From 6bc9a331e82e4f94ca9e0f24eb0efa45ffc1e472 Mon Sep 17 00:00:00 2001 From: kozyatinskiy Date: Tue, 3 Feb 2015 02:16:42 -0800 Subject: [PATCH] Revert "Only store leading 13 bits of password hash." This reverts commit c511691cc06fd3a92f27e688795872e61efff40a. CL added SetUpgradeAndCheckCredentials test. This test failed on Mac 10.6 build bot. TBR=mlerman@chromium.org, NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=none Review URL: https://codereview.chromium.org/875983008 Cr-Commit-Position: refs/heads/master@{#314302} --- chrome/browser/signin/chrome_signin_client.cc | 2 +- chrome/browser/signin/local_auth.cc | 176 ++++++--------------- chrome/browser/signin/local_auth.h | 94 +++++------ chrome/browser/signin/local_auth_unittest.cc | 69 +------- chrome/browser/signin/signin_manager_factory.cc | 2 +- .../cocoa/profiles/profile_chooser_controller.mm | 1 + .../ui/views/profiles/profile_chooser_view.cc | 1 + .../ui/webui/signin/inline_login_handler_impl.cc | 2 +- .../ui/webui/signin/user_manager_screen_handler.cc | 10 +- tools/metrics/histograms/histograms.xml | 7 - 10 files changed, 105 insertions(+), 259 deletions(-) rewrite chrome/browser/signin/local_auth.h (71%) diff --git a/chrome/browser/signin/chrome_signin_client.cc b/chrome/browser/signin/chrome_signin_client.cc index 3315642feb9a..d3d2746e0229 100644 --- a/chrome/browser/signin/chrome_signin_client.cc +++ b/chrome/browser/signin/chrome_signin_client.cc @@ -248,7 +248,7 @@ void ChromeSigninClient::PostSignedIn(const std::string& account_id, #if !defined(OS_ANDROID) && !defined(OS_IOS) && !defined(OS_CHROMEOS) // Don't store password hash except when lock is available for the user. if (!password.empty() && profiles::IsLockAvailable(profile_)) - LocalAuth::SetLocalAuthCredentials(profile_, password); + chrome::SetLocalAuthCredentials(profile_, password); #endif } diff --git a/chrome/browser/signin/local_auth.cc b/chrome/browser/signin/local_auth.cc index 9b20c3228769..7748898f8e7a 100644 --- a/chrome/browser/signin/local_auth.cc +++ b/chrome/browser/signin/local_auth.cc @@ -22,81 +22,21 @@ namespace { -struct HashEncoding { - char version; - unsigned hash_bits; - unsigned hash_bytes; - unsigned iteration_count; - unsigned stored_bits; - unsigned stored_bytes; - - public: - HashEncoding(char version, - unsigned hash_bits, - unsigned hash_bytes, - unsigned iteration_count, - unsigned stored_bits, - unsigned stored_bytes) : - version(version), - hash_bits(hash_bits), - hash_bytes(hash_bytes), - iteration_count(iteration_count), - stored_bits(stored_bits), - stored_bytes(stored_bytes) {} -}; - // WARNING: Changing these values will make it impossible to do off-line // authentication until the next successful on-line authentication. To change -// these safely, add a new HashEncoding object below and increment -// NUM_HASH_ENCODINGS. -const char kHash1Version = '1'; +// these safely, change the "encoding" version below and make verification +// handle multiple values. +const char kHash1Encoding = '1'; const unsigned kHash1Bits = 256; const unsigned kHash1Bytes = kHash1Bits / 8; const unsigned kHash1IterationCount = 100000; -// Store 13 bits to provide pin-like security (8192 possible values), without -// providing a complete oracle for the user's GAIA password. -const char kHash2Version = '2'; -const unsigned kHash2Bits = 256; -const unsigned kHash2Bytes = kHash2Bits / 8; -const unsigned kHash2IterationCount = 100000; -const unsigned kHash2StoredBits = 13; -const unsigned kHash2StoredBytes = (kHash2StoredBits + 7) / 8; - -const int NUM_HASH_ENCODINGS = 2; -HashEncoding encodings[NUM_HASH_ENCODINGS] = { - HashEncoding( - kHash1Version, kHash1Bits, kHash1Bytes, kHash1IterationCount, 0, 0), - HashEncoding( - kHash2Version, kHash2Bits, kHash2Bytes, kHash2IterationCount, - kHash2StoredBits, kHash2StoredBytes) -}; - -const HashEncoding* GetEncodingForVersion(char version) { - // Note that versions are 1-indexed. - DCHECK(version > '0' && version <= ('0' + NUM_HASH_ENCODINGS)); - return &encodings[(version - '0') - 1]; -} - -std::string TruncateStringByBits(const std::string& str, - const size_t len_bits) { - if (len_bits % 8 == 0) - return str.substr(0, len_bits / 8); - - // The initial truncation copies whole bytes - int number_bytes = (len_bits + 7) / 8; - std::string truncated_string = str.substr(0, number_bytes); - - // Keep the prescribed number of bits from the last byte. - unsigned last_char_bitmask = (1 << (len_bits % 8)) - 1; - truncated_string[number_bytes - 1] &= last_char_bitmask; - return truncated_string; -} - std::string CreateSecurePasswordHash(const std::string& salt, const std::string& password, - const HashEncoding& encoding) { - DCHECK_EQ(encoding.hash_bytes, salt.length()); + char encoding) { + DCHECK_EQ(kHash1Bytes, salt.length()); + DCHECK_EQ(kHash1Encoding, encoding); // Currently support only one method. + base::Time start_time = base::Time::Now(); // Library call to create secure password hash as SymmetricKey (uses PBKDF2). @@ -104,26 +44,22 @@ std::string CreateSecurePasswordHash(const std::string& salt, crypto::SymmetricKey::DeriveKeyFromPassword( crypto::SymmetricKey::AES, password, salt, - encoding.iteration_count, encoding.hash_bits)); + kHash1IterationCount, kHash1Bits)); std::string password_hash; const bool success = password_key->GetRawKey(&password_hash); DCHECK(success); - DCHECK_EQ(encoding.hash_bytes, password_hash.length()); + DCHECK_EQ(kHash1Bytes, password_hash.length()); UMA_HISTOGRAM_TIMES("PasswordHash.CreateTime", base::Time::Now() - start_time); - if (encoding.stored_bits) { - password_hash = TruncateStringByBits(password_hash, encoding.stored_bits); - DCHECK_EQ(encoding.stored_bytes, password_hash.length()); - } - DCHECK_EQ(encoding.stored_bytes ? encoding.stored_bytes : encoding.hash_bytes, - password_hash.length()); return password_hash; } std::string EncodePasswordHashRecord(const std::string& record, - const HashEncoding& encoding) { + char encoding) { + DCHECK_EQ(kHash1Encoding, encoding); // Currently support only one method. + // Encrypt the hash using the OS account-password protection (if available). std::string encoded; const bool success = OSCrypt::EncryptString(record, &encoded); @@ -134,7 +70,7 @@ std::string EncodePasswordHashRecord(const std::string& record, base::Base64Encode(encoded, &encoded64); // Stuff the "encoding" value into the first byte. - encoded64.insert(0, &encoding.version, sizeof(encoding.version)); + encoded64.insert(0, &encoding, sizeof(encoding)); return encoded64; } @@ -146,7 +82,7 @@ bool DecodePasswordHashRecord(const std::string& encoded, if (encoded.length() < 1) return false; *encoding = encoded[0]; - if (!GetEncodingForVersion(*encoding)) + if (*encoding != kHash1Encoding) return false; // Stored record is base64; convert to binary. @@ -168,33 +104,33 @@ size_t GetProfileInfoIndexOfProfile(const Profile* profile) { } // namespace -std::string LocalAuth::TruncateStringByBits(const std::string& str, - const size_t len_bits) { - return ::TruncateStringByBits(str, len_bits); -} +namespace chrome { -void LocalAuth::RegisterLocalAuthPrefs( - user_prefs::PrefRegistrySyncable* registry) { +void RegisterLocalAuthPrefs(user_prefs::PrefRegistrySyncable* registry) { registry->RegisterStringPref( prefs::kGoogleServicesPasswordHash, std::string(), user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); } -void LocalAuth::SetLocalAuthCredentialsWithEncoding(size_t info_index, - const std::string& password, - char encoding_version) { - const HashEncoding& encoding = encodings[(encoding_version - '0') - 1]; +void SetLocalAuthCredentials(size_t info_index, + const std::string& password) { + if (info_index == std::string::npos) { + NOTREACHED(); + return; + } + DCHECK(password.length()); // Salt should be random data, as long as the hash length, and different with // every save. std::string salt_str; - crypto::RandBytes(WriteInto(&salt_str, encoding.hash_bytes + 1), - encoding.hash_bytes); + crypto::RandBytes(WriteInto(&salt_str, kHash1Bytes + 1), kHash1Bytes); + DCHECK_EQ(kHash1Bytes, salt_str.length()); // Perform secure hash of password for storage. std::string password_hash = CreateSecurePasswordHash( - salt_str, password, encoding); + salt_str, password, kHash1Encoding); + DCHECK_EQ(kHash1Bytes, password_hash.length()); // Group all fields into a single record for storage; std::string record; @@ -202,30 +138,19 @@ void LocalAuth::SetLocalAuthCredentialsWithEncoding(size_t info_index, record.append(password_hash); // Encode it and store it. - std::string encoded = EncodePasswordHashRecord(record, encoding); + std::string encoded = EncodePasswordHashRecord(record, kHash1Encoding); ProfileInfoCache& info = g_browser_process->profile_manager()->GetProfileInfoCache(); info.SetLocalAuthCredentialsOfProfileAtIndex(info_index, encoded); } -void LocalAuth::SetLocalAuthCredentials(size_t info_index, - const std::string& password) { - if (info_index == std::string::npos) { - NOTREACHED(); - return; - } - DCHECK(password.length()); - SetLocalAuthCredentialsWithEncoding( - info_index, password, '0' + NUM_HASH_ENCODINGS); -} - -void LocalAuth::SetLocalAuthCredentials(const Profile* profile, - const std::string& password) { +void SetLocalAuthCredentials(const Profile* profile, + const std::string& password) { SetLocalAuthCredentials(GetProfileInfoIndexOfProfile(profile), password); } -bool LocalAuth::ValidateLocalAuthCredentials(size_t info_index, - const std::string& password) { +bool ValidateLocalAuthCredentials(size_t info_index, + const std::string& password) { if (info_index == std::string::npos) { NOTREACHED(); return false; @@ -249,31 +174,28 @@ bool LocalAuth::ValidateLocalAuthCredentials(size_t info_index, const char* password_check; size_t password_length; - const HashEncoding* hash_encoding = GetEncodingForVersion(encoding); - if (!hash_encoding) { - // Unknown encoding. + if (encoding == '1') { + // Validate correct length; extract salt and password hash. + if (record.length() != 2 * kHash1Bytes) + return false; + std::string salt_str(record.data(), kHash1Bytes); + password_saved = record.data() + kHash1Bytes; + password_hash = CreateSecurePasswordHash(salt_str, password, encoding); + password_check = password_hash.data(); + password_length = kHash1Bytes; + } else { + // unknown encoding return false; } - // Extract salt. - std::string salt_str(record.data(), hash_encoding->hash_bytes); - // Extract password. - password_saved = record.data() + hash_encoding->hash_bytes; - password_hash = CreateSecurePasswordHash(salt_str, password, *hash_encoding); - password_length = hash_encoding->stored_bytes; - password_check = password_hash.data(); - - bool passwords_match = crypto::SecureMemEqual( - password_saved, password_check, password_length); - - // Update the stored credentials to the latest encoding if necessary. - if (passwords_match && (hash_encoding->version - '0') != NUM_HASH_ENCODINGS) - SetLocalAuthCredentials(info_index, password); - return passwords_match; + return crypto::SecureMemEqual(password_saved, password_check, + password_length); } -bool LocalAuth::ValidateLocalAuthCredentials(const Profile* profile, - const std::string& password) { +bool ValidateLocalAuthCredentials(const Profile* profile, + const std::string& password) { return ValidateLocalAuthCredentials(GetProfileInfoIndexOfProfile(profile), password); } + +} // namespace chrome diff --git a/chrome/browser/signin/local_auth.h b/chrome/browser/signin/local_auth.h dissimilarity index 71% index 570b5bc345a8..2342a8142a2d 100644 --- a/chrome/browser/signin/local_auth.h +++ b/chrome/browser/signin/local_auth.h @@ -1,56 +1,38 @@ -// Copyright 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. -// -// The local-auth module allows for user authentication in the case when -// on-line authentication is not possible (e.g. there is no network -// connection). - -#ifndef CHROME_BROWSER_SIGNIN_LOCAL_AUTH_H_ -#define CHROME_BROWSER_SIGNIN_LOCAL_AUTH_H_ - -#include - -#include "base/gtest_prod_util.h" - -class LocalAuthTest; -class Profile; - -namespace user_prefs { -class PrefRegistrySyncable; -} - -class LocalAuth { - public: - static void RegisterLocalAuthPrefs( - user_prefs::PrefRegistrySyncable* registry); - - static void SetLocalAuthCredentials(size_t profile_info_index, - const std::string& password); - - - static void SetLocalAuthCredentials(const Profile* profile, - const std::string& password); - - static bool ValidateLocalAuthCredentials(size_t profile_info_index, - const std::string& password); - - static bool ValidateLocalAuthCredentials(const Profile* profile, - const std::string& password); - - private: - FRIEND_TEST_ALL_PREFIXES(LocalAuthTest, SetUpgradeAndCheckCredentials); - FRIEND_TEST_ALL_PREFIXES(LocalAuthTest, TruncateStringEvenly); - FRIEND_TEST_ALL_PREFIXES(LocalAuthTest, TruncateStringUnevenly); - - // Return only the first |len_bits| bits of the string |str|. Defined here for - // testing. - static std::string TruncateStringByBits(const std::string& str, - const size_t len_bits); - - static void SetLocalAuthCredentialsWithEncoding(size_t profile_info_index, - const std::string& password, - char encoding_version); -}; - -#endif // CHROME_BROWSER_SIGNIN_LOCAL_AUTH_H_ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// +// The local-auth module allows for user authentication in the case when +// on-line authentication is not possible (e.g. there is no network +// connection). + +#ifndef CHROME_BROWSER_SIGNIN_LOCAL_AUTH_H_ +#define CHROME_BROWSER_SIGNIN_LOCAL_AUTH_H_ + +#include + +class Profile; + +namespace user_prefs { +class PrefRegistrySyncable; +} + +namespace chrome { + +void RegisterLocalAuthPrefs(user_prefs::PrefRegistrySyncable* registry); + +void SetLocalAuthCredentials(size_t profile_info_index, + const std::string& password); + +void SetLocalAuthCredentials(const Profile* profile, + const std::string& password); + +bool ValidateLocalAuthCredentials(size_t profile_info_index, + const std::string& password); + +bool ValidateLocalAuthCredentials(const Profile* profile, + const std::string& password); + +} // namespace chrome + +#endif // CHROME_BROWSER_SIGNIN_LOCAL_AUTH_H_ diff --git a/chrome/browser/signin/local_auth_unittest.cc b/chrome/browser/signin/local_auth_unittest.cc index 1a629e882023..68ee397043ad 100644 --- a/chrome/browser/signin/local_auth_unittest.cc +++ b/chrome/browser/signin/local_auth_unittest.cc @@ -15,6 +15,8 @@ #include "testing/gtest/include/gtest/gtest.h" +using namespace chrome; + TEST(LocalAuthTest, SetAndCheckCredentials) { TestingProfileManager testing_profile_manager( TestingBrowserProcess::GetGlobal()); @@ -30,9 +32,9 @@ TEST(LocalAuthTest, SetAndCheckCredentials) { #endif std::string password("Some Password"); - EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); + EXPECT_FALSE(ValidateLocalAuthCredentials(prof, password)); - LocalAuth::SetLocalAuthCredentials(prof, password); + SetLocalAuthCredentials(prof, password); std::string passhash = cache.GetLocalAuthCredentialsOfProfileAtIndex(0); // We perform basic validation on the written record to ensure bugs don't slip @@ -40,7 +42,7 @@ TEST(LocalAuthTest, SetAndCheckCredentials) { // - The encoding exists (we can guarantee future backward compatibility). // - The plaintext version of the password is not mistakenly stored anywhere. EXPECT_FALSE(passhash.empty()); - EXPECT_EQ('2', passhash[0]); + EXPECT_EQ('1', passhash[0]); EXPECT_EQ(passhash.find(password), std::string::npos); std::string decodedhash; @@ -48,64 +50,9 @@ TEST(LocalAuthTest, SetAndCheckCredentials) { EXPECT_FALSE(decodedhash.empty()); EXPECT_EQ(decodedhash.find(password), std::string::npos); - EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); - EXPECT_FALSE(LocalAuth::ValidateLocalAuthCredentials(prof, password + "1")); + EXPECT_TRUE(ValidateLocalAuthCredentials(prof, password)); + EXPECT_FALSE(ValidateLocalAuthCredentials(prof, password + "1")); - LocalAuth::SetLocalAuthCredentials(prof, password); // makes different salt + SetLocalAuthCredentials(prof, password); // makes different salt EXPECT_NE(passhash, cache.GetLocalAuthCredentialsOfProfileAtIndex(0)); } - - -TEST(LocalAuthTest, SetUpgradeAndCheckCredentials) { - TestingProfileManager testing_profile_manager( - TestingBrowserProcess::GetGlobal()); - ASSERT_TRUE(testing_profile_manager.SetUp()); - Profile* prof = testing_profile_manager.CreateTestingProfile("p1"); - ProfileInfoCache& cache = - testing_profile_manager.profile_manager()->GetProfileInfoCache(); - - std::string password("Some Password"); - size_t profile_index = cache.GetIndexOfProfileWithPath(prof->GetPath()); - LocalAuth::SetLocalAuthCredentialsWithEncoding(profile_index, password, '1'); - - // Ensure we indeed persisted the correct encoding. - std::string oldpasshash = cache.GetLocalAuthCredentialsOfProfileAtIndex( - profile_index); - EXPECT_EQ('1', oldpasshash[0]); - - // Validate, ensure we can validate against the old encoding. - EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); - - // Ensure we updated the encoding. - std::string newpasshash = cache.GetLocalAuthCredentialsOfProfileAtIndex( - profile_index); - EXPECT_EQ('2', newpasshash[0]); - // Encoding '2' writes fewer bytes than encoding '1'. - EXPECT_LE(newpasshash.length(), oldpasshash.length()); - - // Validate, ensure we validate against the new encoding. - EXPECT_TRUE(LocalAuth::ValidateLocalAuthCredentials(prof, password)); -} - -// Test truncation where each byte is left whole. -TEST(LocalAuthTest, TruncateStringEvenly) { - std::string two_chars = "A6"; - std::string three_chars = "A6C"; - EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 16)); - EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 16)); - - EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(two_chars, 14)); - EXPECT_EQ(two_chars, LocalAuth::TruncateStringByBits(three_chars, 14)); -} - -// Test truncation that affects the results within a byte. -TEST(LocalAuthTest, TruncateStringUnevenly) { - std::string two_chars = "Az"; - std::string three_chars = "AzC"; - // 'z' = 0x7A, ':' = 0x3A. - std::string two_chars_truncated = "A:"; - EXPECT_EQ(two_chars_truncated, - LocalAuth::TruncateStringByBits(two_chars, 14)); - EXPECT_EQ(two_chars_truncated, - LocalAuth::TruncateStringByBits(three_chars, 14)); -} diff --git a/chrome/browser/signin/signin_manager_factory.cc b/chrome/browser/signin/signin_manager_factory.cc index 7867c6941193..a7915f3b0b59 100644 --- a/chrome/browser/signin/signin_manager_factory.cc +++ b/chrome/browser/signin/signin_manager_factory.cc @@ -103,7 +103,7 @@ void SigninManagerFactory::RegisterProfilePrefs( prefs::kSignedInTime, base::Time().ToInternalValue(), user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF); - LocalAuth::RegisterLocalAuthPrefs(registry); + chrome::RegisterLocalAuthPrefs(registry); } // static diff --git a/chrome/browser/ui/cocoa/profiles/profile_chooser_controller.mm b/chrome/browser/ui/cocoa/profiles/profile_chooser_controller.mm index cc431404edf2..b86fd5541f34 100644 --- a/chrome/browser/ui/cocoa/profiles/profile_chooser_controller.mm +++ b/chrome/browser/ui/cocoa/profiles/profile_chooser_controller.mm @@ -25,6 +25,7 @@ #include "chrome/browser/profiles/profile_metrics.h" #include "chrome/browser/profiles/profile_window.h" #include "chrome/browser/profiles/profiles_state.h" +#include "chrome/browser/signin/local_auth.h" #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" #include "chrome/browser/signin/signin_header_helper.h" #include "chrome/browser/signin/signin_manager_factory.h" diff --git a/chrome/browser/ui/views/profiles/profile_chooser_view.cc b/chrome/browser/ui/views/profiles/profile_chooser_view.cc index 188dc8c7a790..86f0e2a590bb 100644 --- a/chrome/browser/ui/views/profiles/profile_chooser_view.cc +++ b/chrome/browser/ui/views/profiles/profile_chooser_view.cc @@ -15,6 +15,7 @@ #include "chrome/browser/profiles/profile_metrics.h" #include "chrome/browser/profiles/profile_window.h" #include "chrome/browser/profiles/profiles_state.h" +#include "chrome/browser/signin/local_auth.h" #include "chrome/browser/signin/profile_oauth2_token_service_factory.h" #include "chrome/browser/signin/signin_header_helper.h" #include "chrome/browser/signin/signin_manager_factory.h" diff --git a/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc b/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc index d9ed6882a232..308460c7b8e8 100644 --- a/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc +++ b/chrome/browser/ui/webui/signin/inline_login_handler_impl.cc @@ -140,7 +140,7 @@ void InlineSigninHelper::OnClientOAuthSuccess(const ClientOAuthResult& result) { switches::IsNewProfileManagement() && !password_.empty() && profiles::IsLockAvailable(profile_)) { - LocalAuth::SetLocalAuthCredentials(profile_, password_); + chrome::SetLocalAuthCredentials(profile_, password_); } if (source == signin_metrics::SOURCE_AVATAR_BUBBLE_ADD_ACCOUNT || diff --git a/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc b/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc index 1a15f8e6b17b..0ba5513e4ec0 100644 --- a/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc +++ b/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc @@ -414,7 +414,7 @@ void UserManagerScreenHandler::HandleAuthenticatedLaunchUser( } authenticating_profile_index_ = profile_index; - if (!LocalAuth::ValidateLocalAuthCredentials(profile_index, password)) { + if (!chrome::ValidateLocalAuthCredentials(profile_index, password)) { // Make a second attempt via an on-line authentication call. This handles // profiles that are missing sign-in credentials and also cases where the // password has been changed externally. @@ -525,8 +525,8 @@ void UserManagerScreenHandler::HandleHardlockUserPod( void UserManagerScreenHandler::OnClientLoginSuccess( const ClientLoginResult& result) { - LocalAuth::SetLocalAuthCredentials(authenticating_profile_index_, - password_attempt_); + chrome::SetLocalAuthCredentials(authenticating_profile_index_, + password_attempt_); ReportAuthenticationResult(true, ProfileMetrics::AUTH_ONLINE); } @@ -547,8 +547,8 @@ void UserManagerScreenHandler::OnClientLoginFailure( // profile was locked. Save the password to streamline future unlocks. if (success) { DCHECK(!password_attempt_.empty()); - LocalAuth::SetLocalAuthCredentials(authenticating_profile_index_, - password_attempt_); + chrome::SetLocalAuthCredentials(authenticating_profile_index_, + password_attempt_); } bool offline = (state == GoogleServiceAuthError::CONNECTION_FAILED || diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml index dd6c1a631aa4..cfdf80ebc0be 100644 --- a/tools/metrics/histograms/histograms.xml +++ b/tools/metrics/histograms/histograms.xml @@ -23283,13 +23283,6 @@ Therefore, the affected-histogram name has to have at least one dot in it. - - mlerman@chromium.org - - Time required to create the local hash of the user's GAIA password. - - - gcasto@chromium.org vabr@chromium.org -- 2.11.4.GIT