File: auth_factor.cc

package info (click to toggle)
chromium 138.0.7204.183-1
links: PTS, VCS
area: main
in suites: trixie
size: 6,071,908 kB
sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (244 lines) | stat: -rw-r--r-- 8,892 bytes
parent folder | download | duplicates (7)
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chromeos/ash/components/cryptohome/auth_factor.h"

#include <utility>
#include <variant>

#include "base/check_op.h"
#include "base/time/time.h"
#include "chromeos/ash/components/cryptohome/common_types.h"
#include "components/version_info/version_info.h"

namespace cryptohome {

const char kFallbackFactorVersion[] = "0.0.0.0";

// =============== `AuthFactorRef` ===============
AuthFactorRef::AuthFactorRef(AuthFactorType type, KeyLabel label)
    : type_(type), label_(std::move(label)) {
  DCHECK(!label_->empty());
}
AuthFactorRef::AuthFactorRef(AuthFactorRef&&) = default;
AuthFactorRef& AuthFactorRef::operator=(AuthFactorRef&&) = default;
AuthFactorRef::AuthFactorRef(const AuthFactorRef&) = default;
AuthFactorRef& AuthFactorRef::operator=(const AuthFactorRef&) = default;
AuthFactorRef::~AuthFactorRef() = default;

bool AuthFactorRef::operator==(const AuthFactorRef& other) const {
  const bool equal = label_.value() == other.label_.value();
  CHECK(!equal || type_ == other.type_);
  return equal;
}

// =============== `AuthFactorCommonMetadata` ===============
AuthFactorCommonMetadata::AuthFactorCommonMetadata()
    : chrome_version_last_updated_(
          ComponentVersion(std::string(version_info::GetVersionNumber()))) {}

AuthFactorCommonMetadata::AuthFactorCommonMetadata(ComponentVersion chrome,
                                                   ComponentVersion chromeos,
                                                   LockoutPolicy lockout_policy)
    : chrome_version_last_updated_(std::move(chrome)),
      chromeos_version_last_updated_(std::move(chromeos)),
      lockout_policy_(lockout_policy) {}

AuthFactorCommonMetadata::AuthFactorCommonMetadata(
    AuthFactorCommonMetadata&&) noexcept = default;
AuthFactorCommonMetadata& AuthFactorCommonMetadata::operator=(
    AuthFactorCommonMetadata&&) noexcept = default;
AuthFactorCommonMetadata::AuthFactorCommonMetadata(
    const AuthFactorCommonMetadata&) = default;
AuthFactorCommonMetadata& AuthFactorCommonMetadata::operator=(
    const AuthFactorCommonMetadata&) = default;
AuthFactorCommonMetadata::~AuthFactorCommonMetadata() = default;

bool AuthFactorCommonMetadata::operator==(
    const AuthFactorCommonMetadata& other) const {
  return (this->chrome_version_last_updated_ ==
          other.chrome_version_last_updated_) &&
         (this->chromeos_version_last_updated_ ==
          other.chromeos_version_last_updated_);
}

// =============== `Factor-specific Status` ===============
PinStatus::PinStatus() : available_at_(base::Time::Now()) {}

PinStatus::PinStatus(base::TimeDelta available_in)
    : available_at_(base::Time::Now() + available_in) {}

PinStatus::PinStatus(PinStatus&&) noexcept = default;
PinStatus& PinStatus::operator=(PinStatus&&) noexcept = default;
PinStatus::PinStatus(const PinStatus&) = default;
PinStatus& PinStatus::operator=(const PinStatus&) = default;
PinStatus::~PinStatus() = default;

bool PinStatus::IsLockedFactor() const {
  return base::Time::Now() < available_at_;
}

base::Time PinStatus::AvailableAt() const {
  return available_at_;
}

// =============== `Factor-specific Metadata` ===============

PasswordMetadata PasswordMetadata::CreateWithoutSalt() {
  return PasswordMetadata(std::nullopt);
}

PasswordMetadata PasswordMetadata::CreateForOnlinePassword(SystemSalt salt) {
  return PasswordMetadata(KnowledgeFactorHashInfo{
      .algorithm = KnowledgeFactorHashAlgorithmWrapper::kSha256TopHalf,
      .salt = std::move(*salt),
      .should_generate_key_store = false,
  });
}

PasswordMetadata PasswordMetadata::CreateForLocalPassword(SystemSalt salt) {
  return PasswordMetadata(KnowledgeFactorHashInfo{
      .algorithm = KnowledgeFactorHashAlgorithmWrapper::kSha256TopHalf,
      .salt = std::move(*salt),
      .should_generate_key_store = true,
  });
}

PasswordMetadata::PasswordMetadata(
    std::optional<KnowledgeFactorHashInfo> hash_info)
    : hash_info_(std::move(hash_info)) {}
PasswordMetadata::PasswordMetadata(PasswordMetadata&&) noexcept = default;
PasswordMetadata& PasswordMetadata::operator=(PasswordMetadata&&) noexcept =
    default;
PasswordMetadata::PasswordMetadata(const PasswordMetadata&) = default;
PasswordMetadata& PasswordMetadata::operator=(const PasswordMetadata&) =
    default;
PasswordMetadata::~PasswordMetadata() = default;

PinMetadata PinMetadata::CreateWithoutSalt() {
  return PinMetadata(std::nullopt);
}

PinMetadata PinMetadata::Create(PinSalt salt) {
  return PinMetadata(KnowledgeFactorHashInfo{
      .algorithm = KnowledgeFactorHashAlgorithmWrapper::kPbkdf2Aes2561234,
      .salt = std::move(*salt),
      .should_generate_key_store = true,
  });
}

PinMetadata::PinMetadata(std::optional<KnowledgeFactorHashInfo> hash_info)
    : hash_info_(std::move(hash_info)) {}
PinMetadata::PinMetadata(PinMetadata&&) noexcept = default;
PinMetadata& PinMetadata::operator=(PinMetadata&&) noexcept = default;
PinMetadata::PinMetadata(const PinMetadata&) = default;
PinMetadata& PinMetadata::operator=(const PinMetadata&) = default;
PinMetadata::~PinMetadata() = default;

// =============== `AuthFactor` ===============

AuthFactor::AuthFactor(AuthFactorRef ref, AuthFactorCommonMetadata metadata)
    : ref_(std::move(ref)), common_metadata_(std::move(metadata)) {}

AuthFactor::AuthFactor(AuthFactorRef ref,
                       AuthFactorCommonMetadata metadata,
                       PinMetadata pin_metadata,
                       PinStatus status)
    : ref_(std::move(ref)),
      common_metadata_(std::move(metadata)),
      factor_metadata_(std::move(pin_metadata)),
      factor_status_(std::move(status)) {
  CHECK_EQ(ref_.type(), AuthFactorType::kPin);
}

AuthFactor::AuthFactor(AuthFactorRef ref,
                       AuthFactorCommonMetadata metadata,
                       SmartCardMetadata factor_metadata)
    : ref_(std::move(ref)),
      common_metadata_(std::move(metadata)),
      factor_metadata_(std::move(factor_metadata)) {
  CHECK_EQ(ref_.type(), AuthFactorType::kSmartCard);
}

AuthFactor::AuthFactor(AuthFactorRef ref,
                       AuthFactorCommonMetadata metadata,
                       CryptohomeRecoveryMetadata factor_metadata)
    : ref_(std::move(ref)),
      common_metadata_(std::move(metadata)),
      factor_metadata_(std::move(factor_metadata)) {
  CHECK_EQ(ref_.type(), AuthFactorType::kRecovery);
}

AuthFactor::AuthFactor(AuthFactorRef ref,
                       AuthFactorCommonMetadata metadata,
                       PasswordMetadata factor_metadata)
    : ref_(std::move(ref)),
      common_metadata_(std::move(metadata)),
      factor_metadata_(std::move(factor_metadata)) {
  CHECK_EQ(ref_.type(), AuthFactorType::kPassword);
}

AuthFactor::AuthFactor(AuthFactorRef ref,
                       AuthFactorCommonMetadata metadata,
                       PinMetadata factor_metadata)
    : ref_(std::move(ref)),
      common_metadata_(std::move(metadata)),
      factor_metadata_(std::move(factor_metadata)) {
  CHECK_EQ(ref_.type(), AuthFactorType::kPin);
}

AuthFactor::AuthFactor(AuthFactorRef ref,
                       AuthFactorCommonMetadata metadata,
                       FingerprintMetadata fingerprint_metadata)
    : ref_(std::move(ref)),
      common_metadata_(std::move(metadata)),
      factor_metadata_(std::move(fingerprint_metadata)) {
  CHECK_EQ(ref_.type(), AuthFactorType::kFingerprint);
}

AuthFactor::AuthFactor(AuthFactor&&) noexcept = default;
AuthFactor& AuthFactor::operator=(AuthFactor&&) noexcept = default;
AuthFactor::AuthFactor(const AuthFactor&) = default;
AuthFactor& AuthFactor::operator=(const AuthFactor&) = default;

AuthFactor::~AuthFactor() = default;

bool AuthFactor::operator==(const AuthFactor& other) const {
  return ref_ == other.ref_ && common_metadata_ == other.common_metadata_;
}

const AuthFactorRef& AuthFactor::ref() const {
  return ref_;
}

const AuthFactorCommonMetadata& AuthFactor::GetCommonMetadata() const {
  return common_metadata_;
}

const PinStatus& AuthFactor::GetPinStatus() const {
  return std::get<PinStatus>(factor_status_);
}

const SmartCardMetadata& AuthFactor::GetSmartCardMetadata() const {
  return std::get<SmartCardMetadata>(factor_metadata_);
}

const CryptohomeRecoveryMetadata& AuthFactor::GetCryptohomeRecoveryMetadata()
    const {
  return std::get<CryptohomeRecoveryMetadata>(factor_metadata_);
}

const PasswordMetadata& AuthFactor::GetPasswordMetadata() const {
  return std::get<PasswordMetadata>(factor_metadata_);
}

const PinMetadata& AuthFactor::GetPinMetadata() const {
  return std::get<PinMetadata>(factor_metadata_);
}

const FingerprintMetadata& AuthFactor::GetFingerprintMetadata() const {
  return std::get<FingerprintMetadata>(factor_metadata_);
}

}  // namespace cryptohome