blob: 0cb753481885ef58eabd3b97b58cf1bfc9f3ebe8 [file] [log] [blame]
// Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Contains the implementation of class Mount
#include "user_session.h"
#include <openssl/evp.h>
#include "crypto.h"
namespace cryptohome {
const int kUserSessionSaltLength = 16;
const int kUserSessionIdLength = 128;
UserSession::UserSession()
: username_(),
crypto_(NULL),
username_salt_(),
key_salt_(),
cipher_() {
}
UserSession::~UserSession() {
}
void UserSession::Init(Crypto* crypto, const SecureBlob& salt) {
crypto_ = crypto;
username_salt_.assign(salt.begin(), salt.end());
}
bool UserSession::SetUser(const Credentials& credentials) {
username_ = credentials.GetObfuscatedUsername(username_salt_);
key_salt_.resize(PKCS5_SALT_LEN);
crypto_->GetSecureRandom(static_cast<unsigned char*>(key_salt_.data()),
key_salt_.size());
SecureBlob plaintext(kUserSessionIdLength);
crypto_->GetSecureRandom(static_cast<unsigned char*>(plaintext.data()),
plaintext.size());
SecureBlob passkey;
credentials.GetPasskey(&passkey);
SecureBlob aes_key;
SecureBlob aes_iv;
if (!crypto_->PasskeyToAesKey(passkey,
key_salt_,
cryptohome::kDefaultPasswordRounds,
&aes_key,
&aes_iv)) {
return false;
}
return crypto_->AesEncrypt(plaintext, 0, plaintext.size(), aes_key, aes_iv,
Crypto::kPaddingCryptohomeDefault, &cipher_);
}
void UserSession::Reset() {
username_ = "";
key_salt_.resize(0);
cipher_.resize(0);
}
bool UserSession::CheckUser(const Credentials& credentials) const {
std::string username = credentials.GetObfuscatedUsername(username_salt_);
return (username.compare(username_) == 0);
}
bool UserSession::Verify(const Credentials& credentials) const {
if (!CheckUser(credentials)) {
return false;
}
SecureBlob passkey;
credentials.GetPasskey(&passkey);
SecureBlob aes_key;
SecureBlob aes_iv;
if (!crypto_->PasskeyToAesKey(passkey,
key_salt_,
cryptohome::kDefaultPasswordRounds,
&aes_key,
&aes_iv)) {
return false;
}
SecureBlob plaintext;
return crypto_->AesDecrypt(cipher_, 0, cipher_.size(), aes_key, aes_iv,
Crypto::kPaddingCryptohomeDefault, &plaintext);
}
void UserSession::GetObfuscatedUsername(std::string* username) const {
username->assign(username_);
}
} // namespace cryptohome