OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/callback.h" |
| 11 |
| 12 class AccountId; |
| 13 |
| 14 namespace chromeos { |
| 15 |
| 16 class UserContext; |
| 17 |
| 18 namespace quick_unlock { |
| 19 |
| 20 // TODO(jdufault): Implement pref pin -> cryptohome pin migration. We can |
| 21 // maintain the salt, store the secret in cryptohome, and when the user enters a |
| 22 // PIN we pre-hash and then submit to cryptohome. We have to drop the secret |
| 23 // from prefs though. So essentially, we store the hashed pin in cryptohome. |
| 24 // Maybe we just want to always do this for simplicity? Need to confirm with |
| 25 // security this approach is fine. |
| 26 |
| 27 // Provides api for accessing the user's pin. The underlying storage is either |
| 28 // cryptohome or prefs. |
| 29 class PinBackend { |
| 30 public: |
| 31 using BoolCallback = base::Callback<void(bool)>; |
| 32 |
| 33 // Check if the given account_id has a pin registered. |
| 34 static void IsSet(const AccountId& account_id, const BoolCallback& result); |
| 35 // Set the pin for the given user. |
| 36 static void Set(const UserContext& user_context, const std::string& pin); |
| 37 // Remove the given user's pin. |
| 38 static void Remove(const UserContext& user_context); |
| 39 |
| 40 // Is pin authentication available for the given account? Even if pin is set, |
| 41 // it may not be available for authentication due to some additional |
| 42 // restrictions. |
| 43 static void CanAuthenticate(const AccountId& account_id, |
| 44 const BoolCallback& result); |
| 45 |
| 46 // Try to authenticate. |
| 47 static void TryAuthenticate(const AccountId& account_id, |
| 48 const std::string& pin, |
| 49 const BoolCallback& result); |
| 50 |
| 51 // This should be called when there has been a non-pin trusted authentication, |
| 52 // ie, password on the lock screen. |
| 53 static void NotifyAuthentication(const AccountId& account_id); |
| 54 |
| 55 // Computes the secret for a given |pin| and |salt|. |
| 56 static std::string ComputeSecret(const std::string& pin, |
| 57 const std::string& salt); |
| 58 |
| 59 // Resets any cached state for testing purposes. |
| 60 static void ResetForTesting(); |
| 61 |
| 62 private: |
| 63 DISALLOW_COPY_AND_ASSIGN(PinBackend); |
| 64 }; |
| 65 |
| 66 } // namespace quick_unlock |
| 67 } // namespace chromeos |
| 68 |
| 69 #endif // CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ |
OLD | NEW |