chrome/browser/signin/easy_unlock_auth_attempt.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/signin/easy_unlock_auth_attempt.h"
   6
   7 #include "base/logging.h"
   8 #include "chrome/browser/signin/easy_unlock_app_manager.h"
   9 #include "chrome/browser/signin/screenlock_bridge.h"
  10 #include "crypto/encryptor.h"
  11 #include "crypto/symmetric_key.h"
  12
  13 #if defined(OS_CHROMEOS)
  14 #include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_key_manager.h"
  15 #endif
  16
  17 namespace {
  18
  19 // Decrypts the secret that should be used to login from |wrapped_secret| using
  20 // raw AES key |raw_key|.
  21 // In a case of error, an empty string is returned.
  22 std::string UnwrapSecret(const std::string& wrapped_secret,
  23                          const std::string& raw_key) {
  24   if (raw_key.empty())
  25     return std::string();
  26
  27   // Import the key structure.
  28   scoped_ptr<crypto::SymmetricKey> key(
  29      crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key));
  30
  31   if (!key)
  32     return std::string();
  33
  34   std::string iv(raw_key.size(), ' ');
  35   crypto::Encryptor encryptor;
  36   if (!encryptor.Init(key.get(), crypto::Encryptor::CBC, iv))
  37     return std::string();
  38
  39   std::string secret;
  40   if (!encryptor.Decrypt(wrapped_secret, &secret))
  41     return std::string();
  42
  43   return secret;
  44 }
  45
  46 }  // namespace
  47
  48 EasyUnlockAuthAttempt::EasyUnlockAuthAttempt(EasyUnlockAppManager* app_manager,
  49                                              const std::string& user_id,
  50                                              Type type)
  51     : app_manager_(app_manager),
  52       state_(STATE_IDLE),
  53       user_id_(user_id),
  54       type_(type) {
  55 }
  56
  57 EasyUnlockAuthAttempt::~EasyUnlockAuthAttempt() {
  58   if (state_ == STATE_RUNNING)
  59     Cancel(user_id_);
  60 }
  61
  62 bool EasyUnlockAuthAttempt::Start() {
  63   DCHECK(state_ == STATE_IDLE);
  64
  65   if (!ScreenlockBridge::Get()->IsLocked())
  66     return false;
  67
  68   ScreenlockBridge::LockHandler::AuthType auth_type =
  69       ScreenlockBridge::Get()->lock_handler()->GetAuthType(user_id_);
  70
  71   if (auth_type != ScreenlockBridge::LockHandler::USER_CLICK) {
  72     Cancel(user_id_);
  73     return false;
  74   }
  75
  76   state_ = STATE_RUNNING;
  77
  78   if (!app_manager_->SendAuthAttemptEvent()) {
  79     Cancel(user_id_);
  80     return false;
  81   }
  82
  83   return true;
  84 }
  85
  86 void EasyUnlockAuthAttempt::FinalizeUnlock(const std::string& user_id,
  87                                            bool success) {
  88   if (state_ != STATE_RUNNING || user_id != user_id_)
  89     return;
  90
  91   if (!ScreenlockBridge::Get()->IsLocked())
  92     return;
  93
  94   if (type_ != TYPE_UNLOCK) {
  95     Cancel(user_id_);
  96     return;
  97   }
  98
  99   if (success) {
 100     ScreenlockBridge::Get()->lock_handler()->Unlock(user_id_);
 101   } else {
 102     ScreenlockBridge::Get()->lock_handler()->EnableInput();
 103   }
 104
 105   state_ = STATE_DONE;
 106 }
 107
 108 void EasyUnlockAuthAttempt::FinalizeSignin(const std::string& user_id,
 109                                            const std::string& wrapped_secret,
 110                                            const std::string& raw_session_key) {
 111   if (state_ != STATE_RUNNING || user_id != user_id_)
 112     return;
 113
 114   if (!ScreenlockBridge::Get()->IsLocked())
 115     return;
 116
 117   if (type_ != TYPE_SIGNIN) {
 118     Cancel(user_id_);
 119     return;
 120   }
 121
 122   if (wrapped_secret.empty()) {
 123     Cancel(user_id_);
 124     return;
 125   }
 126
 127   std::string unwrapped_secret = UnwrapSecret(wrapped_secret, raw_session_key);
 128
 129   std::string key_label;
 130 #if defined(OS_CHROMEOS)
 131   key_label = chromeos::EasyUnlockKeyManager::GetKeyLabel(0u);
 132 #endif  // defined(OS_CHROMEOS)
 133
 134   ScreenlockBridge::Get()->lock_handler()->AttemptEasySignin(
 135       user_id,
 136       unwrapped_secret,
 137       key_label);
 138   state_ = STATE_DONE;
 139 }
 140
 141 void EasyUnlockAuthAttempt::Cancel(const std::string& user_id) {
 142   state_ = STATE_DONE;
 143
 144   if (!ScreenlockBridge::Get()->IsLocked())
 145     return;
 146
 147   if (type_ == TYPE_UNLOCK) {
 148     ScreenlockBridge::Get()->lock_handler()->EnableInput();
 149   } else {
 150     // Attempting signin with an empty secret is equivalent to canceling the
 151     // attempt.
 152     ScreenlockBridge::Get()->lock_handler()->AttemptEasySignin(user_id, "", "");
 153   }
 154 }