OLD | NEW |
| (Empty) |
1 // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // UsernamePasshash wraps a username/salted password hash pair that | |
6 // can be used to authenticate a user. | |
7 | |
8 #ifndef CRYPTOHOME_USERNAME_PASSHASH_H_ | |
9 #define CRYPTOHOME_USERNAME_PASSHASH_H_ | |
10 | |
11 #include "cryptohome/credentials.h" | |
12 | |
13 #include <string.h> | |
14 | |
15 #include "base/basictypes.h" | |
16 | |
17 namespace cryptohome { | |
18 | |
19 class UsernamePasshash : public Credentials { | |
20 public: | |
21 // |passhash| is a weak hash of the user's password, using the same | |
22 // algorithm that pam/pam_google/pam_mount use to get the user's | |
23 // plaintext passhash safely passed on to the login session. That | |
24 // means we compute a sha256sum of the ASCII encoded system salt plus | |
25 // the plaintext passhash, ASCII encode the result, and take the first | |
26 // 32 bytes. To say that in bash... | |
27 // | |
28 // $(cat <(echo -n $(xxd -p "$SYSTEM_SALT_FILE")) | |
29 // <(echo -n "$PASSHASH") | sha256sum | head -c 32) | |
30 // | |
31 UsernamePasshash(const char *username, const int username_length, | |
32 const char *passhash, const int passhash_length); | |
33 | |
34 ~UsernamePasshash() {} | |
35 | |
36 // Overridden from cryptohome::Credentials | |
37 void GetFullUsername(char *name_buffer, int length) const; | |
38 void GetPartialUsername(char *name_buffer, int length) const; | |
39 std::string GetObfuscatedUsername(const chromeos::Blob &system_salt) const; | |
40 std::string GetPasswordWeakHash(const chromeos::Blob &system_salt) const; | |
41 | |
42 private: | |
43 std::string username_; | |
44 std::string passhash_; | |
45 | |
46 DISALLOW_COPY_AND_ASSIGN(UsernamePasshash); | |
47 }; | |
48 | |
49 } // namespace cryptohome | |
50 | |
51 #endif // CRYPTOHOME_USERNAME_PASSHASH_H_ | |
OLD | NEW |