Chromium Code Reviews Chromium Code Reviews
Issue 729803002:
Easy Sign-in: Use TPM RSA key to sign nonce in sign-in protocol (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/signin/easy_unlock_service.cc |
| diff --git a/chrome/browser/signin/easy_unlock_service.cc b/chrome/browser/signin/easy_unlock_service.cc |
| index 2c90f81781a0094b4290c4402223538d4f5fdd1a..28aae8dbe57aa1c88fc1bfea79f5864bc1af7b8f 100644 |
| --- a/chrome/browser/signin/easy_unlock_service.cc |
| +++ b/chrome/browser/signin/easy_unlock_service.cc |
| @@ -29,6 +29,7 @@ |
| #include "components/pref_registry/pref_registry_syncable.h" |
| #include "components/proximity_auth/switches.h" |
| #include "components/user_manager/user.h" |
| +#include "components/user_manager/user_manager.h" |
| #include "device/bluetooth/bluetooth_adapter.h" |
| #include "device/bluetooth/bluetooth_adapter_factory.h" |
| #include "extensions/browser/event_router.h" |
| @@ -39,6 +40,8 @@ |
| #if defined(OS_CHROMEOS) |
| #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h" |
| +#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h" |
| +#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager_factory.h" |
| #include "chrome/browser/chromeos/login/session/user_session_manager.h" |
| #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| #include "chromeos/dbus/dbus_thread_manager.h" |
| @@ -196,6 +199,7 @@ EasyUnlockService::EasyUnlockService(Profile* profile) |
| : profile_(profile), |
| bluetooth_detector_(new BluetoothDetector(this)), |
| shut_down_(false), |
| + tpm_key_checked_(false), |
| weak_ptr_factory_(this) { |
| extensions::ExtensionSystem::Get(profile_)->ready().Post( |
| FROM_HERE, |
| @@ -225,11 +229,17 @@ void EasyUnlockService::RegisterProfilePrefs( |
| prefs::kEasyUnlockProximityRequired, |
| false, |
| user_prefs::PrefRegistrySyncable::SYNCABLE_PREF); |
| +#if defined(OS_CHROMEOS) |
| + EasyUnlockTpmKeyManager::RegisterProfilePrefs(registry); |
| +#endif |
| } |
| // static |
| void EasyUnlockService::RegisterPrefs(PrefRegistrySimple* registry) { |
| registry->RegisterDictionaryPref(prefs::kEasyUnlockHardlockState); |
| +#if defined(OS_CHROMEOS) |
| + EasyUnlockTpmKeyManager::RegisterLocalStatePrefs(registry); |
| +#endif |
| } |
| // static |
| @@ -242,6 +252,10 @@ void EasyUnlockService::ResetLocalStateForUser(const std::string& user_id) { |
| DictionaryPrefUpdate update(local_state, prefs::kEasyUnlockHardlockState); |
| update->RemoveWithoutPathExpansion(user_id, NULL); |
| + |
| +#if defined(OS_CHROMEOS) |
| +EasyUnlockTpmKeyManager::ResetLocalStateForUser(user_id); |
|
xiyuan
2014/12/02 23:15:58
nit: fix indent
tbarzic
2014/12/03 19:10:28
Done.
|
| +#endif |
| } |
| bool EasyUnlockService::IsAllowed() { |
| @@ -532,6 +546,7 @@ void EasyUnlockService::ReloadApp() { |
| void EasyUnlockService::UpdateAppState() { |
| if (IsAllowed()) { |
| + EnsureTpmKeyPresentIfNeeded(); |
| LoadApp(); |
| #if defined(OS_CHROMEOS) |
| @@ -669,3 +684,26 @@ void EasyUnlockService::PrepareForSuspend() { |
| EasyUnlockScreenlockStateHandler::STATE_BLUETOOTH_CONNECTING); |
| } |
| } |
| + |
| +void EasyUnlockService::EnsureTpmKeyPresentIfNeeded() { |
| + if (tpm_key_checked_ || GetType() != TYPE_REGULAR) |
| + return; |
| + |
| + // If this is called beforei the session is started, the chances are Chrome |
|
xiyuan
2014/12/02 23:15:58
nit: beforei -> before
tbarzic
2014/12/03 19:10:28
Done.
|
| + // is restarting in order to apply user flags. Don't check TPM keys in this |
| + // case. |
| + if (!user_manager::UserManager::Get() || |
| + !user_manager::UserManager::Get()->IsSessionStarted()) |
| + return; |
| + |
| + tpm_key_checked_ = true; |
| + |
| +#if defined(OS_CHROMEOS) |
| + // TODO(tbarzic): Set check_private_key only if previous sign-in attempt |
| + // failed. |
| + EasyUnlockTpmKeyManagerFactory::GetInstance()->Get(profile_) |
| + ->IsTpmKeyPresent(GetUserEmail(), |
| + true /* check_private_key */, |
| + base::Closure()); |
| +#endif |
| +} |
