OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" | 5 #include "chrome/browser/chromeos/login/quick_unlock/pin_storage.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/strings/string_util.h" | 8 #include "base/strings/string_util.h" |
9 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" | 9 #include "chrome/browser/chromeos/login/quick_unlock/quick_unlock_utils.h" |
10 #include "chrome/common/pref_names.h" | 10 #include "chrome/common/pref_names.h" |
(...skipping 20 matching lines...) Expand all Loading... |
31 return salt; | 31 return salt; |
32 } | 32 } |
33 | 33 |
34 // Computes the hash for |pin| and |salt|. | 34 // Computes the hash for |pin| and |salt|. |
35 std::string ComputeSecret(const std::string& pin, const std::string& salt) { | 35 std::string ComputeSecret(const std::string& pin, const std::string& salt) { |
36 Key key(pin); | 36 Key key(pin); |
37 key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt); | 37 key.Transform(Key::KEY_TYPE_SALTED_PBKDF2_AES256_1234, salt); |
38 return key.GetSecret(); | 38 return key.GetSecret(); |
39 } | 39 } |
40 | 40 |
41 base::TimeDelta PasswordConfirmationFrequencyToTimeDelta( | |
42 PasswordConfirmationFrequency frequency) { | |
43 switch (frequency) { | |
44 case PasswordConfirmationFrequency::SIX_HOURS: | |
45 return base::TimeDelta::FromHours(6); | |
46 case PasswordConfirmationFrequency::TWELVE_HOURS: | |
47 return base::TimeDelta::FromHours(12); | |
48 case PasswordConfirmationFrequency::DAY: | |
49 return base::TimeDelta::FromDays(1); | |
50 case PasswordConfirmationFrequency::WEEK: | |
51 return base::TimeDelta::FromDays(7); | |
52 } | |
53 NOTREACHED(); | |
54 return base::TimeDelta(); | |
55 } | |
56 | |
57 } // namespace | 41 } // namespace |
58 | 42 |
59 // static | 43 // static |
60 void PinStorage::RegisterProfilePrefs(PrefRegistrySimple* registry) { | 44 void PinStorage::RegisterProfilePrefs(PrefRegistrySimple* registry) { |
61 registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, ""); | 45 registry->RegisterStringPref(prefs::kQuickUnlockPinSalt, ""); |
62 registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, ""); | 46 registry->RegisterStringPref(prefs::kQuickUnlockPinSecret, ""); |
63 } | 47 } |
64 | 48 |
65 PinStorage::PinStorage(PrefService* pref_service) | 49 PinStorage::PinStorage(PrefService* pref_service) |
66 : pref_service_(pref_service) {} | 50 : pref_service_(pref_service) {} |
67 | 51 |
68 PinStorage::~PinStorage() {} | 52 PinStorage::~PinStorage() {} |
69 | 53 |
70 void PinStorage::MarkStrongAuth() { | |
71 last_strong_auth_ = base::Time::Now(); | |
72 ResetUnlockAttemptCount(); | |
73 } | |
74 | |
75 bool PinStorage::HasStrongAuth() const { | |
76 if (last_strong_auth_.is_null()) | |
77 return false; | |
78 | |
79 PasswordConfirmationFrequency strong_auth_interval = | |
80 static_cast<PasswordConfirmationFrequency>( | |
81 pref_service_->GetInteger(prefs::kQuickUnlockTimeout)); | |
82 base::TimeDelta strong_auth_timeout = | |
83 PasswordConfirmationFrequencyToTimeDelta(strong_auth_interval); | |
84 | |
85 return TimeSinceLastStrongAuth() < strong_auth_timeout; | |
86 } | |
87 | |
88 base::TimeDelta PinStorage::TimeSinceLastStrongAuth() const { | |
89 DCHECK(!last_strong_auth_.is_null()); | |
90 return base::Time::Now() - last_strong_auth_; | |
91 } | |
92 | |
93 void PinStorage::AddUnlockAttempt() { | 54 void PinStorage::AddUnlockAttempt() { |
94 ++unlock_attempt_count_; | 55 ++unlock_attempt_count_; |
95 } | 56 } |
96 | 57 |
97 void PinStorage::ResetUnlockAttemptCount() { | 58 void PinStorage::ResetUnlockAttemptCount() { |
98 unlock_attempt_count_ = 0; | 59 unlock_attempt_count_ = 0; |
99 } | 60 } |
100 | 61 |
101 bool PinStorage::IsPinSet() const { | 62 bool PinStorage::IsPinSet() const { |
102 return !PinSalt().empty() && !PinSecret().empty(); | 63 return !PinSalt().empty() && !PinSecret().empty(); |
(...skipping 17 matching lines...) Expand all Loading... |
120 } | 81 } |
121 | 82 |
122 std::string PinStorage::PinSecret() const { | 83 std::string PinStorage::PinSecret() const { |
123 return pref_service_->GetString(prefs::kQuickUnlockPinSecret); | 84 return pref_service_->GetString(prefs::kQuickUnlockPinSecret); |
124 } | 85 } |
125 | 86 |
126 bool PinStorage::IsPinAuthenticationAvailable() const { | 87 bool PinStorage::IsPinAuthenticationAvailable() const { |
127 const bool exceeded_unlock_attempts = | 88 const bool exceeded_unlock_attempts = |
128 unlock_attempt_count() >= kMaximumUnlockAttempts; | 89 unlock_attempt_count() >= kMaximumUnlockAttempts; |
129 | 90 |
130 return IsPinEnabled(pref_service_) && IsPinSet() && HasStrongAuth() && | 91 return IsPinEnabled(pref_service_) && IsPinSet() && !exceeded_unlock_attempts; |
131 !exceeded_unlock_attempts; | |
132 } | 92 } |
133 | 93 |
134 bool PinStorage::TryAuthenticatePin(const std::string& pin) { | 94 bool PinStorage::TryAuthenticatePin(const std::string& pin) { |
135 if (!IsPinAuthenticationAvailable()) | 95 if (!IsPinAuthenticationAvailable()) |
136 return false; | 96 return false; |
137 | 97 |
138 AddUnlockAttempt(); | 98 AddUnlockAttempt(); |
139 return ComputeSecret(pin, PinSalt()) == PinSecret(); | 99 return ComputeSecret(pin, PinSalt()) == PinSecret(); |
140 } | 100 } |
141 | 101 |
142 } // namespace quick_unlock | 102 } // namespace quick_unlock |
143 } // namespace chromeos | 103 } // namespace chromeos |
OLD | NEW |