chrome/browser/signin/easy_unlock_auth_attempt.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/signin/easy_unlock_auth_attempt.h"
   6
   7 #include "base/bind.h"
   8 #include "base/logging.h"
   9 #include "chrome/browser/signin/easy_unlock_app_manager.h"
  10 #include "chrome/browser/signin/proximity_auth_facade.h"
  11 #include "components/proximity_auth/screenlock_bridge.h"
  12 #include "crypto/encryptor.h"
  13 #include "crypto/symmetric_key.h"
  14
  15 #if defined(OS_CHROMEOS)
  16 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
  17 #endif
  18
  19 namespace {
  20
  21 // Decrypts the secret that should be used to login from |wrapped_secret| using
  22 // raw AES key |raw_key|.
  23 // In a case of error, an empty string is returned.
  24 std::string UnwrapSecret(const std::string& wrapped_secret,
  25                          const std::string& raw_key) {
  26   if (raw_key.empty())
  27     return std::string();
  28
  29   // Import the key structure.
  30   scoped_ptr<crypto::SymmetricKey> key(
  31      crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));
  32
  33   if (!key)
  34     return std::string();
  35
  36   std::string iv(raw_key.size(), ' ');
  37   crypto::Encryptor encryptor;
  38   if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, iv))
  39     return std::string();
  40
  41   std::string secret;
  42   if (!encryptor.Decrypt(wrapped_secret, &secret))
  43     return std::string();
  44
  45   return secret;
  46 }
  47
  48 void DefaultAuthAttemptFinalizedHandler(
  49     EasyUnlockAuthAttempt::Type auth_attempt_type,
  50     bool success,
  51     const std::string& user_id,
  52     const std::string& key_secret,
  53     const std::string& key_label) {
  54   if (!GetScreenlockBridgeInstance()->IsLocked())
  55     return;
  56
  57   switch (auth_attempt_type) {
  58     case EasyUnlockAuthAttempt::TYPE_UNLOCK:
  59       if (success) {
  60         GetScreenlockBridgeInstance()->lock_handler()->Unlock(user_id);
  61       } else {
  62         GetScreenlockBridgeInstance()->lock_handler()->EnableInput();
  63       }
  64       return;
  65     case EasyUnlockAuthAttempt::TYPE_SIGNIN:
  66       if (success) {
  67         GetScreenlockBridgeInstance()->lock_handler()->AttemptEasySignin(
  68             user_id, key_secret, key_label);
  69       } else {
  70         // Attempting signin with an empty secret is equivalent to canceling the
  71         // attempt.
  72         GetScreenlockBridgeInstance()->lock_handler()->AttemptEasySignin(
  73             user_id, std::string(), std::string());
  74       }
  75       return;
  76   }
  77 }
  78
  79 }  // namespace
  80
  81 EasyUnlockAuthAttempt::EasyUnlockAuthAttempt(
  82     EasyUnlockAppManager* app_manager,
  83     const std::string& user_id,
  84     Type type,
  85     const FinalizedCallback& finalized_callback)
  86     : app_manager_(app_manager),
  87       state_(STATE_IDLE),
  88       user_id_(user_id),
  89       type_(type),
  90       finalized_callback_(finalized_callback) {
  91   if (finalized_callback_.is_null())
  92     finalized_callback_ = base::Bind(&DefaultAuthAttemptFinalizedHandler);
  93 }
  94
  95 EasyUnlockAuthAttempt::~EasyUnlockAuthAttempt() {
  96   if (state_ == STATE_RUNNING)
  97     Cancel(user_id_);
  98 }
  99
 100 bool EasyUnlockAuthAttempt::Start() {
 101   DCHECK_EQ(STATE_IDLE, state_);
 102
 103   if (!GetScreenlockBridgeInstance()->IsLocked())
 104     return false;
 105
 106   proximity_auth::ScreenlockBridge::LockHandler::AuthType auth_type =
 107       GetScreenlockBridgeInstance()->lock_handler()->GetAuthType(user_id_);
 108
 109   if (auth_type != proximity_auth::ScreenlockBridge::LockHandler::USER_CLICK) {
 110     Cancel(user_id_);
 111     return false;
 112   }
 113
 114   state_ = STATE_RUNNING;
 115
 116   if (!app_manager_->SendAuthAttemptEvent()) {
 117     Cancel(user_id_);
 118     return false;
 119   }
 120
 121   return true;
 122 }
 123
 124 void EasyUnlockAuthAttempt::FinalizeUnlock(const std::string& user_id,
 125                                            bool success) {
 126   if (state_ != STATE_RUNNING || user_id != user_id_)
 127     return;
 128
 129   if (!GetScreenlockBridgeInstance()->IsLocked())
 130     return;
 131
 132   if (type_ != TYPE_UNLOCK) {
 133     Cancel(user_id_);
 134     return;
 135   }
 136
 137   finalized_callback_.Run(type_, success, user_id, std::string(),
 138                           std::string());
 139   state_ = STATE_DONE;
 140 }
 141
 142 void EasyUnlockAuthAttempt::FinalizeSignin(const std::string& user_id,
 143                                            const std::string& wrapped_secret,
 144                                            const std::string& raw_session_key) {
 145   if (state_ != STATE_RUNNING || user_id != user_id_)
 146     return;
 147
 148   if (!GetScreenlockBridgeInstance()->IsLocked())
 149     return;
 150
 151   if (type_ != TYPE_SIGNIN) {
 152     Cancel(user_id_);
 153     return;
 154   }
 155
 156   if (wrapped_secret.empty()) {
 157     Cancel(user_id_);
 158     return;
 159   }
 160
 161   std::string unwrapped_secret = UnwrapSecret(wrapped_secret, raw_session_key);
 162
 163   std::string key_label;
 164 #if defined(OS_CHROMEOS)
 165   key_label = chromeos::EasyUnlockKeyManager::GetKeyLabel(0u);
 166 #endif  // defined(OS_CHROMEOS)
 167
 168   const bool kSuccess = true;
 169   finalized_callback_.Run(type_, kSuccess, user_id, unwrapped_secret,
 170                           key_label);
 171   state_ = STATE_DONE;
 172 }
 173
 174 void EasyUnlockAuthAttempt::Cancel(const std::string& user_id) {
 175   state_ = STATE_DONE;
 176
 177   const bool kFailure = false;
 178   finalized_callback_.Run(type_, kFailure, user_id, std::string(),
 179                           std::string());
 180 }