| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | |
| 6 | |
| 7 #include "base/base64.h" | |
| 8 #include "base/strings/string_util.h" | |
| 9 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | |
| 10 #include "chrome/common/pref_names.h" | |
| 11 #include "chromeos/login/auth/key.h" | |
| 12 #include "components/prefs/pref_registry_simple.h" | |
| 13 #include "components/prefs/pref_service.h" | |
| 14 #include "crypto/random.h" | |
| 15 | |
| 16 namespace chromeos { | |
| 17 namespace quick_unlock { | |
| 18 | |
| 19 namespace { | |
| 20 | |
| 21 const int kSaltByteSize = 16; | |
| 22 | |
| 23 // Returns a new salt of length |kSaltByteSize|. | |
| 24 std::string CreateSalt() { | |
| 25 // The salt needs to be base64 encoded because the pref service requires a | |
| 26 // UTF8 string. | |
| 27 std::string salt; | |
| 28 crypto::RandBytes(base::WriteInto(&salt, kSaltByteSize + 1), kSaltByteSize); | |
| 29 base::Base64Encode(salt, &salt); | |
| 30 DCHECK(!salt.empty()); | |
| 31 return salt; | |
| 32 } | |
| 33 | |
| 34 // Computes the hash for |pin| and |salt|. | |
| 35 std::string ComputeSecret(const std::string& pin, const std::string& salt) { | |
| 36 Key key(pin); | |
| 37 key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt); | |
| 38 return key.GetSecret(); | |
| 39 } | |
| 40 | |
| 41 } // namespace | |
| 42 | |
| 43 // static | |
| 44 void PinStorage::RegisterProfilePrefs(PrefRegistrySimple* registry) { | |
| 45 registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, ""); | |
| 46 registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, ""); | |
| 47 } | |
| 48 | |
| 49 PinStorage::PinStorage(PrefService* pref_service) | |
| 50 : pref_service_(pref_service) {} | |
| 51 | |
| 52 PinStorage::~PinStorage() {} | |
| 53 | |
| 54 void PinStorage::AddUnlockAttempt() { | |
| 55 ++unlock_attempt_count_; | |
| 56 } | |
| 57 | |
| 58 void PinStorage::ResetUnlockAttemptCount() { | |
| 59 unlock_attempt_count_ = 0; | |
| 60 } | |
| 61 | |
| 62 bool PinStorage::IsPinSet() const { | |
| 63 return !PinSalt().empty() && !PinSecret().empty(); | |
| 64 } | |
| 65 | |
| 66 void PinStorage::SetPin(const std::string& pin) { | |
| 67 const std::string salt = CreateSalt(); | |
| 68 const std::string secret = ComputeSecret(pin, salt); | |
| 69 | |
| 70 pref_service_->SetString(prefs::kQuickUnlockPinSalt, salt); | |
| 71 pref_service_->SetString(prefs::kQuickUnlockPinSecret, secret); | |
| 72 } | |
| 73 | |
| 74 void PinStorage::RemovePin() { | |
| 75 pref_service_->SetString(prefs::kQuickUnlockPinSalt, ""); | |
| 76 pref_service_->SetString(prefs::kQuickUnlockPinSecret, ""); | |
| 77 } | |
| 78 | |
| 79 std::string PinStorage::PinSalt() const { | |
| 80 return pref_service_->GetString(prefs::kQuickUnlockPinSalt); | |
| 81 } | |
| 82 | |
| 83 std::string PinStorage::PinSecret() const { | |
| 84 return pref_service_->GetString(prefs::kQuickUnlockPinSecret); | |
| 85 } | |
| 86 | |
| 87 bool PinStorage::IsPinAuthenticationAvailable() const { | |
| 88 const bool exceeded_unlock_attempts = | |
| 89 unlock_attempt_count() >= kMaximumUnlockAttempts; | |
| 90 | |
| 91 return IsPinEnabled(pref_service_) && IsPinSet() && !exceeded_unlock_attempts; | |
| 92 } | |
| 93 | |
| 94 bool PinStorage::TryAuthenticatePin(const std::string& pin) { | |
| 95 if (!IsPinAuthenticationAvailable()) | |
| 96 return false; | |
| 97 | |
| 98 AddUnlockAttempt(); | |
| 99 return ComputeSecret(pin, PinSalt()) == PinSecret(); | |
| 100 } | |
| 101 | |
| 102 } // namespace quick_unlock | |
| 103 } // namespace chromeos | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2809993004:
cros: Implement cryptohome backend for pin.
