Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2225)

Side by Side Diff: src/platform/cryptohome/authenticator.h

Issue 2051003: Initial patch from Will. (Closed) Base URL: ssh://git@chromiumos-git/chromiumos
Patch Set: Address style nits. Created 10 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef CRYPTOHOME_AUTHENTICATOR_H_
6 #define CRYPTOHOME_AUTHENTICATOR_H_
7
8 #include "base/basictypes.h"
9 #include "base/file_path.h"
10 #include "chromeos/utility.h"
11 #include "cryptohome/credentials.h"
12
13 namespace cryptohome {
14
15 // System salt and user dirs start here.
16 extern const std::string kDefaultShadowRoot;
17
18 class Authenticator {
19
20 public:
21 // Initializes the authenticator with the default shadow root of
22 // "/home/.shadow/".
23 Authenticator();
24
25 // Initializes the authenticator with an alternative shadow root. The
26 // shadow_root should point to a directory with the system salt and
27 // obfuscated user directories.
28 //
29 // Parameters
30 // shadow_root - A local file system path containing the system salt
31 // and obfuscated user directories.
32 //
33 explicit Authenticator(const std::string &shadow_root);
34
35 virtual ~Authenticator();
36
37 // Loads the system salt, and anything else that might need to be done.
38 // This *must* be called before other methods.
39 //
40 // Returns false if the initialization fails for some reason. May also
41 // spew LOG messages on failure.
42 virtual bool Init();
43
44 // Enumerates all of the master keys (master.0, master.1, etc), looking
45 // for ones that can be successfully decrypted with the given credentials.
46 //
47 // Parameters
48 // credentials - An object representing the user's credentials.
49 //
50 virtual bool TestAllMasterKeys(const Credentials &credentials) const;
51
52 private:
53 std::string shadow_root_;
54 chromeos::Blob system_salt_;
55
56 bool LoadFileBytes(const FilePath &path, chromeos::Blob *blob) const;
57 bool LoadFileString(const FilePath &path, std::string *str) const;
58
59 // Returns the system salt
60 chromeos::Blob GetSystemSalt() const;
61
62 // "Wraps" the hashed password using the same algorithm as
63 // cryptohome::password_to_wrapper. This encodes the hashed_password in a
64 // master key specific salt, resulting in the passphrase for the master
65 // key.
66 //
67 // Parameters
68 // master_salt_file - The local filesystem path to the salt file for the
69 // master password that you intend to decrypt.
70 // hashed_password - The user's hashed password, as returned by
71 // Credentials::GetPasswordWeakHash.
72 // iters - The number of wrap iterations to perform. Should be the same
73 // number that were used by the cryptohome script to create the passphrase.
74 //
75 std::string IteratedWrapHashedPassword(const FilePath &master_salt_file,
76 const std::string &hashed_password,
77 const int iters) const;
78
79 // Same as above, except with a default iters of 1.
80 std::string WrapHashedPassword(const FilePath &master_salt_file,
81 const std::string &hashed_password) const;
82
83 bool TestDecrypt(const std::string passphrase,
84 const chromeos::Blob salt,
85 const chromeos::Blob cipher_text) const;
86
87 // Attempts to decrypt a single master key.
88 //
89 // Parameters
90 // master_key_file - The full local filesystem path to the master key.
91 // hashed_password - The hashed password (as returned by
92 // Credentials.GetPasswordWeakHash)
93 //
94 bool TestOneMasterKey(const FilePath &master_key_file,
95 const std::string &hashed_password) const;
96
97 DISALLOW_COPY_AND_ASSIGN(Authenticator);
98 };
99
100 } // namespace cryptohome
101
102 #endif // CRYPTOHOME_AUTHENTICATOR_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698