cros: Implement cryptohome backend for pin.

chrome/browser/chromeos/login/quick_unlock/pin_storage_prefs.cc

Index: chrome/browser/chromeos/login/quick_unlock/pin_storage_prefs.cc
diff --git a/chrome/browser/chromeos/login/quick_unlock/pin_storage_prefs.cc b/chrome/browser/chromeos/login/quick_unlock/pin_storage_prefs.cc
new file mode 100644
index 0000000000000000000000000000000000000000..49e6f6b1c3ade798c3ae2e43a158f683659a5e3e
--- /dev/null
+++ b/chrome/browser/chromeos/login/quick_unlock/pin_storage_prefs.cc
@@ -0,0 +1,102 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/login/quick_unlock/pin_storage_prefs.h"
+
+#include "base/base64.h"
+#include "base/strings/string_util.h"
+#include "chrome/browser/chromeos/login/quick_unlock/pin_backend.h"
+#include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h"
+#include "chrome/browser/profiles/profile.h"
+#include "chrome/common/pref_names.h"
+#include "components/prefs/pref_registry_simple.h"
+#include "components/prefs/pref_service.h"
+#include "crypto/random.h"
+
+namespace chromeos {
+namespace quick_unlock {
+
+namespace {
+
+const int kSaltByteSize = 16;
+
+// Returns a new salt of length |kSaltByteSize|.
+std::string CreateSalt() {
+  // The salt needs to be base64 encoded because the pref service requires a
+  // UTF8 string.
+  std::string salt;
+  crypto::RandBytes(base::WriteInto(&salt, kSaltByteSize + 1), kSaltByteSize);
+  base::Base64Encode(salt, &salt);
+  DCHECK(!salt.empty());
+  return salt;
+}
+
+}  // namespace
+
+// static
+void PinStoragePrefs::RegisterProfilePrefs(PrefRegistrySimple* registry) {
+  registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, "");
+  registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, "");
+}
+
+PinStoragePrefs::PinStoragePrefs(Profile* profile) : profile_(profile) {}
+
+PinStoragePrefs::~PinStoragePrefs() {}
+
+bool PinStoragePrefs::IsPinSet() const {
+  return !PinSalt().empty() && !PinSecret().empty();
+}
+
+void PinStoragePrefs::SetPin(const std::string& pin) {
+  const std::string salt = CreateSalt();
+  const std::string secret = PinBackend::ComputeSecret(pin, salt);
+
+  profile_->GetPrefs()->SetString(prefs::kQuickUnlockPinSalt, salt);
+  profile_->GetPrefs()->SetString(prefs::kQuickUnlockPinSecret, secret);
+}
+
+void PinStoragePrefs::RemovePin() {
+  profile_->GetPrefs()->SetString(prefs::kQuickUnlockPinSalt, "");
+  profile_->GetPrefs()->SetString(prefs::kQuickUnlockPinSecret, "");
+}
+
+std::string PinStoragePrefs::PinSalt() const {
+  return profile_->GetPrefs()->GetString(prefs::kQuickUnlockPinSalt);
+}
+
+std::string PinStoragePrefs::PinSecret() const {
+  return profile_->GetPrefs()->GetString(prefs::kQuickUnlockPinSecret);
+}
+
+bool PinStoragePrefs::IsPinAuthenticationAvailable() const {
+  const bool exceeded_unlock_attempts =
+      unlock_attempt_count() >= kMaximumUnlockAttempts;
+
+  return IsPinEnabled(profile_->GetPrefs()) && IsPinSet() &&
+         !exceeded_unlock_attempts;
+}
+
+bool PinStoragePrefs::TryAuthenticatePin(const std::string& pin) {
+  if (!IsPinAuthenticationAvailable()) {
+    return false;
+  }
+
+  AddUnlockAttempt();
+  return PinBackend::ComputeSecret(pin, PinSalt()) == PinSecret();
+}
+
+bool PinStoragePrefs::NeedsStrongAuth() const {
+  return true;
+}
+
+void PinStoragePrefs::ResetUnlockAttemptCount() {
+  unlock_attempt_count_ = 0;
+}
+
+void PinStoragePrefs::AddUnlockAttempt() {
+  ++unlock_attempt_count_;
+}
+
+}  // namespace quick_unlock
+}  // namespace chromeos