/key_storage_config_linux.h" |
cfroussios | 2f05d7f | 2016-08-17 15:58:50 | [diff] [blame] | 17 | #include "components/os_crypt/key_storage_util_linux.h" |
cfroussios | 3ea4c69 | 2016-07-18 19:15:14 | [diff] [blame] | 18 | |
| 19 | #if defined(USE_LIBSECRET) |
cfroussios | 3b5a4e4 | 2016-05-31 11:02:18 | [diff] [blame] | 20 | #include "components/os_crypt/key_storage_libsecret.h" |
cfroussios | 3ea4c69 | 2016-07-18 19:15:14 | [diff] [blame] | 21 | #endif |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 22 | #if defined(USE_KEYRING) |
| 23 | #include "components/os_crypt/key_storage_keyring.h" |
| 24 | #endif |
cfroussios | 2e6729a4 | 2016-07-26 09:18:12 | [diff] [blame] | 25 | #if defined(USE_KWALLET) |
| 26 | #include "components/os_crypt/key_storage_kwallet.h" |
| 27 | #endif |
| 28 | |
Nico Weber | 356b304 | 2019-08-23 15:30:41 | [diff] [blame] | 29 | #if BUILDFLAG(GOOGLE_CHROME_BRANDING) |
cfroussios | 2e6729a4 | 2016-07-26 09:18:12 | [diff] [blame] | 30 | const char KeyStorageLinux::kFolderName[] = "Chrome Keys"; |
| 31 | const char KeyStorageLinux::kKey[] = "Chrome Safe Storage"; |
| 32 | #else |
| 33 | const char KeyStorageLinux::kFolderName[] = "Chromium Keys"; |
| 34 | const char KeyStorageLinux::kKey[] = "Chromium Safe Storage"; |
| 35 | #endif |
| 36 | |
Christos Froussios | f7924a6 | 2019-11-05 14:26:50 | [diff] [blame^] | 37 | namespace { |
| 38 | |
| 39 | const char* SelectedLinuxBackendToString( |
| 40 | os_crypt::SelectedLinuxBackend selection) { |
| 41 | switch (selection) { |
| 42 | case os_crypt::SelectedLinuxBackend::DEFER: |
| 43 | return "DEFER"; |
| 44 | case os_crypt::SelectedLinuxBackend::BASIC_TEXT: |
| 45 | return "BASIC_TEXT"; |
| 46 | case os_crypt::SelectedLinuxBackend::GNOME_ANY: |
| 47 | return "GNOME_ANY"; |
| 48 | case os_crypt::SelectedLinuxBackend::GNOME_KEYRING: |
| 49 | return "GNOME_KEYRING"; |
| 50 | case os_crypt::SelectedLinuxBackend::GNOME_LIBSECRET: |
| 51 | return "GNOME_LIBSECRET"; |
| 52 | case os_crypt::SelectedLinuxBackend::KWALLET: |
| 53 | return "KWALLET"; |
| 54 | case os_crypt::SelectedLinuxBackend::KWALLET5: |
| 55 | return "KWALLET5"; |
| 56 | } |
| 57 | NOTREACHED(); |
| 58 | return nullptr; |
| 59 | } |
| 60 | |
| 61 | } // namespace |
| 62 | |
cfroussios | 3ea4c69 | 2016-07-18 19:15:14 | [diff] [blame] | 63 | // static |
Christos Froussios | 494196d | 2017-07-14 10:10:04 | [diff] [blame] | 64 | std::unique_ptr<KeyStorageLinux> KeyStorageLinux::CreateService( |
| 65 | const os_crypt::Config& config) { |
slan | a881a86 | 2016-09-09 21:36:07 | [diff] [blame] | 66 | #if defined(USE_LIBSECRET) || defined(USE_KEYRING) || defined(USE_KWALLET) |
cfroussios | 2f05d7f | 2016-08-17 15:58:50 | [diff] [blame] | 67 | // Select a backend. |
Christos Froussios | 494196d | 2017-07-14 10:10:04 | [diff] [blame] | 68 | bool use_backend = !config.should_use_preference || |
| 69 | os_crypt::GetBackendUse(config.user_data_path); |
cfroussios | 2f05d7f | 2016-08-17 15:58:50 | [diff] [blame] | 70 | std::unique_ptr<base::Environment> env(base::Environment::Create()); |
| 71 | base::nix::DesktopEnvironment desktop_env = |
| 72 | base::nix::GetDesktopEnvironment(env.get()); |
| 73 | os_crypt::SelectedLinuxBackend selected_backend = |
Christos Froussios | 494196d | 2017-07-14 10:10:04 | [diff] [blame] | 74 | os_crypt::SelectBackend(config.store, use_backend, desktop_env); |
Christos Froussios | f7924a6 | 2019-11-05 14:26:50 | [diff] [blame^] | 75 | VLOG(1) << "Selected backend for OSCrypt: " |
| 76 | << SelectedLinuxBackendToString(selected_backend); |
cfroussios | 3b5a4e4 | 2016-05-31 11:02:18 | [diff] [blame] | 77 | |
Christos Froussios | 985d1aac | 2017-11-09 11:01:07 | [diff] [blame] | 78 | // TODO(crbug.com/782851) Schedule the initialisation on each backend's |
| 79 | // favourite thread. |
| 80 | |
cfroussios | 2f05d7f | 2016-08-17 15:58:50 | [diff] [blame] | 81 | // Try initializing the selected backend. |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 82 | // In case of GNOME_ANY, prefer Libsecret |
cfroussios | 3ea4c69 | 2016-07-18 19:15:14 | [diff] [blame] | 83 | std::unique_ptr<KeyStorageLinux> key_storage; |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 84 | |
| 85 | #if defined(USE_LIBSECRET) |
cfroussios | 2f05d7f | 2016-08-17 15:58:50 | [diff] [blame] | 86 | if (selected_backend == os_crypt::SelectedLinuxBackend::GNOME_ANY || |
| 87 | selected_backend == os_crypt::SelectedLinuxBackend::GNOME_LIBSECRET) { |
Christos Froussios | 70cc95b | 2017-12-14 21:13:23 | [diff] [blame] | 88 | key_storage.reset(new KeyStorageLibsecret()); |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 89 | if (key_storage->WaitForInitOnTaskRunner()) { |
cfroussios | 3ea4c69 | 2016-07-18 19:15:14 | [diff] [blame] | 90 | VLOG(1) << "OSCrypt using Libsecret as backend."; |
| 91 | return key_storage; |
| 92 | } |
Christos Froussios | f7924a6 | 2019-11-05 14:26:50 | [diff] [blame^] | 93 | LOG(WARNING) << "OSCrypt tried Libsecret but couldn't initialise."; |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 94 | } |
slan | a881a86 | 2016-09-09 21:36:07 | [diff] [blame] | 95 | #endif // defined(USE_LIBSECRET) |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 96 | |
| 97 | #if defined(USE_KEYRING) |
| 98 | if (selected_backend == os_crypt::SelectedLinuxBackend::GNOME_ANY || |
| 99 | selected_backend == os_crypt::SelectedLinuxBackend::GNOME_KEYRING) { |
Christos Froussios | 70cc95b | 2017-12-14 21:13:23 | [diff] [blame] | 100 | key_storage.reset(new KeyStorageKeyring(config.main_thread_runner)); |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 101 | if (key_storage->WaitForInitOnTaskRunner()) { |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 102 | VLOG(1) << "OSCrypt using Keyring as backend."; |
| 103 | return key_storage; |
| 104 | } |
Christos Froussios | f7924a6 | 2019-11-05 14:26:50 | [diff] [blame^] | 105 | LOG(WARNING) << "OSCrypt tried Keyring but couldn't initialise."; |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 106 | } |
slan | a881a86 | 2016-09-09 21:36:07 | [diff] [blame] | 107 | #endif // defined(USE_KEYRING) |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 108 | |
cfroussios | 2e6729a4 | 2016-07-26 09:18:12 | [diff] [blame] | 109 | #if defined(USE_KWALLET) |
cfroussios | b013c15b | 2016-09-03 01:10:16 | [diff] [blame] | 110 | if (selected_backend == os_crypt::SelectedLinuxBackend::KWALLET || |
| 111 | selected_backend == os_crypt::SelectedLinuxBackend::KWALLET5) { |
Christos Froussios | 494196d | 2017-07-14 10:10:04 | [diff] [blame] | 112 | DCHECK(!config.product_name.empty()); |
cfroussios | 2f05d7f | 2016-08-17 15:58:50 | [diff] [blame] | 113 | base::nix::DesktopEnvironment used_desktop_env = |
| 114 | selected_backend == os_crypt::SelectedLinuxBackend::KWALLET |
| 115 | ? base::nix::DESKTOP_ENVIRONMENT_KDE4 |
| 116 | : base::nix::DESKTOP_ENVIRONMENT_KDE5; |
Christos Froussios | 70cc95b | 2017-12-14 21:13:23 | [diff] [blame] | 117 | key_storage.reset( |
| 118 | new KeyStorageKWallet(used_desktop_env, config.product_name)); |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 119 | if (key_storage->WaitForInitOnTaskRunner()) { |
cfroussios | 2e6729a4 | 2016-07-26 09:18:12 | [diff] [blame] | 120 | VLOG(1) << "OSCrypt using KWallet as backend."; |
| 121 | return key_storage; |
| 122 | } |
Christos Froussios | f7924a6 | 2019-11-05 14:26:50 | [diff] [blame^] | 123 | LOG(WARNING) << "OSCrypt tried KWallet but couldn't initialise."; |
cfroussios | 3ea4c69 | 2016-07-18 19:15:14 | [diff] [blame] | 124 | } |
slan | a881a86 | 2016-09-09 21:36:07 | [diff] [blame] | 125 | #endif // defined(USE_KWALLET) |
| 126 | #endif // defined(USE_LIBSECRET) || defined(USE_KEYRING) || |
| 127 | // defined(USE_KWALLET) |
cfroussios | 3b5a4e4 | 2016-05-31 11:02:18 | [diff] [blame] | 128 | |
Christos Froussios | f7924a6 | 2019-11-05 14:26:50 | [diff] [blame^] | 129 | // Either there are no supported backends on this platform, or we chose to |
| 130 | // use no backend, or the chosen backend failed to initialise. |
cfroussios | 6b340f81 | 2017-07-06 15:05:10 | [diff] [blame] | 131 | VLOG(1) << "OSCrypt did not initialize a backend."; |
cfroussios | 3b5a4e4 | 2016-05-31 11:02:18 | [diff] [blame] | 132 | return nullptr; |
| 133 | } |
Christos Froussios | 985d1aac | 2017-11-09 11:01:07 | [diff] [blame] | 134 | |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 135 | bool KeyStorageLinux::WaitForInitOnTaskRunner() { |
| 136 | base::ScopedAllowBaseSyncPrimitivesOutsideBlockingScope allow_sync_primitives; |
| 137 | base::SequencedTaskRunner* task_runner = GetTaskRunner(); |
| 138 | |
| 139 | // We don't need to change threads if the backend has no preference or if we |
| 140 | // are already on the right thread. |
| 141 | if (!task_runner || task_runner->RunsTasksInCurrentSequence()) |
| 142 | return Init(); |
| 143 | |
| 144 | base::WaitableEvent initialized( |
| 145 | base::WaitableEvent::ResetPolicy::MANUAL, |
| 146 | base::WaitableEvent::InitialState::NOT_SIGNALED); |
| 147 | bool success; |
Christos Froussios | 57fe574 | 2017-12-07 21:16:49 | [diff] [blame] | 148 | task_runner->PostTask( |
| 149 | FROM_HERE, |
| 150 | base::BindOnce(&KeyStorageLinux::BlockOnInitThenSignal, |
| 151 | base::Unretained(this), &initialized, &success)); |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 152 | initialized.Wait(); |
| 153 | return success; |
| 154 | } |
| 155 | |
Christos Froussios | 985d1aac | 2017-11-09 11:01:07 | [diff] [blame] | 156 | std::string KeyStorageLinux::GetKey() { |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 157 | base::ScopedAllowBaseSyncPrimitivesOutsideBlockingScope allow_sync_primitives; |
| 158 | base::SequencedTaskRunner* task_runner = GetTaskRunner(); |
| 159 | |
| 160 | // We don't need to change threads if the backend has no preference or if we |
| 161 | // are already on the right thread. |
| 162 | if (!task_runner || task_runner->RunsTasksInCurrentSequence()) |
| 163 | return GetKeyImpl(); |
| 164 | |
| 165 | base::WaitableEvent password_loaded( |
| 166 | base::WaitableEvent::ResetPolicy::MANUAL, |
| 167 | base::WaitableEvent::InitialState::NOT_SIGNALED); |
| 168 | std::string password; |
Christos Froussios | 57fe574 | 2017-12-07 21:16:49 | [diff] [blame] | 169 | task_runner->PostTask( |
| 170 | FROM_HERE, |
| 171 | base::BindOnce(&KeyStorageLinux::BlockOnGetKeyImplThenSignal, |
| 172 | base::Unretained(this), &password_loaded, &password)); |
Christos Froussios | 4e170cb | 2017-12-01 09:42:33 | [diff] [blame] | 173 | password_loaded.Wait(); |
| 174 | return password; |
| 175 | } |
| 176 | |
| 177 | base::SequencedTaskRunner* KeyStorageLinux::GetTaskRunner() { |
| 178 | return nullptr; |
Christos Froussios | 985d1aac | 2017-11-09 11:01:07 | [diff] [blame] | 179 | } |
Christos Froussios | 57fe574 | 2017-12-07 21:16:49 | [diff] [blame] | 180 | |
| 181 | void KeyStorageLinux::BlockOnGetKeyImplThenSignal( |
| 182 | base::WaitableEvent* on_password_received, |
| 183 | std::string* password) { |
| 184 | *password = GetKeyImpl(); |
| 185 | on_password_received->Signal(); |
| 186 | } |
| 187 | |
| 188 | void KeyStorageLinux::BlockOnInitThenSignal(base::WaitableEvent* on_inited, |
| 189 | bool* success) { |
| 190 | *success = Init(); |
| 191 | on_inited->Signal(); |
| 192 | } |