1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/signin/local_auth.h"
6
7 #include "base/base64.h"
8 #include "base/logging.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/metrics/histogram.h"
11 #include "base/prefs/pref_service.h"
12 #include "base/strings/string_util.h"
13 #include "chrome/browser/browser_process.h"
14 #include "chrome/browser/profiles/profile.h"
15 #include "chrome/browser/profiles/profile_manager.h"
16 #include "chrome/common/pref_names.h"
17 #include "components/os_crypt/os_crypt.h"
18 #include "components/pref_registry/pref_registry_syncable.h"
19 #include "crypto/random.h"
20 #include "crypto/secure_util.h"
21 #include "crypto/symmetric_key.h"
22
23 namespace {
24
25 // WARNING: Changing these values will make it impossible to do off-line
26 // authentication until the next successful on-line authentication. To change
27 // these safely, change the "encoding" version below and make verification
28 // handle multiple values.
29 const char kHash1Encoding = '1';
30 const unsigned kHash1Bits = 256;
31 const unsigned kHash1Bytes = kHash1Bits / 8;
32 const unsigned kHash1IterationCount = 100000;
33
CreateSecurePasswordHash(const std::string & salt,const std::string & password,char encoding)34 std::string CreateSecurePasswordHash(const std::string& salt,
35 const std::string& password,
36 char encoding) {
37 DCHECK_EQ(kHash1Bytes, salt.length());
38 DCHECK_EQ(kHash1Encoding, encoding); // Currently support only one method.
39
40 base::Time start_time = base::Time::Now();
41
42 // Library call to create secure password hash as SymmetricKey (uses PBKDF2).
43 scoped_ptr<crypto::SymmetricKey> password_key(
44 crypto::SymmetricKey::DeriveKeyFromPassword(
45 crypto::SymmetricKey::AES,
46 password, salt,
47 kHash1IterationCount, kHash1Bits));
48 std::string password_hash;
49 const bool success = password_key->GetRawKey(&password_hash);
50 DCHECK(success);
51 DCHECK_EQ(kHash1Bytes, password_hash.length());
52
53 UMA_HISTOGRAM_TIMES("PasswordHash.CreateTime",
54 base::Time::Now() - start_time);
55
56 return password_hash;
57 }
58
EncodePasswordHashRecord(const std::string & record,char encoding)59 std::string EncodePasswordHashRecord(const std::string& record,
60 char encoding) {
61 DCHECK_EQ(kHash1Encoding, encoding); // Currently support only one method.
62
63 // Encrypt the hash using the OS account-password protection (if available).
64 std::string encoded;
65 const bool success = OSCrypt::EncryptString(record, &encoded);
66 DCHECK(success);
67
68 // Convert binary record to text for preference database.
69 std::string encoded64;
70 base::Base64Encode(encoded, &encoded64);
71
72 // Stuff the "encoding" value into the first byte.
73 encoded64.insert(0, &encoding, sizeof(encoding));
74
75 return encoded64;
76 }
77
DecodePasswordHashRecord(const std::string & encoded,std::string * decoded,char * encoding)78 bool DecodePasswordHashRecord(const std::string& encoded,
79 std::string* decoded,
80 char* encoding) {
81 // Extract the "encoding" value from the first byte and validate.
82 if (encoded.length() < 1)
83 return false;
84 *encoding = encoded[0];
85 if (*encoding != kHash1Encoding)
86 return false;
87
88 // Stored record is base64; convert to binary.
89 std::string unbase64;
90 if (!base::Base64Decode(encoded.substr(1), &unbase64))
91 return false;
92
93 // Decrypt the record using the OS account-password protection (if available).
94 return OSCrypt::DecryptString(unbase64, decoded);
95 }
96
97 } // namespace
98
99 namespace chrome {
100
RegisterLocalAuthPrefs(user_prefs::PrefRegistrySyncable * registry)101 void RegisterLocalAuthPrefs(user_prefs::PrefRegistrySyncable* registry) {
102 registry->RegisterStringPref(
103 prefs::kGoogleServicesPasswordHash,
104 std::string(),
105 user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
106 }
107
SetLocalAuthCredentials(size_t info_index,const std::string & password)108 void SetLocalAuthCredentials(size_t info_index,
109 const std::string& password) {
110 DCHECK(password.length());
111
112 // Salt should be random data, as long as the hash length, and different with
113 // every save.
114 std::string salt_str;
115 crypto::RandBytes(WriteInto(&salt_str, kHash1Bytes + 1), kHash1Bytes);
116 DCHECK_EQ(kHash1Bytes, salt_str.length());
117
118 // Perform secure hash of password for storage.
119 std::string password_hash = CreateSecurePasswordHash(
120 salt_str, password, kHash1Encoding);
121 DCHECK_EQ(kHash1Bytes, password_hash.length());
122
123 // Group all fields into a single record for storage;
124 std::string record;
125 record.append(salt_str);
126 record.append(password_hash);
127
128 // Encode it and store it.
129 std::string encoded = EncodePasswordHashRecord(record, kHash1Encoding);
130 ProfileInfoCache& info =
131 g_browser_process->profile_manager()->GetProfileInfoCache();
132 info.SetLocalAuthCredentialsOfProfileAtIndex(info_index, encoded);
133 }
134
SetLocalAuthCredentials(const Profile * profile,const std::string & password)135 void SetLocalAuthCredentials(const Profile* profile,
136 const std::string& password) {
137 DCHECK(profile);
138
139 ProfileInfoCache& info =
140 g_browser_process->profile_manager()->GetProfileInfoCache();
141 size_t info_index = info.GetIndexOfProfileWithPath(profile->GetPath());
142 if (info_index == std::string::npos) {
143 NOTREACHED();
144 return;
145 }
146 SetLocalAuthCredentials(info_index, password);
147 }
148
ValidateLocalAuthCredentials(size_t info_index,const std::string & password)149 bool ValidateLocalAuthCredentials(size_t info_index,
150 const std::string& password) {
151 std::string record;
152 char encoding;
153
154 ProfileInfoCache& info =
155 g_browser_process->profile_manager()->GetProfileInfoCache();
156
157 std::string encodedhash =
158 info.GetLocalAuthCredentialsOfProfileAtIndex(info_index);
159 if (encodedhash.length() == 0 && password.length() == 0)
160 return true;
161 if (!DecodePasswordHashRecord(encodedhash, &record, &encoding))
162 return false;
163
164 std::string password_hash;
165 const char* password_saved;
166 const char* password_check;
167 size_t password_length;
168
169 if (encoding == '1') {
170 // Validate correct length; extract salt and password hash.
171 if (record.length() != 2 * kHash1Bytes)
172 return false;
173 std::string salt_str(record.data(), kHash1Bytes);
174 password_saved = record.data() + kHash1Bytes;
175 password_hash = CreateSecurePasswordHash(salt_str, password, encoding);
176 password_check = password_hash.data();
177 password_length = kHash1Bytes;
178 } else {
179 // unknown encoding
180 return false;
181 }
182
183 return crypto::SecureMemEqual(password_saved, password_check,
184 password_length);
185 }
186
ValidateLocalAuthCredentials(const Profile * profile,const std::string & password)187 bool ValidateLocalAuthCredentials(const Profile* profile,
188 const std::string& password) {
189 DCHECK(profile);
190
191 ProfileInfoCache& info =
192 g_browser_process->profile_manager()->GetProfileInfoCache();
193 size_t info_index = info.GetIndexOfProfileWithPath(profile->GetPath());
194 if (info_index == std::string::npos) {
195 NOTREACHED(); // This should never happen but fail safely if it does.
196 return false;
197 }
198 return ValidateLocalAuthCredentials(info_index, password);
199 }
200
201 } // namespace chrome
202