Add a lock to the managed user settings page and require authentication for unlocking.

chrome/browser/managed_mode/managed_user_passphrase.cc

Index: chrome/browser/managed_mode/managed_user_passphrase.cc
diff --git a/chrome/browser/managed_mode/managed_user_passphrase.cc b/chrome/browser/managed_mode/managed_user_passphrase.cc
new file mode 100644
index 0000000000000000000000000000000000000000..ed186918bdef229c8ffb1d3c295976f8ede634a0
--- /dev/null
+++ b/chrome/browser/managed_mode/managed_user_passphrase.cc
@@ -0,0 +1,73 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/managed_mode/managed_user_passphrase.h"
+
+#include <stdlib.h>
+#include <time.h>
+
+#include "base/base64.h"
+#include "base/logging.h"
+#include "crypto/encryptor.h"
+#include "crypto/symmetric_key.h"
+
+namespace {
+
+const int kNumberOfIterations = 1;

[Bernhard Bauer, 2013/01/07 14:39:22]

Fun fact: const variables automatically get internal linkage, so you don't need
the anonymous namespace around here.

+const int kDerivedKeySize = 128;
+
+}
+
+ManagedUserPassphrase::ManagedUserPassphrase(const std::string& salt) {
+  salt_ = salt;
+  if (salt_.size() == 0) {
+    GenerateRandomSalt();
+  }
+}
+
+ManagedUserPassphrase::~ManagedUserPassphrase() {}
+
+std::string ManagedUserPassphrase::GetSalt() {
+  return salt_;
+}
+
+void ManagedUserPassphrase::GenerateRandomSalt() {
+  salt_ = "";
+  srand(time(0));
+  for (int i = 0; i<32; ++i) {
+    salt_ += rand() % 128;
+  }
+  std::string temp = salt_;
+  if (!base::Base64Encode(temp, &salt_)) {
+    NOTREACHED();
+  }
+}
+
+void ManagedUserPassphrase::GenerateHashFromPassphrase(
+    const std::string& passphrase,
+    std::string* encoded_passphrase_hash) {
+  DCHECK(encoded_passphrase_hash);
+  std::string passphrase_hash;
+  GetPassphraseHash(passphrase, &passphrase_hash);
+  if (!base::Base64Encode(passphrase_hash, encoded_passphrase_hash)) {
+    NOTREACHED();
+  }
+}
+
+void ManagedUserPassphrase::GetPassphraseHash(const std::string& passphrase,
+    std::string* passphrase_hash) {
+  DCHECK(passphrase_hash);
+  // Create a hash from the user-provided passphrase and our hard-coded salt.
+  scoped_ptr<crypto::SymmetricKey> encryption_key(
+      crypto::SymmetricKey::DeriveKeyFromPassword(
+          crypto::SymmetricKey::AES,
+          passphrase,
+          salt_,
+          kNumberOfIterations,
+          kDerivedKeySize));
+  DCHECK(encryption_key.get());
+  if (!encryption_key->GetRawKey(passphrase_hash)) {
+    NOTREACHED();
+  }
+}