| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
| 9 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | 9 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" |
| 10 #include "chrome/common/pref_names.h" | 10 #include "chrome/common/pref_names.h" |
| (...skipping 20 matching lines...) Expand all Loading... |
| 31 return salt; | 31 return salt; |
| 32 } | 32 } |
| 33 | 33 |
| 34 // Computes the hash for |pin| and |salt|. | 34 // Computes the hash for |pin| and |salt|. |
| 35 std::string ComputeSecret(const std::string& pin, const std::string& salt) { | 35 std::string ComputeSecret(const std::string& pin, const std::string& salt) { |
| 36 Key key(pin); | 36 Key key(pin); |
| 37 key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt); | 37 key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt); |
| 38 return key.GetSecret(); | 38 return key.GetSecret(); |
| 39 } | 39 } |
| 40 | 40 |
| 41 base::TimeDelta PasswordConfirmationFrequencyToTimeDelta( | |
| 42 PasswordConfirmationFrequency frequency) { | |
| 43 switch (frequency) { | |
| 44 case PasswordConfirmationFrequency::SIX_HOURS: | |
| 45 return base::TimeDelta::FromHours(6); | |
| 46 case PasswordConfirmationFrequency::TWELVE_HOURS: | |
| 47 return base::TimeDelta::FromHours(12); | |
| 48 case PasswordConfirmationFrequency::DAY: | |
| 49 return base::TimeDelta::FromDays(1); | |
| 50 case PasswordConfirmationFrequency::WEEK: | |
| 51 return base::TimeDelta::FromDays(7); | |
| 52 } | |
| 53 NOTREACHED(); | |
| 54 return base::TimeDelta(); | |
| 55 } | |
| 56 | |
| 57 } // namespace | 41 } // namespace |
| 58 | 42 |
| 59 // static | 43 // static |
| 60 void PinStorage::RegisterProfilePrefs(PrefRegistrySimple* registry) { | 44 void PinStorage::RegisterProfilePrefs(PrefRegistrySimple* registry) { |
| 61 registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, ""); | 45 registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, ""); |
| 62 registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, ""); | 46 registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, ""); |
| 63 } | 47 } |
| 64 | 48 |
| 65 PinStorage::PinStorage(PrefService* pref_service) | 49 PinStorage::PinStorage(PrefService* pref_service) |
| 66 : pref_service_(pref_service) {} | 50 : pref_service_(pref_service) {} |
| 67 | 51 |
| 68 PinStorage::~PinStorage() {} | 52 PinStorage::~PinStorage() {} |
| 69 | 53 |
| 70 void PinStorage::MarkStrongAuth() { | |
| 71 last_strong_auth_ = base::Time::Now(); | |
| 72 ResetUnlockAttemptCount(); | |
| 73 } | |
| 74 | |
| 75 bool PinStorage::HasStrongAuth() const { | |
| 76 if (last_strong_auth_.is_null()) | |
| 77 return false; | |
| 78 | |
| 79 PasswordConfirmationFrequency strong_auth_interval = | |
| 80 static_cast<PasswordConfirmationFrequency>( | |
| 81 pref_service_->GetInteger(prefs::kQuickUnlockTimeout)); | |
| 82 base::TimeDelta strong_auth_timeout = | |
| 83 PasswordConfirmationFrequencyToTimeDelta(strong_auth_interval); | |
| 84 | |
| 85 return TimeSinceLastStrongAuth() < strong_auth_timeout; | |
| 86 } | |
| 87 | |
| 88 base::TimeDelta PinStorage::TimeSinceLastStrongAuth() const { | |
| 89 DCHECK(!last_strong_auth_.is_null()); | |
| 90 return base::Time::Now() - last_strong_auth_; | |
| 91 } | |
| 92 | |
| 93 void PinStorage::AddUnlockAttempt() { | 54 void PinStorage::AddUnlockAttempt() { |
| 94 ++unlock_attempt_count_; | 55 ++unlock_attempt_count_; |
| 95 } | 56 } |
| 96 | 57 |
| 97 void PinStorage::ResetUnlockAttemptCount() { | 58 void PinStorage::ResetUnlockAttemptCount() { |
| 98 unlock_attempt_count_ = 0; | 59 unlock_attempt_count_ = 0; |
| 99 } | 60 } |
| 100 | 61 |
| 101 bool PinStorage::IsPinSet() const { | 62 bool PinStorage::IsPinSet() const { |
| 102 return !PinSalt().empty() && !PinSecret().empty(); | 63 return !PinSalt().empty() && !PinSecret().empty(); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 120 } | 81 } |
| 121 | 82 |
| 122 std::string PinStorage::PinSecret() const { | 83 std::string PinStorage::PinSecret() const { |
| 123 return pref_service_->GetString(prefs::kQuickUnlockPinSecret); | 84 return pref_service_->GetString(prefs::kQuickUnlockPinSecret); |
| 124 } | 85 } |
| 125 | 86 |
| 126 bool PinStorage::IsPinAuthenticationAvailable() const { | 87 bool PinStorage::IsPinAuthenticationAvailable() const { |
| 127 const bool exceeded_unlock_attempts = | 88 const bool exceeded_unlock_attempts = |
| 128 unlock_attempt_count() >= kMaximumUnlockAttempts; | 89 unlock_attempt_count() >= kMaximumUnlockAttempts; |
| 129 | 90 |
| 130 return IsPinEnabled(pref_service_) && IsPinSet() && HasStrongAuth() && | 91 return IsPinEnabled(pref_service_) && IsPinSet() && !exceeded_unlock_attempts; |
| 131 !exceeded_unlock_attempts; | |
| 132 } | 92 } |
| 133 | 93 |
| 134 bool PinStorage::TryAuthenticatePin(const std::string& pin) { | 94 bool PinStorage::TryAuthenticatePin(const std::string& pin) { |
| 135 if (!IsPinAuthenticationAvailable()) | 95 if (!IsPinAuthenticationAvailable()) |
| 136 return false; | 96 return false; |
| 137 | 97 |
| 138 AddUnlockAttempt(); | 98 AddUnlockAttempt(); |
| 139 return ComputeSecret(pin, PinSalt()) == PinSecret(); | 99 return ComputeSecret(pin, PinSalt()) == PinSecret(); |
| 140 } | 100 } |
| 141 | 101 |
| 142 } // namespace quick_unlock | 102 } // namespace quick_unlock |
| 143 } // namespace chromeos | 103 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2715823004:
Add FingerprintUnlock KeyedService for each profile (Closed)
