cryptohome/user_secret_stash_storage.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2021 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "cryptohome/user_secret_stash_storage.h"

 #include <sys/stat.h>

 #include <optional>
 #include <string>

 #include <base/files/file_path.h>
 #include <base/logging.h>
 #include <brillo/secure_blob.h>

 #include "cryptohome/error/location_utils.h"
 #include "cryptohome/filesystem_layout.h"
 #include "cryptohome/platform.h"

 using ::cryptohome::error::CryptohomeError;
 using ::cryptohome::error::ErrorAction;
 using ::cryptohome::error::ErrorActionSet;
 using ::hwsec_foundation::status::MakeStatus;
 using ::hwsec_foundation::status::OkStatus;
 using ::hwsec_foundation::status::StatusChain;

 namespace cryptohome {

 // Use rw------- for the USS files.
 constexpr mode_t kUserSecretStashFilePermissions = 0600;

 UserSecretStashStorage::UserSecretStashStorage(Platform* platform)
     : platform_(platform) {}

 UserSecretStashStorage::~UserSecretStashStorage() = default;

 CryptohomeStatus UserSecretStashStorage::Persist(
     const brillo::Blob& uss_container_flatbuffer,
     const std::string& obfuscated_username) {
   // TODO(b:232299885): Write to the next available slot, and clean up old slots
   // when necessary.
   const base::FilePath path =
       UserSecretStashPath(obfuscated_username, kUserSecretStashDefaultSlot);
   if (!platform_->WriteFileAtomicDurable(path, uss_container_flatbuffer,
                                          kUserSecretStashFilePermissions)) {
     LOG(ERROR) << "Failed to store the UserSecretStash file for "
                << obfuscated_username;
     return MakeStatus<CryptohomeError>(
         CRYPTOHOME_ERR_LOC(kLocUSSStorageWriteFailedInPersist),
         ErrorActionSet(
             {ErrorAction::kReboot, ErrorAction::kDevCheckUnexpectedState}),
         user_data_auth::CRYPTOHOME_ERROR_BACKING_STORE_FAILURE);
   }
   return OkStatus<CryptohomeError>();
 }

 CryptohomeStatusOr<brillo::Blob> UserSecretStashStorage::LoadPersisted(
     const std::string& obfuscated_username) {
   // TODO(b:232299885): Read from the latest available slot.
   const base::FilePath path =
       UserSecretStashPath(obfuscated_username, kUserSecretStashDefaultSlot);
   brillo::Blob uss_container_flatbuffer;
   if (!platform_->ReadFile(path, &uss_container_flatbuffer)) {
     LOG(ERROR) << "Failed to load the UserSecretStash file for "
                << obfuscated_username;
     return MakeStatus<CryptohomeError>(
         CRYPTOHOME_ERR_LOC(kLocUSSStorageReadFailedInLoadPersisted),
         ErrorActionSet({ErrorAction::kReboot, ErrorAction::kDeleteVault,
                         ErrorAction::kAuth,
                         ErrorAction::kDevCheckUnexpectedState}),
         user_data_auth::CRYPTOHOME_ERROR_BACKING_STORE_FAILURE);
   }
   return uss_container_flatbuffer;
 }

 }  // namespace cryptohome
	// Copyright 2021 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "cryptohome/user_secret_stash_storage.h"

	#include <sys/stat.h>

	#include <optional>
	#include <string>

	#include <base/files/file_path.h>
	#include <base/logging.h>
	#include <brillo/secure_blob.h>

	#include "cryptohome/error/location_utils.h"
	#include "cryptohome/filesystem_layout.h"
	#include "cryptohome/platform.h"

	using ::cryptohome::error::CryptohomeError;
	using ::cryptohome::error::ErrorAction;
	using ::cryptohome::error::ErrorActionSet;
	using ::hwsec_foundation::status::MakeStatus;
	using ::hwsec_foundation::status::OkStatus;
	using ::hwsec_foundation::status::StatusChain;

	namespace cryptohome {

	// Use rw------- for the USS files.
	constexpr mode_t kUserSecretStashFilePermissions = 0600;

	UserSecretStashStorage::UserSecretStashStorage(Platform* platform)
	: platform_(platform) {}

	UserSecretStashStorage::~UserSecretStashStorage() = default;

	CryptohomeStatus UserSecretStashStorage::Persist(
	const brillo::Blob& uss_container_flatbuffer,
	const std::string& obfuscated_username) {
	// TODO(b:232299885): Write to the next available slot, and clean up old slots
	// when necessary.
	const base::FilePath path =
	UserSecretStashPath(obfuscated_username, kUserSecretStashDefaultSlot);
	if (!platform_->WriteFileAtomicDurable(path, uss_container_flatbuffer,
	kUserSecretStashFilePermissions)) {
	LOG(ERROR) << "Failed to store the UserSecretStash file for "
	<< obfuscated_username;
	return MakeStatus<CryptohomeError>(
	CRYPTOHOME_ERR_LOC(kLocUSSStorageWriteFailedInPersist),
	ErrorActionSet(
	{ErrorAction::kReboot, ErrorAction::kDevCheckUnexpectedState}),
	user_data_auth::CRYPTOHOME_ERROR_BACKING_STORE_FAILURE);
	}
	return OkStatus<CryptohomeError>();
	}

	CryptohomeStatusOr<brillo::Blob> UserSecretStashStorage::LoadPersisted(
	const std::string& obfuscated_username) {
	// TODO(b:232299885): Read from the latest available slot.
	const base::FilePath path =
	UserSecretStashPath(obfuscated_username, kUserSecretStashDefaultSlot);
	brillo::Blob uss_container_flatbuffer;
	if (!platform_->ReadFile(path, &uss_container_flatbuffer)) {
	LOG(ERROR) << "Failed to load the UserSecretStash file for "
	<< obfuscated_username;
	return MakeStatus<CryptohomeError>(
	CRYPTOHOME_ERR_LOC(kLocUSSStorageReadFailedInLoadPersisted),
	ErrorActionSet({ErrorAction::kReboot, ErrorAction::kDeleteVault,
	ErrorAction::kAuth,
	ErrorAction::kDevCheckUnexpectedState}),
	user_data_auth::CRYPTOHOME_ERROR_BACKING_STORE_FAILURE);
	}
	return uss_container_flatbuffer;
	}

	} // namespace cryptohome