blob: 861cc79c0f7e5a5047d70be7a0471162738cd787 [file] [log] [blame]
// Copyright (c) 2009-2010 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// UserSession - the UserSession class is used in re-authenticating the
// currently logged-in user. It allows offline credentials verification
// post-login without the expense of a TPM crypto operation (when the TPM is
// used for added security). User session works by generating a random blob and
// encrypting it using the user's credentials at login. When an offline
// credentials check occurs for this user, UserSession attempts to decrypt the
// encrypted representation of that blob. A successful decryption means that
// the supplied credentials are correct.
#ifndef CRYPTOHOME_USER_SESSION_H_
#define CRYPTOHOME_USER_SESSION_H_
#include <base/basictypes.h>
#include "credentials.h"
#include "secure_blob.h"
namespace cryptohome {
class Crypto;
class UserSession {
public:
UserSession();
virtual ~UserSession();
// Initializes the UserSession object.
//
// Parameters
// username - The user credentials to initialize this session with.
// salt - The salt to use for the username
virtual void Init(Crypto* crypto, const SecureBlob& salt);
// Assigns a user to the UserSession object. The random blob is created and
// encrypted with the supplied credentials.
//
// Parameters
// username - The user credentials to initialize this session with.
virtual bool SetUser(const Credentials& username);
// Resets the UserSession, clearing the current user and cipher text used for
// verification.
virtual void Reset();
// Checks that the user supplied is the user associated with this session
//
// Parameters
// username - The user to check this session against
virtual bool CheckUser(const Credentials& username) const;
// Checks that the user's credentials successfully decrypt the ciphertext
// associated with this session (and are therefore valid for this user).
//
// Parameters
// credentials - The user credentials to attempt decryption with
virtual bool Verify(const Credentials& credentials) const;
// Get the obfuscated username of this session
//
// Parameters
// username (OUT) - the username
virtual void GetObfuscatedUsername(std::string* username) const;
private:
std::string username_;
Crypto* crypto_;
SecureBlob username_salt_;
SecureBlob key_salt_;
SecureBlob cipher_;
DISALLOW_COPY_AND_ASSIGN(UserSession);
};
} // namespace cryptohome
#endif // CRYPTOHOME_USER_SESSION_H_