Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(165)

Unified Diff: chrome/browser/chromeos/login/parallel_authenticator.cc

Issue 10701075: Remove chromeos::CryptohomeLibrary::HashPassword (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Clarify comment in HashPassword() Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/chromeos/login/parallel_authenticator.cc
diff --git a/chrome/browser/chromeos/login/parallel_authenticator.cc b/chrome/browser/chromeos/login/parallel_authenticator.cc
index cb4758de2353f73b7687d2f4b0f1104657369f3d..ed49bc3d26bd12946004f78c2906b5096d1b8d6b 100644
--- a/chrome/browser/chromeos/login/parallel_authenticator.cc
+++ b/chrome/browser/chromeos/login/parallel_authenticator.cc
@@ -9,6 +9,7 @@
#include "base/file_path.h"
#include "base/file_util.h"
#include "base/logging.h"
+#include "base/string_number_conversions.h"
#include "base/string_util.h"
#include "chrome/browser/chromeos/boot_times_loader.h"
#include "chrome/browser/chromeos/cros/cert_library.h"
@@ -27,6 +28,7 @@
#include "chromeos/dbus/dbus_thread_manager.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/notification_service.h"
+#include "crypto/sha2.h"
#include "third_party/cros_system_api/dbus/service_constants.h"
using content::BrowserThread;
@@ -38,6 +40,9 @@ namespace {
// Milliseconds until we timeout our attempt to hit ClientLogin.
const int kClientLoginTimeoutMs = 10000;
+// Length of password hashed with SHA-256.
+const int kPasswordHashLength = 32;
+
// Records status and calls resolver->Resolve().
void TriggerResolve(AuthAttemptState* attempt,
AuthAttemptStateResolver* resolver,
@@ -162,6 +167,26 @@ bool WasConnectionIssue(const LoginFailure& online_outcome) {
GoogleServiceAuthError::REQUEST_CANCELED));
}
+// Returns hash of |password|, salted with the system salt.
+std::string HashPassword(const std::string& password) {
+ // Get salt, ascii encode, update sha with that, then update with ascii
+ // of password, then end.
+ std::string ascii_salt =
+ CrosLibrary::Get()->GetCryptohomeLibrary()->GetSystemSalt();
+ char passhash_buf[kPasswordHashLength];
+
+ // Hash salt and password
+ crypto::SHA256HashString(ascii_salt + password,
+ &passhash_buf, sizeof(passhash_buf));
+
+ // Only want the top half for 'weak' hashing so that the passphrase is not
+ // immediately exposed even if the output is reversed.
+ const int encoded_length = sizeof(passhash_buf) / 2;
+
+ return StringToLowerASCII(base::HexEncode(
+ reinterpret_cast<const void*>(passhash_buf), encoded_length));
+}
+
} // namespace
ParallelAuthenticator::ParallelAuthenticator(LoginStatusConsumer* consumer)
@@ -193,7 +218,7 @@ void ParallelAuthenticator::AuthenticateToLogin(
new AuthAttemptState(
canonicalized,
password,
- CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password),
+ HashPassword(password),
login_token,
login_captcha,
!UserManager::Get()->IsKnownUser(canonicalized)));
@@ -230,7 +255,7 @@ void ParallelAuthenticator::CompleteLogin(Profile* profile,
new AuthAttemptState(
canonicalized,
password,
- CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password),
+ HashPassword(password),
!UserManager::Get()->IsKnownUser(canonicalized)));
{
// Reset the verified flag.
@@ -270,7 +295,7 @@ void ParallelAuthenticator::AuthenticateToUnlock(const std::string& username,
current_state_.reset(
new AuthAttemptState(
gaia::CanonicalizeEmail(username),
- CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password)));
+ HashPassword(password)));
check_key_attempted_ = true;
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
@@ -367,8 +392,7 @@ void ParallelAuthenticator::RecordOAuthCheckFailure(
void ParallelAuthenticator::RecoverEncryptedData(
const std::string& old_password) {
- std::string old_hash =
- CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(old_password);
+ std::string old_hash = HashPassword(old_password);
migrate_attempted_ = true;
current_state_->ResetCryptohomeStatus();
BrowserThread::PostTask(
@@ -432,7 +456,7 @@ void ParallelAuthenticator::RetryAuth(Profile* profile,
new AuthAttemptState(
gaia::CanonicalizeEmail(username),
password,
- CrosLibrary::Get()->GetCryptohomeLibrary()->HashPassword(password),
+ HashPassword(password),
login_token,
login_captcha,
false /* not a new user */));

Powered by Google App Engine
This is Rietveld 408576698