chrome/browser/chromeos/login/quick_unlock/pin_storage.cc - Issue 2387253002: cros: Added policies for screen unlock.

Side by Side Diff: chrome/browser/chromeos/login/quick_unlock/pin_storage.cc

Issue 2387253002: cros: Added policies for screen unlock. (Closed)

Patch Set: Fixed patch set 5 errors. Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« no previous file with comments | « chrome/browser/chromeos/login/quick_unlock/pin_storage.h ('k') | chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc » ('j') | chrome/browser/chromeos/login/quick_unlock/pin_storage_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h"	5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h"

6	6

7 #include "base/base64.h"	7 #include "base/base64.h"

8 #include "base/strings/string_util.h"	8 #include "base/strings/string_util.h"

9 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"	9 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"

10 #include "chrome/common/pref_names.h"	10 #include "chrome/common/pref_names.h"

(...skipping 19 matching lines...) Expand all Loading...
30 return salt;	30 return salt;

31 }	31 }

32	32

33 // Computes the hash for \|pin\| and \|salt\|.	33 // Computes the hash for \|pin\| and \|salt\|.

34 std::string ComputeSecret(const std::string& pin, const std::string& salt) {	34 std::string ComputeSecret(const std::string& pin, const std::string& salt) {

35 Key key(pin);	35 Key key(pin);

36 key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt);	36 key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt);

37 return key.GetSecret();	37 return key.GetSecret();

38 }	38 }

39	39

	40 base::TimeDelta PasswordConfirmationFrequencyFrequencyToTimeDelta(

	41 PasswordConfirmationFrequency frequency) {

	42 switch (frequency) {

	43 case PasswordConfirmationFrequency::SIX_HOURS:

	44 return base::TimeDelta::FromHours(6);

	45 case PasswordConfirmationFrequency::TWELVE_HOURS:

	46 return base::TimeDelta::FromHours(12);

	47 case PasswordConfirmationFrequency::DAY:

	48 return base::TimeDelta::FromDays(1);

	49 case PasswordConfirmationFrequency::WEEK:

	50 return base::TimeDelta::FromDays(7);

	51 default:
	jdufault 2016/10/25 17:39:50 Remove default case. If you leave it there, I beli Remove default case. If you leave it there, I believe the compiler will not give a warning about a missing entry. sammiequon 2016/10/25 19:18:41 Done. Show quoted text On 2016/10/25 17:39:50, jdufault wrote: > Remove default case. If you leave it there, I believe the compiler will not give > a warning about a missing entry. Done.
	52 NOTREACHED();

	53 return base::TimeDelta();

	54 }

	55 return base::TimeDelta();
	jdufault 2016/10/25 17:39:50 Add NOTREACHED() above this line. Add NOTREACHED() above this line. sammiequon 2016/10/25 19:18:41 Done. Show quoted text On 2016/10/25 17:39:50, jdufault wrote: > Add NOTREACHED() above this line. Done.
	56 }

	57

40 } // namespace	58 } // namespace

41	59

42 // static	60 // static

43 const base::TimeDelta PinStorage::kStrongAuthTimeout =

44 base::TimeDelta::FromHours(24);

45

46 // static

47 void PinStorage::RegisterProfilePrefs(	61 void PinStorage::RegisterProfilePrefs(

48 user_prefs::PrefRegistrySyncable* registry) {	62 user_prefs::PrefRegistrySyncable* registry) {

49 registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, "",	63 registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, "",

50 user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);	64 user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);

51 registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, "",	65 registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, "",

52 user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);	66 user_prefs::PrefRegistrySyncable::SYNCABLE_PREF);

53 }	67 }

54	68

55 PinStorage::PinStorage(PrefService* pref_service)	69 PinStorage::PinStorage(PrefService* pref_service)

56 : pref_service_(pref_service) {}	70 : pref_service_(pref_service) {}

57	71

58 PinStorage::~PinStorage() {}	72 PinStorage::~PinStorage() {}

59	73

60 void PinStorage::MarkStrongAuth() {	74 void PinStorage::MarkStrongAuth() {

61 last_strong_auth_ = base::Time::Now();	75 last_strong_auth_ = base::Time::Now();

62 ResetUnlockAttemptCount();	76 ResetUnlockAttemptCount();

63 }	77 }

64	78

65 bool PinStorage::HasStrongAuth() const {	79 bool PinStorage::HasStrongAuth() const {

66 return !last_strong_auth_.is_null();	80 if (last_strong_auth_.is_null())

	81 return false;

	82

	83 PasswordConfirmationFrequency strong_auth_interval =

	84 static_cast<PasswordConfirmationFrequency>(

	85 pref_service_->GetInteger(prefs::kQuickUnlockTimeout));

	86 base::TimeDelta strong_auth_timeout =

	87 PasswordConfirmationFrequencyFrequencyToTimeDelta(strong_auth_interval);

	88

	89 return TimeSinceLastStrongAuth() < strong_auth_timeout;

67 }	90 }

68	91

69 base::TimeDelta PinStorage::TimeSinceLastStrongAuth() const {	92 base::TimeDelta PinStorage::TimeSinceLastStrongAuth() const {

70 DCHECK(!last_strong_auth_.is_null());	93 DCHECK(!last_strong_auth_.is_null());

71 return base::Time::Now() - last_strong_auth_;	94 return base::Time::Now() - last_strong_auth_;

72 }	95 }

73	96

74 void PinStorage::AddUnlockAttempt() {	97 void PinStorage::AddUnlockAttempt() {

75 ++unlock_attempt_count_;	98 ++unlock_attempt_count_;

76 }	99 }

(...skipping 23 matching lines...) Expand all Loading...
100 return pref_service_->GetString(prefs::kQuickUnlockPinSalt);	123 return pref_service_->GetString(prefs::kQuickUnlockPinSalt);

101 }	124 }

102	125

103 std::string PinStorage::PinSecret() const {	126 std::string PinStorage::PinSecret() const {

104 return pref_service_->GetString(prefs::kQuickUnlockPinSecret);	127 return pref_service_->GetString(prefs::kQuickUnlockPinSecret);

105 }	128 }

106	129

107 bool PinStorage::IsPinAuthenticationAvailable() const {	130 bool PinStorage::IsPinAuthenticationAvailable() const {

108 const bool exceeded_unlock_attempts =	131 const bool exceeded_unlock_attempts =

109 unlock_attempt_count() >= kMaximumUnlockAttempts;	132 unlock_attempt_count() >= kMaximumUnlockAttempts;

110 const bool has_strong_auth =	133 const bool has_strong_auth = HasStrongAuth();
	jdufault 2016/10/25 17:39:50 Remove the has_strong_auth variable. Remove the has_strong_auth variable. sammiequon 2016/10/25 19:18:41 Done. Show quoted text On 2016/10/25 17:39:50, jdufault wrote: > Remove the has_strong_auth variable. Done.
111 HasStrongAuth() && TimeSinceLastStrongAuth() < kStrongAuthTimeout;

112	134

113 return IsQuickUnlockEnabled() && IsPinSet() && has_strong_auth &&	135 return IsQuickUnlockEnabled(pref_service_) && IsPinSet() && has_strong_auth &&

114 !exceeded_unlock_attempts;	136 !exceeded_unlock_attempts;

115 }	137 }

116	138

117 bool PinStorage::TryAuthenticatePin(const std::string& pin) {	139 bool PinStorage::TryAuthenticatePin(const std::string& pin) {

118 if (!IsPinAuthenticationAvailable())	140 if (!IsPinAuthenticationAvailable())

119 return false;	141 return false;

120	142

121 AddUnlockAttempt();	143 AddUnlockAttempt();

122 return ComputeSecret(pin, PinSalt()) == PinSecret();	144 return ComputeSecret(pin, PinSalt()) == PinSecret();

123 }	145 }

124	146

125 } // namespace chromeos	147 } // namespace chromeos

OLD	NEW