OLD | NEW |
| (Empty) |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | |
6 | |
7 #include "base/base64.h" | |
8 #include "base/strings/string_util.h" | |
9 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | |
10 #include "chrome/common/pref_names.h" | |
11 #include "chromeos/login/auth/key.h" | |
12 #include "components/prefs/pref_registry_simple.h" | |
13 #include "components/prefs/pref_service.h" | |
14 #include "crypto/random.h" | |
15 | |
16 namespace chromeos { | |
17 namespace quick_unlock { | |
18 | |
19 namespace { | |
20 | |
21 const int kSaltByteSize = 16; | |
22 | |
23 // Returns a new salt of length |kSaltByteSize|. | |
24 std::string CreateSalt() { | |
25 // The salt needs to be base64 encoded because the pref service requires a | |
26 // UTF8 string. | |
27 std::string salt; | |
28 crypto::RandBytes(base::WriteInto(&salt, kSaltByteSize + 1), kSaltByteSize); | |
29 base::Base64Encode(salt, &salt); | |
30 DCHECK(!salt.empty()); | |
31 return salt; | |
32 } | |
33 | |
34 // Computes the hash for |pin| and |salt|. | |
35 std::string ComputeSecret(const std::string& pin, const std::string& salt) { | |
36 Key key(pin); | |
37 key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt); | |
38 return key.GetSecret(); | |
39 } | |
40 | |
41 } // namespace | |
42 | |
43 // static | |
44 void PinStorage::RegisterProfilePrefs(PrefRegistrySimple* registry) { | |
45 registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, ""); | |
46 registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, ""); | |
47 } | |
48 | |
49 PinStorage::PinStorage(PrefService* pref_service) | |
50 : pref_service_(pref_service) {} | |
51 | |
52 PinStorage::~PinStorage() {} | |
53 | |
54 void PinStorage::AddUnlockAttempt() { | |
55 ++unlock_attempt_count_; | |
56 } | |
57 | |
58 void PinStorage::ResetUnlockAttemptCount() { | |
59 unlock_attempt_count_ = 0; | |
60 } | |
61 | |
62 bool PinStorage::IsPinSet() const { | |
63 return !PinSalt().empty() && !PinSecret().empty(); | |
64 } | |
65 | |
66 void PinStorage::SetPin(const std::string& pin) { | |
67 const std::string salt = CreateSalt(); | |
68 const std::string secret = ComputeSecret(pin, salt); | |
69 | |
70 pref_service_->SetString(prefs::kQuickUnlockPinSalt, salt); | |
71 pref_service_->SetString(prefs::kQuickUnlockPinSecret, secret); | |
72 } | |
73 | |
74 void PinStorage::RemovePin() { | |
75 pref_service_->SetString(prefs::kQuickUnlockPinSalt, ""); | |
76 pref_service_->SetString(prefs::kQuickUnlockPinSecret, ""); | |
77 } | |
78 | |
79 std::string PinStorage::PinSalt() const { | |
80 return pref_service_->GetString(prefs::kQuickUnlockPinSalt); | |
81 } | |
82 | |
83 std::string PinStorage::PinSecret() const { | |
84 return pref_service_->GetString(prefs::kQuickUnlockPinSecret); | |
85 } | |
86 | |
87 bool PinStorage::IsPinAuthenticationAvailable() const { | |
88 const bool exceeded_unlock_attempts = | |
89 unlock_attempt_count() >= kMaximumUnlockAttempts; | |
90 | |
91 return IsPinEnabled(pref_service_) && IsPinSet() && !exceeded_unlock_attempts; | |
92 } | |
93 | |
94 bool PinStorage::TryAuthenticatePin(const std::string& pin) { | |
95 if (!IsPinAuthenticationAvailable()) | |
96 return false; | |
97 | |
98 AddUnlockAttempt(); | |
99 return ComputeSecret(pin, PinSalt()) == PinSecret(); | |
100 } | |
101 | |
102 } // namespace quick_unlock | |
103 } // namespace chromeos | |
OLD | NEW |