cros: Implement cryptohome backend for pin.

chrome/browser/chromeos/login/quick_unlock/pin_backend.h

Index: chrome/browser/chromeos/login/quick_unlock/pin_backend.h
diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_backend.h b/chrome/browser/chromeos/login/quick_unlock/pin_backend.h
new file mode 100644
index 0000000000000000000000000000000000000000..b79994d54a55690fda0bf4ae32901d8c3e9401c7
--- /dev/null
+++ b/chrome/browser/chromeos/login/quick_unlock/pin_backend.h
@@ -0,0 +1,69 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_
+#define CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_
+
+#include <string>
+
+#include "base/callback.h"
+
+class AccountId;
+
+namespace chromeos {
+
+class UserContext;
+
+namespace quick_unlock {
+
+// TODO(jdufault): Implement pref pin -> cryptohome pin migration. We can
+// maintain the salt, store the secret in cryptohome, and when the user enters a
+// PIN we pre-hash and then submit to cryptohome. We have to drop the secret
+// from prefs though. So essentially, we store the hashed pin in cryptohome.
+// Maybe we just want to always do this for simplicity? Need to confirm with
+// security this approach is fine.
+
+// Provides api for accessing the user's pin. The underlying storage is either
+// cryptohome or prefs.
+class PinBackend {
+ public:
+  using BoolCallback = base::Callback<void(bool)>;
+
+  // Check if the given account_id has a pin registered.
+  static void IsSet(const AccountId& account_id, const BoolCallback& result);
+  // Set the pin for the given user.
+  static void Set(const UserContext& user_context, const std::string& pin);
+  // Remove the given user's pin.
+  static void Remove(const UserContext& user_context);
+
+  // Is pin authentication available for the given account? Even if pin is set,
+  // it may not be available for authentication due to some additional
+  // restrictions.
+  static void CanAuthenticate(const AccountId& account_id,
+                              const BoolCallback& result);
+
+  // Try to authenticate.
+  static void TryAuthenticate(const AccountId& account_id,
+                              const std::string& pin,
+                              const BoolCallback& result);
+
+  // This should be called when there has been a non-pin trusted authentication,
+  // ie, password on the lock screen.
+  static void NotifyAuthentication(const AccountId& account_id);
+
+  // Computes the secret for a given |pin| and |salt|.
+  static std::string ComputeSecret(const std::string& pin,
+                                   const std::string& salt);
+
+  // Resets any cached state for testing purposes.
+  static void ResetForTesting();
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(PinBackend);
+};
+
+}  // namespace quick_unlock
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_QUICK_UNLOCK_PIN_BACKEND_H_