1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "chrome/browser/signin/local_auth.h"
6
7#include "base/base64.h"
8#include "base/logging.h"
9#include "base/memory/scoped_ptr.h"
10#include "base/metrics/histogram.h"
11#include "base/prefs/pref_service.h"
12#include "base/strings/string_util.h"
13#include "chrome/browser/browser_process.h"
14#include "chrome/browser/profiles/profile.h"
15#include "chrome/browser/profiles/profile_manager.h"
16#include "chrome/common/pref_names.h"
17#include "components/user_prefs/pref_registry_syncable.h"
18#include "components/webdata/encryptor/encryptor.h"
19#include "crypto/random.h"
20#include "crypto/secure_util.h"
21#include "crypto/symmetric_key.h"
22
23namespace {
24
25// WARNING: Changing these values will make it impossible to do off-line
26// authentication until the next successful on-line authentication.  To change
27// these safely, change the "encoding" version below and make verification
28// handle multiple values.
29const char kHash1Encoding = '1';
30const unsigned kHash1Bits = 256;
31const unsigned kHash1Bytes = kHash1Bits / 8;
32const unsigned kHash1IterationCount = 100000;
33
34std::string CreateSecurePasswordHash(const std::string& salt,
35                                     const std::string& password,
36                                     char encoding) {
37  DCHECK_EQ(kHash1Bytes, salt.length());
38  DCHECK_EQ(kHash1Encoding, encoding);  // Currently support only one method.
39
40  base::Time start_time = base::Time::Now();
41
42  // Library call to create secure password hash as SymmetricKey (uses PBKDF2).
43  scoped_ptr<crypto::SymmetricKey> password_key(
44      crypto::SymmetricKey::DeriveKeyFromPassword(
45          crypto::SymmetricKey::AES,
46          password, salt,
47          kHash1IterationCount, kHash1Bits));
48  std::string password_hash;
49  const bool success = password_key->GetRawKey(&password_hash);
50  DCHECK(success);
51  DCHECK_EQ(kHash1Bytes, password_hash.length());
52
53  UMA_HISTOGRAM_TIMES("PasswordHash.CreateTime",
54                      base::Time::Now() - start_time);
55
56  return password_hash;
57}
58
59std::string EncodePasswordHashRecord(const std::string& record,
60                                     char encoding) {
61  DCHECK_EQ(kHash1Encoding, encoding);  // Currently support only one method.
62
63  // Encrypt the hash using the OS account-password protection (if available).
64  std::string encoded;
65  const bool success = Encryptor::EncryptString(record, &encoded);
66  DCHECK(success);
67
68  // Convert binary record to text for preference database.
69  std::string encoded64;
70  base::Base64Encode(encoded, &encoded64);
71
72  // Stuff the "encoding" value into the first byte.
73  encoded64.insert(0, &encoding, sizeof(encoding));
74
75  return encoded64;
76}
77
78bool DecodePasswordHashRecord(const std::string& encoded,
79                              std::string* decoded,
80                              char* encoding) {
81  // Extract the "encoding" value from the first byte and validate.
82  if (encoded.length() < 1)
83    return false;
84  *encoding = encoded[0];
85  if (*encoding != kHash1Encoding)
86    return false;
87
88  // Stored record is base64; convert to binary.
89  std::string unbase64;
90  if (!base::Base64Decode(encoded.substr(1), &unbase64))
91    return false;
92
93  // Decrypt the record using the OS account-password protection (if available).
94  return Encryptor::DecryptString(unbase64, decoded);
95}
96
97}  // namespace
98
99namespace chrome {
100
101void RegisterLocalAuthPrefs(user_prefs::PrefRegistrySyncable* registry) {
102  registry->RegisterStringPref(
103      prefs::kGoogleServicesPasswordHash,
104      std::string(),
105      user_prefs::PrefRegistrySyncable::UNSYNCABLE_PREF);
106}
107
108void SetLocalAuthCredentials(size_t info_index,
109                             const std::string& password) {
110  DCHECK(password.length());
111
112  // Salt should be random data, as long as the hash length, and different with
113  // every save.
114  std::string salt_str;
115  crypto::RandBytes(WriteInto(&salt_str, kHash1Bytes + 1), kHash1Bytes);
116  DCHECK_EQ(kHash1Bytes, salt_str.length());
117
118  // Perform secure hash of password for storage.
119  std::string password_hash = CreateSecurePasswordHash(
120      salt_str, password, kHash1Encoding);
121  DCHECK_EQ(kHash1Bytes, password_hash.length());
122
123  // Group all fields into a single record for storage;
124  std::string record;
125  record.append(salt_str);
126  record.append(password_hash);
127
128  // Encode it and store it.
129  std::string encoded = EncodePasswordHashRecord(record, kHash1Encoding);
130  ProfileInfoCache& info =
131      g_browser_process->profile_manager()->GetProfileInfoCache();
132  info.SetLocalAuthCredentialsOfProfileAtIndex(info_index, encoded);
133}
134
135void SetLocalAuthCredentials(const Profile* profile,
136                             const std::string& password) {
137  DCHECK(profile);
138
139  ProfileInfoCache& info =
140      g_browser_process->profile_manager()->GetProfileInfoCache();
141  size_t info_index = info.GetIndexOfProfileWithPath(profile->GetPath());
142  if (info_index == std::string::npos) {
143    NOTREACHED();
144    return;
145  }
146  SetLocalAuthCredentials(info_index, password);
147}
148
149bool ValidateLocalAuthCredentials(size_t info_index,
150                                  const std::string& password) {
151  std::string record;
152  char encoding;
153
154  ProfileInfoCache& info =
155      g_browser_process->profile_manager()->GetProfileInfoCache();
156
157  std::string encodedhash =
158      info.GetLocalAuthCredentialsOfProfileAtIndex(info_index);
159  if (encodedhash.length() == 0 && password.length() == 0)
160    return true;
161  if (!DecodePasswordHashRecord(encodedhash, &record, &encoding))
162    return false;
163
164  std::string password_hash;
165  const char* password_saved;
166  const char* password_check;
167  size_t password_length;
168
169  if (encoding == '1') {
170    // Validate correct length; extract salt and password hash.
171    if (record.length() != 2 * kHash1Bytes)
172      return false;
173    std::string salt_str(record.data(), kHash1Bytes);
174    password_saved = record.data() + kHash1Bytes;
175    password_hash = CreateSecurePasswordHash(salt_str, password, encoding);
176    password_check = password_hash.data();
177    password_length = kHash1Bytes;
178  } else {
179    // unknown encoding
180    return false;
181  }
182
183  return crypto::SecureMemEqual(password_saved, password_check,
184                                password_length);
185}
186
187bool ValidateLocalAuthCredentials(const Profile* profile,
188                                  const std::string& password) {
189  DCHECK(profile);
190
191  ProfileInfoCache& info =
192      g_browser_process->profile_manager()->GetProfileInfoCache();
193  size_t info_index = info.GetIndexOfProfileWithPath(profile->GetPath());
194  if (info_index == std::string::npos) {
195    NOTREACHED();  // This should never happen but fail safely if it does.
196    return false;
197  }
198  return ValidateLocalAuthCredentials(info_index, password);
199}
200
201}  // namespace chrome
202