OLD | NEW |
| (Empty) |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CRYPTOHOME_AUTHENTICATOR_H_ | |
6 #define CRYPTOHOME_AUTHENTICATOR_H_ | |
7 | |
8 #include "base/basictypes.h" | |
9 #include "base/file_path.h" | |
10 #include "chromeos/utility.h" | |
11 #include "cryptohome/credentials.h" | |
12 | |
13 namespace cryptohome { | |
14 | |
15 // System salt and user dirs start here. | |
16 extern const std::string kDefaultShadowRoot; | |
17 | |
18 class Authenticator { | |
19 | |
20 public: | |
21 // Initializes the authenticator with the default shadow root of | |
22 // "/home/.shadow/". | |
23 Authenticator(); | |
24 | |
25 // Initializes the authenticator with an alternative shadow root. The | |
26 // shadow_root should point to a directory with the system salt and | |
27 // obfuscated user directories. | |
28 // | |
29 // Parameters | |
30 // shadow_root - A local file system path containing the system salt | |
31 // and obfuscated user directories. | |
32 // | |
33 explicit Authenticator(const std::string &shadow_root); | |
34 | |
35 virtual ~Authenticator(); | |
36 | |
37 // Loads the system salt, and anything else that might need to be done. | |
38 // This *must* be called before other methods. | |
39 // | |
40 // Returns false if the initialization fails for some reason. May also | |
41 // spew LOG messages on failure. | |
42 virtual bool Init(); | |
43 | |
44 // Enumerates all of the master keys (master.0, master.1, etc), looking | |
45 // for ones that can be successfully decrypted with the given credentials. | |
46 // | |
47 // Parameters | |
48 // credentials - An object representing the user's credentials. | |
49 // | |
50 virtual bool TestAllMasterKeys(const Credentials &credentials) const; | |
51 | |
52 private: | |
53 std::string shadow_root_; | |
54 chromeos::Blob system_salt_; | |
55 | |
56 bool LoadFileBytes(const FilePath &path, chromeos::Blob *blob) const; | |
57 bool LoadFileString(const FilePath &path, std::string *str) const; | |
58 | |
59 // Returns the system salt | |
60 chromeos::Blob GetSystemSalt() const; | |
61 | |
62 // "Wraps" the hashed password using the same algorithm as | |
63 // cryptohome::password_to_wrapper. This encodes the hashed_password in a | |
64 // master key specific salt, resulting in the passphrase for the master | |
65 // key. | |
66 // | |
67 // Parameters | |
68 // master_salt_file - The local filesystem path to the salt file for the | |
69 // master password that you intend to decrypt. | |
70 // hashed_password - The user's hashed password, as returned by | |
71 // Credentials::GetPasswordWeakHash. | |
72 // iters - The number of wrap iterations to perform. Should be the same | |
73 // number that were used by the cryptohome script to create the passphrase. | |
74 // | |
75 std::string IteratedWrapHashedPassword(const FilePath &master_salt_file, | |
76 const std::string &hashed_password, | |
77 const int iters) const; | |
78 | |
79 // Same as above, except with a default iters of 1. | |
80 std::string WrapHashedPassword(const FilePath &master_salt_file, | |
81 const std::string &hashed_password) const; | |
82 | |
83 bool TestDecrypt(const std::string passphrase, | |
84 const chromeos::Blob salt, | |
85 const chromeos::Blob cipher_text) const; | |
86 | |
87 // Attempts to decrypt a single master key. | |
88 // | |
89 // Parameters | |
90 // master_key_file - The full local filesystem path to the master key. | |
91 // hashed_password - The hashed password (as returned by | |
92 // Credentials.GetPasswordWeakHash) | |
93 // | |
94 bool TestOneMasterKey(const FilePath &master_key_file, | |
95 const std::string &hashed_password) const; | |
96 | |
97 DISALLOW_COPY_AND_ASSIGN(Authenticator); | |
98 }; | |
99 | |
100 } // namespace cryptohome | |
101 | |
102 #endif // CRYPTOHOME_AUTHENTICATOR_H_ | |
OLD | NEW |