Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(108)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/login/managed/supervised_user_authentication.cc

Issue 296773002: Add a Key class (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebased. Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/login/managed/supervised_user_authentication.h ('k') | chrome/browser/chromeos/login/managed/supervised_user_authentication_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/login/managed/supervised_user_authentication.cc
diff --git a/chrome/browser/chromeos/login/managed/supervised_user_authentication.cc b/chrome/browser/chromeos/login/managed/supervised_user_authentication.cc
index 25e97d1af9e6e031ca95a7560b1244503a97d94d..ebec8a4647aa2174f78ae1fd9572b38bcade525c 100644
--- a/chrome/browser/chromeos/login/managed/supervised_user_authentication.cc
+++ b/chrome/browser/chromeos/login/managed/supervised_user_authentication.cc
@@ -11,6 +11,7 @@
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/threading/sequenced_worker_pool.h"
+#include "chrome/browser/chromeos/login/auth/key.h"
#include "chrome/browser/chromeos/login/managed/locally_managed_user_constants.h"
#include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
#include "chrome/browser/chromeos/login/users/user.h"
@@ -29,10 +30,6 @@ namespace {
// Byte size of hash salt.
const unsigned kSaltSize = 32;
-// Parameters of cryptographic hashing for new user schema.
-const unsigned kNumIterations = 1234;
-const unsigned kKeySizeInBits = 256;
-
// Size of key signature.
const unsigned kHMACKeySizeInBits = 256;
const int kSignatureLength = 32;
@@ -104,26 +101,7 @@ SupervisedUserAuthentication::GetStableSchema() {
return stable_schema_;
}
-std::string SupervisedUserAuthentication::TransformPassword(
- const std::string& user_id,
- const std::string& password) {
- int user_schema = GetPasswordSchema(user_id);
- if (user_schema == SCHEMA_PLAIN)
- return password;
-
- if (user_schema == SCHEMA_SALT_HASHED) {
- base::DictionaryValue holder;
- std::string salt;
- owner_->GetPasswordInformation(user_id, &holder);
- holder.GetStringWithoutPathExpansion(kSalt, &salt);
- DCHECK(!salt.empty());
- return BuildPasswordForHashWithSaltSchema(salt, password);
- }
- NOTREACHED();
- return password;
-}
-
-UserContext SupervisedUserAuthentication::TransformPasswordInContext(
+UserContext SupervisedUserAuthentication::TransformKey(
const UserContext& context) {
UserContext result = context;
int user_schema = GetPasswordSchema(context.GetUserID());
@@ -136,11 +114,10 @@ UserContext SupervisedUserAuthentication::TransformPasswordInContext(
owner_->GetPasswordInformation(context.GetUserID(), &holder);
holder.GetStringWithoutPathExpansion(kSalt, &salt);
DCHECK(!salt.empty());
- result.SetPassword(
- BuildPasswordForHashWithSaltSchema(salt, context.GetPassword()));
- result.SetDoesNeedPasswordHashing(false);
+ Key* const key = result.GetKey();
+ key->Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt);
+ key->SetLabel(kCryptohomeManagedUserKeyLabel);
result.SetIsUsingOAuth(false);
- result.SetKeyLabel(kCryptohomeManagedUserKeyLabel);
return result;
}
NOTREACHED() << "Unknown password schema for " << context.GetUserID();
@@ -162,10 +139,11 @@ bool SupervisedUserAuthentication::FillDataForNewUser(
password_data->SetStringWithoutPathExpansion(kSalt, salt);
int revision = kMinPasswordRevision;
password_data->SetIntegerWithoutPathExpansion(kPasswordRevision, revision);
- std::string salted_password =
- BuildPasswordForHashWithSaltSchema(salt, password);
- std::string base64_signature_key = BuildRawHMACKey();
- std::string base64_signature =
+ Key key(password);
+ key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt);
+ const std::string salted_password = key.GetSecret();
+ const std::string base64_signature_key = BuildRawHMACKey();
+ const std::string base64_signature =
BuildPasswordSignature(salted_password, revision, base64_signature_key);
password_data->SetStringWithoutPathExpansion(kEncryptedPassword,
salted_password);
@@ -312,22 +290,6 @@ void SupervisedUserAuthentication::LoadPasswordUpdateData(
base::Bind(&OnPasswordDataLoaded, success_callback, failure_callback));
}
-// static
-std::string SupervisedUserAuthentication::BuildPasswordForHashWithSaltSchema(
- const std::string& salt,
- const std::string& plain_password) {
- scoped_ptr<crypto::SymmetricKey> key(
- crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES,
- plain_password,
- salt,
- kNumIterations,
- kKeySizeInBits));
- std::string raw_result, result;
- key->GetRawKey(&raw_result);
- base::Base64Encode(raw_result, &result);
- return result;
-}
-
std::string SupervisedUserAuthentication::BuildPasswordSignature(
const std::string& password,
int revision,
« no previous file with comments | « chrome/browser/chromeos/login/managed/supervised_user_authentication.h ('k') | chrome/browser/chromeos/login/managed/supervised_user_authentication_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698