Index: chrome/browser/chromeos/login/quick_unlock/pin_backend.h |
diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_backend.h b/chrome/browser/chromeos/login/quick_unlock/pin_backend.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..5aa4fdec007b884421ce12f0a597b0176994d9d0 |
--- /dev/null |
+++ b/chrome/browser/chromeos/login/quick_unlock/pin_backend.h |
@@ -0,0 +1,68 @@ |
+// Copyright 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ |
+#define CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ |
+ |
+#include <string> |
+ |
+#include "base/callback.h" |
+ |
+class AccountId; |
+ |
+namespace chromeos { |
+ |
+class UserContext; |
+ |
+namespace quick_unlock { |
+ |
+// TODO(jdufault): Implement pref pin -> cryptohome pin migration. We can |
+// maintain the salt, store the secret in cryptohome, and when the user enters a |
+// PIN we pre-hash and then submit to cryptohome. We have to drop the secret |
+// from prefs though. So essentially, we store the hashed pin in cryptohome. |
+// Maybe we just want to always do this for simplicity? Need to confirm with |
+// security this approach is fine. |
+ |
+// Provides api for accessing the user's pin. The underlying storage is either |
+// cryptohome or prefs. |
+class PinBackend { |
+ public: |
+ using BoolCallback = base::Callback<void(bool)>; |
+ |
+ // Check if the given account_id has a pin registered. |
+ static void IsSet(const AccountId& account_id, const BoolCallback& result); |
+ // Set the pin for the given user. |
+ static void Set(const UserContext& user_context, const std::string& pin); |
+ // Remove the given user's pin. |
+ static void Remove(const UserContext& user_context); |
+ |
+ // Is pin authentication available for the given account? Even if pin is set, |
+ // it may not be available for authentication due to some additional |
+ // restrictions. |
+ static void CanAuthenticate(const AccountId& account_id, |
+ const BoolCallback& result); |
+ // Try to authenticate. |
achuithb
2017/05/13 01:01:58
nit newline
jdufault
2017/06/06 18:17:06
Done.
|
+ static void TryAuthenticate(const AccountId& account_id, |
+ const std::string& pin, |
+ const BoolCallback& result); |
+ |
+ // This should be called when there has been a non-pin trusted authentication, |
+ // ie, password on the lock screen. |
+ static void NotifyAuthentication(const AccountId& account_id); |
+ |
+ // Computes the secret for a given |pin| and |salt|. |
+ static std::string ComputeSecret(const std::string& pin, |
+ const std::string& salt); |
+ |
+ // Resets any cached state for testing purposes. |
+ static void ResetForTesting(); |
+ |
+ private: |
+ DISALLOW_COPY_AND_ASSIGN(PinBackend); |
+}; |
+ |
+} // namespace quick_unlock |
+} // namespace chromeos |
+ |
+#endif // CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_ |