Chromium Code Reviews Chromium Code Reviews
Issue 10701075:
Remove chromeos::CryptohomeLibrary::HashPassword (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/parallel_authenticator.h" | 5 #include "chrome/browser/chromeos/login/parallel_authenticator.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/file_path.h" | 9 #include "base/file_path.h" |
| 10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| 11 #include "base/logging.h" | 11 #include "base/logging.h" |
| 12 #include "base/string_number_conversions.h" | |
| 12 #include "base/string_util.h" | 13 #include "base/string_util.h" |
| 13 #include "chrome/browser/chromeos/boot_times_loader.h" | 14 #include "chrome/browser/chromeos/boot_times_loader.h" |
| 14 #include "chrome/browser/chromeos/cros/cert_library.h" | 15 #include "chrome/browser/chromeos/cros/cert_library.h" |
| 15 #include "chrome/browser/chromeos/cros/cros_library.h" | 16 #include "chrome/browser/chromeos/cros/cros_library.h" |
| 16 #include "chrome/browser/chromeos/cros/cryptohome_library.h" | 17 #include "chrome/browser/chromeos/cros/cryptohome_library.h" |
| 17 #include "chrome/browser/chromeos/cros_settings.h" | 18 #include "chrome/browser/chromeos/cros_settings.h" |
| 18 #include "chrome/browser/chromeos/cryptohome/async_method_caller.h" | 19 #include "chrome/browser/chromeos/cryptohome/async_method_caller.h" |
| 19 #include "chrome/browser/chromeos/login/authentication_notification_details.h" | 20 #include "chrome/browser/chromeos/login/authentication_notification_details.h" |
| 20 #include "chrome/browser/chromeos/login/login_status_consumer.h" | 21 #include "chrome/browser/chromeos/login/login_status_consumer.h" |
| 21 #include "chrome/browser/chromeos/login/ownership_service.h" | 22 #include "chrome/browser/chromeos/login/ownership_service.h" |
| 22 #include "chrome/browser/chromeos/login/user_manager.h" | 23 #include "chrome/browser/chromeos/login/user_manager.h" |
| 23 #include "chrome/common/chrome_notification_types.h" | 24 #include "chrome/common/chrome_notification_types.h" |
| 24 #include "chrome/common/chrome_switches.h" | 25 #include "chrome/common/chrome_switches.h" |
| 25 #include "chrome/common/net/gaia/gaia_auth_util.h" | 26 #include "chrome/common/net/gaia/gaia_auth_util.h" |
| 26 #include "chromeos/dbus/cryptohome_client.h" | 27 #include "chromeos/dbus/cryptohome_client.h" |
| 27 #include "chromeos/dbus/dbus_thread_manager.h" | 28 #include "chromeos/dbus/dbus_thread_manager.h" |
| 28 #include "content/public/browser/browser_thread.h" | 29 #include "content/public/browser/browser_thread.h" |
| 29 #include "content/public/browser/notification_service.h" | 30 #include "content/public/browser/notification_service.h" |
| 31 #include "crypto/sha2.h" | |
| 30 #include "third_party/cros_system_api/dbus/service_constants.h" | 32 #include "third_party/cros_system_api/dbus/service_constants.h" |
| 31 | 33 |
| 32 using content::BrowserThread; | 34 using content::BrowserThread; |
| 33 | 35 |
| 34 namespace chromeos { | 36 namespace chromeos { |
| 35 | 37 |
| 36 namespace { | 38 namespace { |
| 37 | 39 |
| 38 // Milliseconds until we timeout our attempt to hit ClientLogin. | 40 // Milliseconds until we timeout our attempt to hit ClientLogin. |
| 39 const int kClientLoginTimeoutMs = 10000; | 41 const int kClientLoginTimeoutMs = 10000; |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 155 | 157 |
| 156 // Returns whether the login failure was connection issue. | 158 // Returns whether the login failure was connection issue. |
| 157 bool WasConnectionIssue(const LoginFailure& online_outcome) { | 159 bool WasConnectionIssue(const LoginFailure& online_outcome) { |
| 158 return ((online_outcome.reason() == LoginFailure::LOGIN_TIMED_OUT) || | 160 return ((online_outcome.reason() == LoginFailure::LOGIN_TIMED_OUT) || |
| 159 (online_outcome.error().state() == | 161 (online_outcome.error().state() == |
| 160 GoogleServiceAuthError::CONNECTION_FAILED) || | 162 GoogleServiceAuthError::CONNECTION_FAILED) || |
| 161 (online_outcome.error().state() == | 163 (online_outcome.error().state() == |
| 162 GoogleServiceAuthError::REQUEST_CANCELED)); | 164 GoogleServiceAuthError::REQUEST_CANCELED)); |
| 163 } | 165 } |
| 164 | 166 |
| 167 // Returns hash of |password|, salted with the system salt. | |
| 168 std::string HashPassword(const std::string& password) { | |
| 169 // Get salt, ascii encode, update sha with that, then update with ascii | |
| 170 // of password, then end. | |
| 171 const int kPassHashLen = 32; | |
|
stevenjb
2012/07/03 15:31:14
nit: constant at top of file
hashimoto
2012/07/04 04:33:34
Done.
| |
| 172 std::string ascii_salt = | |
| 173 CrosLibrary::Get()->GetCryptohomeLibrary()->GetSystemSalt(); | |
| 174 char passhash_buf[kPassHashLen]; | |
| 175 | |
| 176 // Hash salt and password | |
| 177 crypto::SHA256HashString(ascii_salt + password, | |
| 178 &passhash_buf, sizeof(passhash_buf)); | |
| 179 | |
| 180 return StringToLowerASCII(base::HexEncode( | |
| 181 reinterpret_cast<const void*>(passhash_buf), | |
| 182 sizeof(passhash_buf) / 2)); | |
|
stevenjb
2012/07/03 15:31:14
Why / 2? Maybe use a const or sizeof() instead of
hashimoto
2012/07/04 04:33:34
Looks like this '/2' trick has been there for 20 m
| |
| 183 } | |
| 184 | |
| 165 } // namespace | 185 } // namespace |
| 166 | 186 |
| 167 ParallelAuthenticator::ParallelAuthenticator(LoginStatusConsumer* consumer) | 187 ParallelAuthenticator::ParallelAuthenticator(LoginStatusConsumer* consumer) |
| 168 : Authenticator(consumer), | 188 : Authenticator(consumer), |
| 169 migrate_attempted_(false), | 189 migrate_attempted_(false), |
| 170 remove_attempted_(false), | 190 remove_attempted_(false), |
| 171 mount_guest_attempted_(false), | 191 mount_guest_attempted_(false), |
| 172 check_key_attempted_(false), | 192 check_key_attempted_(false), |
| 173 already_reported_success_(false), | 193 already_reported_success_(false), |
| 174 owner_is_verified_(false), | 194 owner_is_verified_(false), |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 186 const std::string& username, | 206 const std::string& username, |
| 187 const std::string& password, | 207 const std::string& password, |
| 188 const std::string& login_token, | 208 const std::string& login_token, |
| 189 const std::string& login_captcha) { | 209 const std::string& login_captcha) { |
| 190 std::string canonicalized = gaia::CanonicalizeEmail(username); | 210 std::string canonicalized = gaia::CanonicalizeEmail(username); |
| 191 authentication_profile_ = profile; | 211 authentication_profile_ = profile; |
| 192 current_state_.reset( | 212 current_state_.reset( |
| 193 new AuthAttemptState( | 213 new AuthAttemptState( |
| 194 canonicalized, | 214 canonicalized, |
| 195 password, | 215 password, |
| 196 CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password), | 216 HashPassword(password), |
| 197 login_token, | 217 login_token, |
| 198 login_captcha, | 218 login_captcha, |
| 199 !UserManager::Get()->IsKnownUser(canonicalized))); | 219 !UserManager::Get()->IsKnownUser(canonicalized))); |
| 200 { | 220 { |
| 201 // Reset the verified flag. | 221 // Reset the verified flag. |
| 202 base::AutoLock for_this_block(owner_verified_lock_); | 222 base::AutoLock for_this_block(owner_verified_lock_); |
| 203 owner_is_verified_ = false; | 223 owner_is_verified_ = false; |
| 204 } | 224 } |
| 205 | 225 |
| 206 const bool create_if_missing = false; | 226 const bool create_if_missing = false; |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 223 | 243 |
| 224 void ParallelAuthenticator::CompleteLogin(Profile* profile, | 244 void ParallelAuthenticator::CompleteLogin(Profile* profile, |
| 225 const std::string& username, | 245 const std::string& username, |
| 226 const std::string& password) { | 246 const std::string& password) { |
| 227 std::string canonicalized = gaia::CanonicalizeEmail(username); | 247 std::string canonicalized = gaia::CanonicalizeEmail(username); |
| 228 authentication_profile_ = profile; | 248 authentication_profile_ = profile; |
| 229 current_state_.reset( | 249 current_state_.reset( |
| 230 new AuthAttemptState( | 250 new AuthAttemptState( |
| 231 canonicalized, | 251 canonicalized, |
| 232 password, | 252 password, |
| 233 CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password), | 253 HashPassword(password), |
| 234 !UserManager::Get()->IsKnownUser(canonicalized))); | 254 !UserManager::Get()->IsKnownUser(canonicalized))); |
| 235 { | 255 { |
| 236 // Reset the verified flag. | 256 // Reset the verified flag. |
| 237 base::AutoLock for_this_block(owner_verified_lock_); | 257 base::AutoLock for_this_block(owner_verified_lock_); |
| 238 owner_is_verified_ = false; | 258 owner_is_verified_ = false; |
| 239 } | 259 } |
| 240 | 260 |
| 241 const bool create_if_missing = false; | 261 const bool create_if_missing = false; |
| 242 BrowserThread::PostTask( | 262 BrowserThread::PostTask( |
| 243 BrowserThread::UI, FROM_HERE, | 263 BrowserThread::UI, FROM_HERE, |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 263 BrowserThread::UI, FROM_HERE, | 283 BrowserThread::UI, FROM_HERE, |
| 264 base::Bind(&ParallelAuthenticator::ResolveLoginCompletionStatus, this)); | 284 base::Bind(&ParallelAuthenticator::ResolveLoginCompletionStatus, this)); |
| 265 } | 285 } |
| 266 } | 286 } |
| 267 | 287 |
| 268 void ParallelAuthenticator::AuthenticateToUnlock(const std::string& username, | 288 void ParallelAuthenticator::AuthenticateToUnlock(const std::string& username, |
| 269 const std::string& password) { | 289 const std::string& password) { |
| 270 current_state_.reset( | 290 current_state_.reset( |
| 271 new AuthAttemptState( | 291 new AuthAttemptState( |
| 272 gaia::CanonicalizeEmail(username), | 292 gaia::CanonicalizeEmail(username), |
| 273 CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password))); | 293 HashPassword(password))); |
| 274 check_key_attempted_ = true; | 294 check_key_attempted_ = true; |
| 275 BrowserThread::PostTask( | 295 BrowserThread::PostTask( |
| 276 BrowserThread::UI, FROM_HERE, | 296 BrowserThread::UI, FROM_HERE, |
| 277 base::Bind(&CheckKey, | 297 base::Bind(&CheckKey, |
| 278 current_state_.get(), | 298 current_state_.get(), |
| 279 static_cast<AuthAttemptStateResolver*>(this))); | 299 static_cast<AuthAttemptStateResolver*>(this))); |
| 280 } | 300 } |
| 281 | 301 |
| 282 void ParallelAuthenticator::LoginDemoUser() { | 302 void ParallelAuthenticator::LoginDemoUser() { |
| 283 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 303 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 360 const std::string& user_name) { | 380 const std::string& user_name) { |
| 361 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); | 381 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI)); |
| 362 DCHECK(using_oauth_); | 382 DCHECK(using_oauth_); |
| 363 // Mark this account's OAuth token state as invalid in the local state. | 383 // Mark this account's OAuth token state as invalid in the local state. |
| 364 UserManager::Get()->SaveUserOAuthStatus(user_name, | 384 UserManager::Get()->SaveUserOAuthStatus(user_name, |
| 365 User::OAUTH_TOKEN_STATUS_INVALID); | 385 User::OAUTH_TOKEN_STATUS_INVALID); |
| 366 } | 386 } |
| 367 | 387 |
| 368 void ParallelAuthenticator::RecoverEncryptedData( | 388 void ParallelAuthenticator::RecoverEncryptedData( |
| 369 const std::string& old_password) { | 389 const std::string& old_password) { |
| 370 std::string old_hash = | 390 std::string old_hash = HashPassword(old_password); |
| 371 CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(old_password); | |
| 372 migrate_attempted_ = true; | 391 migrate_attempted_ = true; |
| 373 current_state_->ResetCryptohomeStatus(); | 392 current_state_->ResetCryptohomeStatus(); |
| 374 BrowserThread::PostTask( | 393 BrowserThread::PostTask( |
| 375 BrowserThread::UI, FROM_HERE, | 394 BrowserThread::UI, FROM_HERE, |
| 376 base::Bind(&Migrate, | 395 base::Bind(&Migrate, |
| 377 current_state_.get(), | 396 current_state_.get(), |
| 378 static_cast<AuthAttemptStateResolver*>(this), | 397 static_cast<AuthAttemptStateResolver*>(this), |
| 379 true, | 398 true, |
| 380 old_hash)); | 399 old_hash)); |
| 381 } | 400 } |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 425 | 444 |
| 426 void ParallelAuthenticator::RetryAuth(Profile* profile, | 445 void ParallelAuthenticator::RetryAuth(Profile* profile, |
| 427 const std::string& username, | 446 const std::string& username, |
| 428 const std::string& password, | 447 const std::string& password, |
| 429 const std::string& login_token, | 448 const std::string& login_token, |
| 430 const std::string& login_captcha) { | 449 const std::string& login_captcha) { |
| 431 reauth_state_.reset( | 450 reauth_state_.reset( |
| 432 new AuthAttemptState( | 451 new AuthAttemptState( |
| 433 gaia::CanonicalizeEmail(username), | 452 gaia::CanonicalizeEmail(username), |
| 434 password, | 453 password, |
| 435 CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password), | 454 HashPassword(password), |
| 436 login_token, | 455 login_token, |
| 437 login_captcha, | 456 login_captcha, |
| 438 false /* not a new user */)); | 457 false /* not a new user */)); |
| 439 // Always use ClientLogin regardless of using_oauth flag. This is because | 458 // Always use ClientLogin regardless of using_oauth flag. This is because |
| 440 // we are unable to renew oauth token on lock screen currently and will | 459 // we are unable to renew oauth token on lock screen currently and will |
| 441 // stuck with lock screen if we use OAuthLogin here. | 460 // stuck with lock screen if we use OAuthLogin here. |
| 442 // TODO(xiyuan): Revisit this after we support Gaia in lock screen. | 461 // TODO(xiyuan): Revisit this after we support Gaia in lock screen. |
| 443 current_online_.reset(new OnlineAttempt(false /* using_oauth */, | 462 current_online_.reset(new OnlineAttempt(false /* using_oauth */, |
| 444 reauth_state_.get(), | 463 reauth_state_.get(), |
| 445 this)); | 464 this)); |
| (...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 778 } | 797 } |
| 779 | 798 |
| 780 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished, | 799 void ParallelAuthenticator::SetOwnerState(bool owner_check_finished, |
| 781 bool check_result) { | 800 bool check_result) { |
| 782 base::AutoLock for_this_block(owner_verified_lock_); | 801 base::AutoLock for_this_block(owner_verified_lock_); |
| 783 owner_is_verified_ = owner_check_finished; | 802 owner_is_verified_ = owner_check_finished; |
| 784 user_can_login_ = check_result; | 803 user_can_login_ = check_result; |
| 785 } | 804 } |
| 786 | 805 |
| 787 } // namespace chromeos | 806 } // namespace chromeos |
| OLD | NEW |
