File: easy_unlock_auth_attempt.cc

package info (click to toggle)
chromium-browser 41.0.2272.118-1
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 2,189,132 kB
  • sloc: cpp: 9,691,462; ansic: 3,341,451; python: 712,689; asm: 518,779; xml: 208,926; java: 169,820; sh: 119,353; perl: 68,907; makefile: 28,311; yacc: 13,305; objc: 11,385; tcl: 3,186; cs: 2,225; sql: 2,217; lex: 2,215; lisp: 1,349; pascal: 1,256; awk: 407; ruby: 155; sed: 53; php: 14; exp: 11
file content (151 lines) | stat: -rw-r--r-- 4,195 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chrome/browser/signin/easy_unlock_auth_attempt.h"

#include "base/logging.h"
#include "chrome/browser/extensions/api/screenlock_private/screenlock_private_api.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/browser/signin/screenlock_bridge.h"
#include "crypto/encryptor.h"
#include "crypto/symmetric_key.h"


#if defined(OS_CHROMEOS)
#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
#endif

namespace {

// Decrypts the secret that should be used to login from |wrapped_secret| using
// raw AES key |raw_key|.
// In a case of error, an empty string is returned.
std::string UnwrapSecret(const std::string& wrapped_secret,
                         const std::string& raw_key) {
  if (raw_key.empty())
    return std::string();

  // Import the key structure.
  scoped_ptr<crypto::SymmetricKey> key(
     crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));

  if (!key)
    return std::string();

  std::string iv(raw_key.size(), ' ');
  crypto::Encryptor encryptor;
  if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, iv))
    return std::string();

  std::string secret;
  if (!encryptor.Decrypt(wrapped_secret, &secret))
    return std::string();

  return secret;
}

}  // namespace

EasyUnlockAuthAttempt::EasyUnlockAuthAttempt(Profile* profile,
                                             const std::string& user_id,
                                             Type type)
    : profile_(profile),
      state_(STATE_IDLE),
      user_id_(user_id),
      type_(type) {
}

EasyUnlockAuthAttempt::~EasyUnlockAuthAttempt() {
  if (state_ == STATE_RUNNING)
    Cancel(user_id_);
}

bool EasyUnlockAuthAttempt::Start(const std::string& user_id) {
  DCHECK(state_ == STATE_IDLE);

  if (!ScreenlockBridge::Get()->IsLocked())
    return false;

  if (user_id != user_id_) {
    Cancel(user_id);
    return false;
  }

  ScreenlockBridge::LockHandler::AuthType auth_type =
      ScreenlockBridge::Get()->lock_handler()->GetAuthType(user_id);

  if (auth_type != ScreenlockBridge::LockHandler::USER_CLICK) {
    Cancel(user_id);
    return false;
  }

  state_ = STATE_RUNNING;

  // TODO(tbarzic): Replace this with an easyUnlockPrivate event that will
  // report more context to the app (e.g. user id, whether the attempt is for
  // signin or unlock).
  extensions::ScreenlockPrivateEventRouter* router =
      extensions::ScreenlockPrivateEventRouter::GetFactoryInstance()->Get(
          profile_);
  return router->OnAuthAttempted(auth_type, "");
}

void EasyUnlockAuthAttempt::FinalizeUnlock(const std::string& user_id,
                                           bool success) {
  if (state_ != STATE_RUNNING || user_id != user_id_)
    return;

  if (type_ != TYPE_UNLOCK) {
    Cancel(user_id_);
    return;
  }

  if (!ScreenlockBridge::Get()->IsLocked())
    return;

  if (success) {
    ScreenlockBridge::Get()->lock_handler()->Unlock(user_id_);
  } else {
    ScreenlockBridge::Get()->lock_handler()->EnableInput();
  }

  state_ = STATE_DONE;
}

void EasyUnlockAuthAttempt::FinalizeSignin(const std::string& user_id,
                                           const std::string& wrapped_secret,
                                           const std::string& raw_session_key) {
  if (state_ != STATE_RUNNING || user_id != user_id_)
    return;

  if (type_ != TYPE_SIGNIN) {
    Cancel(user_id_);
    return;
  }

  if (!ScreenlockBridge::Get()->IsLocked())
    return;


  std::string unwrapped_secret = UnwrapSecret(wrapped_secret, raw_session_key);

  std::string key_label;
#if defined(OS_CHROMEOS)
  key_label = chromeos::EasyUnlockKeyManager::GetKeyLabel(0u);
#endif  // defined(OS_CHROMEOS)

  ScreenlockBridge::Get()->lock_handler()->AttemptEasySignin(
      user_id,
      unwrapped_secret,
      key_label);
  state_ = STATE_DONE;
}

void EasyUnlockAuthAttempt::Cancel(const std::string& user_id) {
  if (type_ == TYPE_UNLOCK)
    FinalizeUnlock(user_id, false);
  else
    FinalizeSignin(user_id, "", "");
  state_ = STATE_DONE;
}