1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "extensions/browser/api/lock_screen_data/data_item.h"
6
7 #include <utility>
8
9 #include "base/base64.h"
10 #include "base/bind.h"
11 #include "base/files/file.h"
12 #include "base/files/file_path.h"
13 #include "base/files/file_util.h"
14 #include "base/location.h"
15 #include "base/metrics/histogram_macros.h"
16 #include "base/sequenced_task_runner.h"
17 #include "base/task/post_task.h"
18 #include "base/values.h"
19 #include "crypto/encryptor.h"
20 #include "crypto/symmetric_key.h"
21 #include "extensions/browser/api/lock_screen_data/operation_result.h"
22 #include "extensions/browser/api/storage/local_value_store_cache.h"
23 #include "extensions/browser/extension_registry.h"
24 #include "extensions/browser/value_store/value_store.h"
25
26 namespace extensions {
27 namespace lock_screen_data {
28
29 namespace {
30
31 // Key for the dictionary in the value store containing all items registered
32 // for the extension.
33 const char kStoreKeyRegisteredItems[] = "registered_items";
34
35 constexpr int kAesInitializationVectorLength = 16;
36
37 // Encrypts |data| with AES key |raw_key|. Returns whether the encryption was
38 // successful, in which case |*result| will be set to the encrypted data.
EncryptData(const std::vector<char> data,const std::string & raw_key,std::string * result)39 bool EncryptData(const std::vector<char> data,
40 const std::string& raw_key,
41 std::string* result) {
42 std::string initialization_vector(kAesInitializationVectorLength, ' ');
43 std::unique_ptr<crypto::SymmetricKey> key =
44 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key);
45 if (!key)
46 return false;
47
48 crypto::Encryptor encryptor;
49 if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, initialization_vector))
50 return false;
51
52 return encryptor.Encrypt(std::string(data.data(), data.size()), result);
53 }
54
55 // Decrypts |data| content using AES key |raw_key|. Returns the operation result
56 // code. On success, |*result| will be set to the clear-text data.
DecryptData(const std::string & data,const std::string & raw_key,std::vector<char> * result)57 OperationResult DecryptData(const std::string& data,
58 const std::string& raw_key,
59 std::vector<char>* result) {
60 std::string initialization_vector(kAesInitializationVectorLength, ' ');
61 std::unique_ptr<crypto::SymmetricKey> key =
62 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key);
63 if (!key)
64 return OperationResult::kInvalidKey;
65
66 crypto::Encryptor encryptor;
67 if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, initialization_vector))
68 return OperationResult::kInvalidKey;
69
70 std::string decrypted;
71 if (!encryptor.Decrypt(data, &decrypted))
72 return OperationResult::kWrongKey;
73
74 *result =
75 std::vector<char>(decrypted.data(), decrypted.data() + decrypted.size());
76
77 return OperationResult::kSuccess;
78 }
79
80 // Returns whether the value store |store| contains a registered item with ID
81 // |item_id|.
IsItemRegistered(ValueStore * store,const std::string & item_id)82 bool IsItemRegistered(ValueStore* store, const std::string& item_id) {
83 ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems);
84
85 const base::DictionaryValue* registered_items = nullptr;
86 return read.status().ok() &&
87 read.settings().GetDictionary(kStoreKeyRegisteredItems,
88 ®istered_items) &&
89 registered_items->HasKey(item_id);
90 }
91
92 // Gets a dictionary value that contains set of all registered data items from
93 // the values store |store|.
94 // |result| - the item fetch operation status code.
95 // |value| - on success, set to the dictionary containing registered data items.
96 // Note that the dictionary will not contain data item content.
GetRegisteredItems(OperationResult * result,base::DictionaryValue * values,ValueStore * store)97 void GetRegisteredItems(OperationResult* result,
98 base::DictionaryValue* values,
99 ValueStore* store) {
100 ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems);
101
102 values->Clear();
103
104 std::unique_ptr<base::Value> registered_items;
105 if (!read.status().ok()) {
106 *result = OperationResult::kFailed;
107 return;
108 }
109
110 // Using remove to pass ownership of registered_item dict to
111 // |registered_items| (and avoid doing a copy |read.settings()|
112 // sub-dictionary).
113 if (!read.settings().Remove(kStoreKeyRegisteredItems, ®istered_items)) {
114 // If the registered items dictionary cannot be found, assume no items have
115 // yet been registered, and return empty result.
116 *result = OperationResult::kSuccess;
117 return;
118 }
119
120 std::unique_ptr<base::DictionaryValue> items_dict =
121 base::DictionaryValue::From(std::move(registered_items));
122
123 *result =
124 items_dict.get() ? OperationResult::kSuccess : OperationResult::kFailed;
125 if (items_dict)
126 values->Swap(items_dict.get());
127 }
128
129 // Registers a data item with ID |item_id| in value store |store|.
RegisterItem(OperationResult * result,const std::string & item_id,ValueStore * store)130 void RegisterItem(OperationResult* result,
131 const std::string& item_id,
132 ValueStore* store) {
133 ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems);
134
135 std::unique_ptr<base::Value> registered_items;
136 if (!read.status().ok()) {
137 *result = OperationResult::kFailed;
138 return;
139 }
140 if (!read.settings().Remove(kStoreKeyRegisteredItems, ®istered_items))
141 registered_items = std::make_unique<base::DictionaryValue>();
142
143 std::unique_ptr<base::DictionaryValue> dict =
144 base::DictionaryValue::From(std::move(registered_items));
145 if (!dict) {
146 *result = OperationResult::kFailed;
147 return;
148 }
149
150 if (dict->HasKey(item_id)) {
151 *result = OperationResult::kAlreadyRegistered;
152 return;
153 }
154
155 dict->Set(item_id, std::make_unique<base::DictionaryValue>());
156
157 ValueStore::WriteResult write =
158 store->Set(ValueStore::DEFAULTS, kStoreKeyRegisteredItems, *dict);
159 *result = write.status().ok() ? OperationResult::kSuccess
160 : OperationResult::kFailed;
161 }
162
163 // Encrypts |data| with AES key |encryption_key| and saved it as |item_id|
164 // content to the value store |store|. The encrypted data is saved base64
165 // encoded.
WriteImpl(OperationResult * result,const std::string item_id,const std::vector<char> & data,const std::string & encryption_key,ValueStore * store)166 void WriteImpl(OperationResult* result,
167 const std::string item_id,
168 const std::vector<char>& data,
169 const std::string& encryption_key,
170 ValueStore* store) {
171 if (!IsItemRegistered(store, item_id)) {
172 *result = OperationResult::kNotFound;
173 return;
174 }
175
176 std::string encrypted;
177 if (!EncryptData(data, encryption_key, &encrypted)) {
178 *result = OperationResult::kInvalidKey;
179 return;
180 }
181 base::Base64Encode(encrypted, &encrypted);
182
183 UMA_HISTOGRAM_COUNTS_10M("Apps.LockScreen.DataItemStorage.ClearTextItemSize",
184 data.size());
185
186 UMA_HISTOGRAM_COUNTS_10M("Apps.LockScreen.DataItemStorage.EncryptedItemSize",
187 encrypted.size());
188
189 ValueStore::WriteResult write = store->Set(ValueStore::DEFAULTS, item_id,
190 base::Value(std::move(encrypted)));
191
192 *result = write.status().ok() ? OperationResult::kSuccess
193 : OperationResult::kFailed;
194 }
195
196 // Gets content of the data item with ID |item_id| from value store |store|,
197 // and decrypts it using |decryption_key|. On success, the decrypted data is
198 // returned as |*data| contents. Note that this method expects the encrypted
199 // data content in the value store is base64 encoded.
ReadImpl(OperationResult * result,std::vector<char> * data,const std::string & item_id,const std::string & decryption_key,ValueStore * store)200 void ReadImpl(OperationResult* result,
201 std::vector<char>* data,
202 const std::string& item_id,
203 const std::string& decryption_key,
204 ValueStore* store) {
205 if (!IsItemRegistered(store, item_id)) {
206 *result = OperationResult::kNotFound;
207 return;
208 }
209
210 ValueStore::ReadResult read = store->Get(item_id);
211 if (!read.status().ok()) {
212 *result = OperationResult::kNotFound;
213 return;
214 }
215
216 const base::Value* item;
217 if (!read.settings().Get(item_id, &item)) {
218 *result = OperationResult::kSuccess;
219 *data = std::vector<char>();
220 return;
221 }
222
223 std::string read_data;
224 if (!item->is_string() ||
225 !base::Base64Decode(item->GetString(), &read_data)) {
226 *result = OperationResult::kFailed;
227 return;
228 }
229
230 *result = DecryptData(read_data, decryption_key, data);
231 }
232
233 // Unregisters and deletes the item with |item_id| from the |valus_store|.
DeleteImpl(OperationResult * result,const std::string & item_id,ValueStore * store)234 void DeleteImpl(OperationResult* result,
235 const std::string& item_id,
236 ValueStore* store) {
237 ValueStore::WriteResult remove =
238 store->Remove(std::vector<std::string>({item_id}));
239 if (!remove.status().ok()) {
240 *result = OperationResult::kFailed;
241 return;
242 }
243
244 ValueStore::ReadResult read = store->Get(kStoreKeyRegisteredItems);
245 if (!read.status().ok()) {
246 *result = OperationResult::kFailed;
247 return;
248 }
249
250 base::DictionaryValue* registered_items = nullptr;
251 if (!read.settings().GetDictionary(kStoreKeyRegisteredItems,
252 ®istered_items) ||
253 !registered_items->Remove(item_id, nullptr)) {
254 *result = OperationResult::kNotFound;
255 return;
256 }
257
258 ValueStore::WriteResult write = store->Set(
259 ValueStore::DEFAULTS, kStoreKeyRegisteredItems, *registered_items);
260 *result = write.status().ok() ? OperationResult::kSuccess
261 : OperationResult::kFailed;
262 }
263
OnGetRegisteredValues(const DataItem::RegisteredValuesCallback & callback,std::unique_ptr<OperationResult> result,std::unique_ptr<base::DictionaryValue> values)264 void OnGetRegisteredValues(const DataItem::RegisteredValuesCallback& callback,
265 std::unique_ptr<OperationResult> result,
266 std::unique_ptr<base::DictionaryValue> values) {
267 callback.Run(*result, std::move(values));
268 }
269
270 } // namespace
271
272 // static
GetRegisteredValuesForExtension(content::BrowserContext * context,ValueStoreCache * value_store_cache,base::SequencedTaskRunner * task_runner,const std::string & extension_id,const RegisteredValuesCallback & callback)273 void DataItem::GetRegisteredValuesForExtension(
274 content::BrowserContext* context,
275 ValueStoreCache* value_store_cache,
276 base::SequencedTaskRunner* task_runner,
277 const std::string& extension_id,
278 const RegisteredValuesCallback& callback) {
279 scoped_refptr<const Extension> extension =
280 ExtensionRegistry::Get(context)->GetExtensionById(
281 extension_id, ExtensionRegistry::ENABLED);
282 if (!extension) {
283 callback.Run(OperationResult::kUnknownExtension, nullptr);
284 return;
285 }
286
287 std::unique_ptr<OperationResult> result =
288 std::make_unique<OperationResult>(OperationResult::kFailed);
289 OperationResult* result_ptr = result.get();
290 std::unique_ptr<base::DictionaryValue> values =
291 std::make_unique<base::DictionaryValue>();
292 base::DictionaryValue* values_ptr = values.get();
293
294 task_runner->PostTaskAndReply(
295 FROM_HERE,
296 base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension,
297 base::Unretained(value_store_cache),
298 base::Bind(&GetRegisteredItems, result_ptr, values_ptr),
299 extension),
300 base::BindOnce(&OnGetRegisteredValues, callback, std::move(result),
301 std::move(values)));
302 }
303
304 // static
DeleteAllItemsForExtension(content::BrowserContext * context,ValueStoreCache * value_store_cache,base::SequencedTaskRunner * task_runner,const std::string & extension_id,const base::Closure & callback)305 void DataItem::DeleteAllItemsForExtension(
306 content::BrowserContext* context,
307 ValueStoreCache* value_store_cache,
308 base::SequencedTaskRunner* task_runner,
309 const std::string& extension_id,
310 const base::Closure& callback) {
311 task_runner->PostTaskAndReply(
312 FROM_HERE,
313 base::BindOnce(&ValueStoreCache::DeleteStorageSoon,
314 base::Unretained(value_store_cache), extension_id),
315 callback);
316 }
317
DataItem(const std::string & id,const std::string & extension_id,content::BrowserContext * context,ValueStoreCache * value_store_cache,base::SequencedTaskRunner * task_runner,const std::string & crypto_key)318 DataItem::DataItem(const std::string& id,
319 const std::string& extension_id,
320 content::BrowserContext* context,
321 ValueStoreCache* value_store_cache,
322 base::SequencedTaskRunner* task_runner,
323 const std::string& crypto_key)
324 : id_(id),
325 extension_id_(extension_id),
326 context_(context),
327 value_store_cache_(value_store_cache),
328 task_runner_(task_runner),
329 crypto_key_(crypto_key) {}
330
331 DataItem::~DataItem() = default;
332
Register(const WriteCallback & callback)333 void DataItem::Register(const WriteCallback& callback) {
334 scoped_refptr<const Extension> extension =
335 ExtensionRegistry::Get(context_)->GetExtensionById(
336 extension_id_, ExtensionRegistry::ENABLED);
337 if (!extension) {
338 callback.Run(OperationResult::kUnknownExtension);
339 return;
340 }
341
342 std::unique_ptr<OperationResult> result =
343 std::make_unique<OperationResult>(OperationResult::kFailed);
344 OperationResult* result_ptr = result.get();
345
346 task_runner_->PostTaskAndReply(
347 FROM_HERE,
348 base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension,
349 base::Unretained(value_store_cache_),
350 base::Bind(&RegisterItem, result_ptr, id()), extension),
351 base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(),
352 callback, std::move(result)));
353 }
354
Write(const std::vector<char> & data,const WriteCallback & callback)355 void DataItem::Write(const std::vector<char>& data,
356 const WriteCallback& callback) {
357 scoped_refptr<const Extension> extension =
358 ExtensionRegistry::Get(context_)->GetExtensionById(
359 extension_id_, ExtensionRegistry::ENABLED);
360 if (!extension) {
361 callback.Run(OperationResult::kUnknownExtension);
362 return;
363 }
364
365 std::unique_ptr<OperationResult> result =
366 std::make_unique<OperationResult>(OperationResult::kFailed);
367 OperationResult* result_ptr = result.get();
368
369 task_runner_->PostTaskAndReply(
370 FROM_HERE,
371 base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension,
372 base::Unretained(value_store_cache_),
373 base::Bind(&WriteImpl, result_ptr, id_, data, crypto_key_),
374 extension),
375 base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(),
376 callback, std::move(result)));
377 }
378
Read(const ReadCallback & callback)379 void DataItem::Read(const ReadCallback& callback) {
380 scoped_refptr<const Extension> extension =
381 ExtensionRegistry::Get(context_)->GetExtensionById(
382 extension_id_, ExtensionRegistry::ENABLED);
383 if (!extension) {
384 callback.Run(OperationResult::kUnknownExtension, nullptr);
385 return;
386 }
387
388 std::unique_ptr<OperationResult> result =
389 std::make_unique<OperationResult>(OperationResult::kFailed);
390 OperationResult* result_ptr = result.get();
391
392 std::unique_ptr<std::vector<char>> data =
393 std::make_unique<std::vector<char>>();
394 std::vector<char>* data_ptr = data.get();
395
396 task_runner_->PostTaskAndReply(
397 FROM_HERE,
398 base::BindOnce(
399 &ValueStoreCache::RunWithValueStoreForExtension,
400 base::Unretained(value_store_cache_),
401 base::Bind(&ReadImpl, result_ptr, data_ptr, id_, crypto_key_),
402 extension),
403 base::BindOnce(&DataItem::OnReadDone, weak_ptr_factory_.GetWeakPtr(),
404 callback, std::move(result), std::move(data)));
405 }
406
Delete(const WriteCallback & callback)407 void DataItem::Delete(const WriteCallback& callback) {
408 scoped_refptr<const Extension> extension =
409 ExtensionRegistry::Get(context_)->GetExtensionById(
410 extension_id_, ExtensionRegistry::ENABLED);
411 if (!extension) {
412 callback.Run(OperationResult::kUnknownExtension);
413 return;
414 }
415 std::unique_ptr<OperationResult> result =
416 std::make_unique<OperationResult>(OperationResult::kFailed);
417 OperationResult* result_ptr = result.get();
418
419 task_runner_->PostTaskAndReply(
420 FROM_HERE,
421 base::BindOnce(&ValueStoreCache::RunWithValueStoreForExtension,
422 base::Unretained(value_store_cache_),
423 base::Bind(&DeleteImpl, result_ptr, id_), extension),
424 base::BindOnce(&DataItem::OnWriteDone, weak_ptr_factory_.GetWeakPtr(),
425 callback, std::move(result)));
426 }
427
OnWriteDone(const DataItem::WriteCallback & callback,std::unique_ptr<OperationResult> success)428 void DataItem::OnWriteDone(const DataItem::WriteCallback& callback,
429 std::unique_ptr<OperationResult> success) {
430 callback.Run(*success);
431 }
432
OnReadDone(const DataItem::ReadCallback & callback,std::unique_ptr<OperationResult> success,std::unique_ptr<std::vector<char>> data)433 void DataItem::OnReadDone(const DataItem::ReadCallback& callback,
434 std::unique_ptr<OperationResult> success,
435 std::unique_ptr<std::vector<char>> data) {
436 callback.Run(*success, std::move(data));
437 }
438
439 } // namespace lock_screen_data
440 } // namespace extensions
441