| Index: chrome/browser/chromeos/login/parallel_authenticator.cc
|
| diff --git a/chrome/browser/chromeos/login/parallel_authenticator.cc b/chrome/browser/chromeos/login/parallel_authenticator.cc
|
| index cb4758de2353f73b7687d2f4b0f1104657369f3d..ed49bc3d26bd12946004f78c2906b5096d1b8d6b 100644
|
| --- a/chrome/browser/chromeos/login/parallel_authenticator.cc
|
| +++ b/chrome/browser/chromeos/login/parallel_authenticator.cc
|
| @@ -9,6 +9,7 @@
|
| #include "base/file_path.h"
|
| #include "base/file_util.h"
|
| #include "base/logging.h"
|
| +#include "base/string_number_conversions.h"
|
| #include "base/string_util.h"
|
| #include "chrome/browser/chromeos/boot_times_loader.h"
|
| #include "chrome/browser/chromeos/cros/cert_library.h"
|
| @@ -27,6 +28,7 @@
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "content/public/browser/browser_thread.h"
|
| #include "content/public/browser/notification_service.h"
|
| +#include "crypto/sha2.h"
|
| #include "third_party/cros_system_api/dbus/service_constants.h"
|
|
|
| using content::BrowserThread;
|
| @@ -38,6 +40,9 @@ namespace {
|
| // Milliseconds until we timeout our attempt to hit ClientLogin.
|
| const int kClientLoginTimeoutMs = 10000;
|
|
|
| +// Length of password hashed with SHA-256.
|
| +const int kPasswordHashLength = 32;
|
| +
|
| // Records status and calls resolver->Resolve().
|
| void TriggerResolve(AuthAttemptState* attempt,
|
| AuthAttemptStateResolver* resolver,
|
| @@ -162,6 +167,26 @@ bool WasConnectionIssue(const LoginFailure& online_outcome) {
|
| GoogleServiceAuthError::REQUEST_CANCELED));
|
| }
|
|
|
| +// Returns hash of |password|, salted with the system salt.
|
| +std::string HashPassword(const std::string& password) {
|
| + // Get salt, ascii encode, update sha with that, then update with ascii
|
| + // of password, then end.
|
| + std::string ascii_salt =
|
| + CrosLibrary::Get()->GetCryptohomeLibrary()->GetSystemSalt();
|
| + char passhash_buf[kPasswordHashLength];
|
| +
|
| + // Hash salt and password
|
| + crypto::SHA256HashString(ascii_salt + password,
|
| + &passhash_buf, sizeof(passhash_buf));
|
| +
|
| + // Only want the top half for 'weak' hashing so that the passphrase is not
|
| + // immediately exposed even if the output is reversed.
|
| + const int encoded_length = sizeof(passhash_buf) / 2;
|
| +
|
| + return StringToLowerASCII(base::HexEncode(
|
| + reinterpret_cast<const void*>(passhash_buf), encoded_length));
|
| +}
|
| +
|
| } // namespace
|
|
|
| ParallelAuthenticator::ParallelAuthenticator(LoginStatusConsumer* consumer)
|
| @@ -193,7 +218,7 @@ void ParallelAuthenticator::AuthenticateToLogin(
|
| new AuthAttemptState(
|
| canonicalized,
|
| password,
|
| - CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password),
|
| + HashPassword(password),
|
| login_token,
|
| login_captcha,
|
| !UserManager::Get()->IsKnownUser(canonicalized)));
|
| @@ -230,7 +255,7 @@ void ParallelAuthenticator::CompleteLogin(Profile* profile,
|
| new AuthAttemptState(
|
| canonicalized,
|
| password,
|
| - CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password),
|
| + HashPassword(password),
|
| !UserManager::Get()->IsKnownUser(canonicalized)));
|
| {
|
| // Reset the verified flag.
|
| @@ -270,7 +295,7 @@ void ParallelAuthenticator::AuthenticateToUnlock(const std::string& username,
|
| current_state_.reset(
|
| new AuthAttemptState(
|
| gaia::CanonicalizeEmail(username),
|
| - CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password)));
|
| + HashPassword(password)));
|
| check_key_attempted_ = true;
|
| BrowserThread::PostTask(
|
| BrowserThread::UI, FROM_HERE,
|
| @@ -367,8 +392,7 @@ void ParallelAuthenticator::RecordOAuthCheckFailure(
|
|
|
| void ParallelAuthenticator::RecoverEncryptedData(
|
| const std::string& old_password) {
|
| - std::string old_hash =
|
| - CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(old_password);
|
| + std::string old_hash = HashPassword(old_password);
|
| migrate_attempted_ = true;
|
| current_state_->ResetCryptohomeStatus();
|
| BrowserThread::PostTask(
|
| @@ -432,7 +456,7 @@ void ParallelAuthenticator::RetryAuth(Profile* profile,
|
| new AuthAttemptState(
|
| gaia::CanonicalizeEmail(username),
|
| password,
|
| - CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password),
|
| + HashPassword(password),
|
| login_token,
|
| login_captcha,
|
| false /* not a new user */));
|
|
|
Chromium Code Reviews
Issue 10701075:
Remove chromeos::CryptohomeLibrary::HashPassword (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src