| // Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // Contains the implementation of class Mount |
| |
| #include "user_session.h" |
| |
| #include <openssl/evp.h> |
| |
| #include "crypto.h" |
| |
| namespace cryptohome { |
| |
| const int kUserSessionSaltLength = 16; |
| const int kUserSessionIdLength = 128; |
| |
| UserSession::UserSession() |
| : username_(), |
| crypto_(NULL), |
| username_salt_(), |
| key_salt_(), |
| cipher_() { |
| } |
| |
| UserSession::~UserSession() { |
| } |
| |
| void UserSession::Init(Crypto* crypto, const SecureBlob& salt) { |
| crypto_ = crypto; |
| username_salt_.assign(salt.begin(), salt.end()); |
| } |
| |
| bool UserSession::SetUser(const Credentials& credentials) { |
| username_ = credentials.GetObfuscatedUsername(username_salt_); |
| |
| key_salt_.resize(PKCS5_SALT_LEN); |
| crypto_->GetSecureRandom(static_cast<unsigned char*>(key_salt_.data()), |
| key_salt_.size()); |
| SecureBlob plaintext(kUserSessionIdLength); |
| crypto_->GetSecureRandom(static_cast<unsigned char*>(plaintext.data()), |
| plaintext.size()); |
| |
| SecureBlob passkey; |
| credentials.GetPasskey(&passkey); |
| |
| SecureBlob aes_key; |
| SecureBlob aes_iv; |
| if (!crypto_->PasskeyToAesKey(passkey, |
| key_salt_, |
| cryptohome::kDefaultPasswordRounds, |
| &aes_key, |
| &aes_iv)) { |
| return false; |
| } |
| |
| return crypto_->AesEncrypt(plaintext, 0, plaintext.size(), aes_key, aes_iv, |
| Crypto::kPaddingCryptohomeDefault, &cipher_); |
| } |
| |
| void UserSession::Reset() { |
| username_ = ""; |
| key_salt_.resize(0); |
| cipher_.resize(0); |
| } |
| |
| bool UserSession::CheckUser(const Credentials& credentials) const { |
| std::string username = credentials.GetObfuscatedUsername(username_salt_); |
| |
| return (username.compare(username_) == 0); |
| } |
| |
| bool UserSession::Verify(const Credentials& credentials) const { |
| if (!CheckUser(credentials)) { |
| return false; |
| } |
| |
| SecureBlob passkey; |
| credentials.GetPasskey(&passkey); |
| |
| SecureBlob aes_key; |
| SecureBlob aes_iv; |
| if (!crypto_->PasskeyToAesKey(passkey, |
| key_salt_, |
| cryptohome::kDefaultPasswordRounds, |
| &aes_key, |
| &aes_iv)) { |
| return false; |
| } |
| |
| SecureBlob plaintext; |
| return crypto_->AesDecrypt(cipher_, 0, cipher_.size(), aes_key, aes_iv, |
| Crypto::kPaddingCryptohomeDefault, &plaintext); |
| } |
| |
| void UserSession::GetObfuscatedUsername(std::string* username) const { |
| username->assign(username_); |
| } |
| |
| } // namespace cryptohome |