OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ | |
6 #define CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ | |
7 | |
8 #include <string> | |
9 | |
10 #include "base/callback.h" | |
11 | |
12 class AccountId; | |
13 | |
14 namespace chromeos { | |
15 | |
16 class UserContext; | |
17 | |
18 namespace quick_unlock { | |
19 | |
20 // TODO(jdufault): Implement pref pin -> cryptohome pin migration. We can | |
21 // maintain the salt, store the secret in cryptohome, and when the user enters a | |
22 // PIN we pre-hash and then submit to cryptohome. We have to drop the secret | |
23 // from prefs though. So essentially, we store the hashed pin in cryptohome. | |
24 // Maybe we just want to always do this for simplicity? Need to confirm with | |
25 // security this approach is fine. | |
26 | |
27 // Provides api for accessing the user's pin. The underlying storage is either | |
28 // cryptohome or prefs. | |
29 class PinBackend { | |
30 public: | |
31 using BoolCallback = base::Callback<void(bool)>; | |
32 | |
33 // Check if the given account_id has a pin registered. | |
34 static void IsSet(const AccountId& account_id, const BoolCallback& result); | |
35 // Set the pin for the given user. | |
36 static void Set(const UserContext& user_context, const std::string& pin); | |
37 // Remove the given user's pin. | |
38 static void Remove(const UserContext& user_context); | |
39 | |
40 // Is pin authentication available for the given account? Even if pin is set, | |
41 // it may not be available for authentication due to some additional | |
42 // restrictions. | |
43 static void CanAuthenticate(const AccountId& account_id, | |
44 const BoolCallback& result); | |
45 // Try to authenticate. | |
achuithb
2017/05/13 01:01:58
nit newline
jdufault
2017/06/06 18:17:06
Done.
| |
46 static void TryAuthenticate(const AccountId& account_id, | |
47 const std::string& pin, | |
48 const BoolCallback& result); | |
49 | |
50 // This should be called when there has been a non-pin trusted authentication, | |
51 // ie, password on the lock screen. | |
52 static void NotifyAuthentication(const AccountId& account_id); | |
53 | |
54 // Computes the secret for a given |pin| and |salt|. | |
55 static std::string ComputeSecret(const std::string& pin, | |
56 const std::string& salt); | |
57 | |
58 // Resets any cached state for testing purposes. | |
59 static void ResetForTesting(); | |
60 | |
61 private: | |
62 DISALLOW_COPY_AND_ASSIGN(PinBackend); | |
63 }; | |
64 | |
65 } // namespace quick_unlock | |
66 } // namespace chromeos | |
67 | |
68 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ | |
OLD | NEW |