chrome/browser/signin/easy_unlock_auth_attempt.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/signin/easy_unlock_auth_attempt.h"
   6
   7 #include "base/bind.h"
   8 #include "base/logging.h"
   9 #include "chrome/browser/signin/easy_unlock_app_manager.h"
  10 #include "chrome/browser/signin/screenlock_bridge.h"
  11 #include "crypto/encryptor.h"
  12 #include "crypto/symmetric_key.h"
  13
  14 #if defined(OS_CHROMEOS)
  15 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
  16 #endif
  17
  18 namespace {
  19
  20 // Decrypts the secret that should be used to login from |wrapped_secret| using
  21 // raw AES key |raw_key|.
  22 // In a case of error, an empty string is returned.
  23 std::string UnwrapSecret(const std::string& wrapped_secret,
  24                          const std::string& raw_key) {
  25   if (raw_key.empty())
  26     return std::string();
  27
  28   // Import the key structure.
  29   scoped_ptr<crypto::SymmetricKey> key(
  30      crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));
  31
  32   if (!key)
  33     return std::string();
  34
  35   std::string iv(raw_key.size(), ' ');
  36   crypto::Encryptor encryptor;
  37   if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, iv))
  38     return std::string();
  39
  40   std::string secret;
  41   if (!encryptor.Decrypt(wrapped_secret, &secret))
  42     return std::string();
  43
  44   return secret;
  45 }
  46
  47 void DefaultAuthAttemptFinalizedHandler(
  48     EasyUnlockAuthAttempt::Type auth_attempt_type,
  49     bool success,
  50     const std::string& user_id,
  51     const std::string& key_secret,
  52     const std::string& key_label) {
  53   if (!ScreenlockBridge::Get()->IsLocked())
  54     return;
  55
  56   switch (auth_attempt_type) {
  57     case EasyUnlockAuthAttempt::TYPE_UNLOCK:
  58       if (success) {
  59         ScreenlockBridge::Get()->lock_handler()->Unlock(user_id);
  60       } else {
  61         ScreenlockBridge::Get()->lock_handler()->EnableInput();
  62       }
  63       return;
  64     case EasyUnlockAuthAttempt::TYPE_SIGNIN:
  65       if (success) {
  66         ScreenlockBridge::Get()->lock_handler()->AttemptEasySignin(
  67             user_id, key_secret, key_label);
  68       } else {
  69         // Attempting signin with an empty secret is equivalent to canceling the
  70         // attempt.
  71         ScreenlockBridge::Get()->lock_handler()->AttemptEasySignin(
  72             user_id, std::string(), std::string());
  73       }
  74       return;
  75   }
  76 }
  77
  78 }  // namespace
  79
  80 EasyUnlockAuthAttempt::EasyUnlockAuthAttempt(
  81     EasyUnlockAppManager* app_manager,
  82     const std::string& user_id,
  83     Type type,
  84     const FinalizedCallback& finalized_callback)
  85     : app_manager_(app_manager),
  86       state_(STATE_IDLE),
  87       user_id_(user_id),
  88       type_(type),
  89       finalized_callback_(finalized_callback) {
  90   if (finalized_callback_.is_null())
  91     finalized_callback_ = base::Bind(&DefaultAuthAttemptFinalizedHandler);
  92 }
  93
  94 EasyUnlockAuthAttempt::~EasyUnlockAuthAttempt() {
  95   if (state_ == STATE_RUNNING)
  96     Cancel(user_id_);
  97 }
  98
  99 bool EasyUnlockAuthAttempt::Start() {
 100   DCHECK_EQ(STATE_IDLE, state_);
 101
 102   if (!ScreenlockBridge::Get()->IsLocked())
 103     return false;
 104
 105   ScreenlockBridge::LockHandler::AuthType auth_type =
 106       ScreenlockBridge::Get()->lock_handler()->GetAuthType(user_id_);
 107
 108   if (auth_type != ScreenlockBridge::LockHandler::USER_CLICK) {
 109     Cancel(user_id_);
 110     return false;
 111   }
 112
 113   state_ = STATE_RUNNING;
 114
 115   if (!app_manager_->SendAuthAttemptEvent()) {
 116     Cancel(user_id_);
 117     return false;
 118   }
 119
 120   return true;
 121 }
 122
 123 void EasyUnlockAuthAttempt::FinalizeUnlock(const std::string& user_id,
 124                                            bool success) {
 125   if (state_ != STATE_RUNNING || user_id != user_id_)
 126     return;
 127
 128   if (!ScreenlockBridge::Get()->IsLocked())
 129     return;
 130
 131   if (type_ != TYPE_UNLOCK) {
 132     Cancel(user_id_);
 133     return;
 134   }
 135
 136   finalized_callback_.Run(type_, success, user_id, std::string(),
 137                           std::string());
 138   state_ = STATE_DONE;
 139 }
 140
 141 void EasyUnlockAuthAttempt::FinalizeSignin(const std::string& user_id,
 142                                            const std::string& wrapped_secret,
 143                                            const std::string& raw_session_key) {
 144   if (state_ != STATE_RUNNING || user_id != user_id_)
 145     return;
 146
 147   if (!ScreenlockBridge::Get()->IsLocked())
 148     return;
 149
 150   if (type_ != TYPE_SIGNIN) {
 151     Cancel(user_id_);
 152     return;
 153   }
 154
 155   if (wrapped_secret.empty()) {
 156     Cancel(user_id_);
 157     return;
 158   }
 159
 160   std::string unwrapped_secret = UnwrapSecret(wrapped_secret, raw_session_key);
 161
 162   std::string key_label;
 163 #if defined(OS_CHROMEOS)
 164   key_label = chromeos::EasyUnlockKeyManager::GetKeyLabel(0u);
 165 #endif  // defined(OS_CHROMEOS)
 166
 167   const bool kSuccess = true;
 168   finalized_callback_.Run(type_, kSuccess, user_id, unwrapped_secret,
 169                           key_label);
 170   state_ = STATE_DONE;
 171 }
 172
 173 void EasyUnlockAuthAttempt::Cancel(const std::string& user_id) {
 174   state_ = STATE_DONE;
 175
 176   const bool kFailure = false;
 177   finalized_callback_.Run(type_, kFailure, user_id, std::string(),
 178                           std::string());
 179 }