chromium/chromeos/ash/components/osauth/impl/engines/cryptohome_pin_engine.cc

// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "chromeos/ash/components/osauth/impl/engines/cryptohome_pin_engine.h"

#include <optional>
#include <string>
#include <utility>

#include "ash/constants/ash_pref_names.h"
#include "base/check.h"
#include "base/logging.h"
#include "chromeos/ash/components/cryptohome/auth_factor.h"
#include "chromeos/ash/components/login/auth/auth_performer.h"
#include "chromeos/ash/components/login/auth/public/authentication_error.h"
#include "chromeos/ash/components/login/auth/public/user_context.h"
#include "chromeos/ash/components/osauth/impl/engines/cryptohome_based_engine.h"
#include "chromeos/ash/components/osauth/public/auth_factor_engine.h"
#include "chromeos/ash/components/osauth/public/common_types.h"
#include "chromeos/ash/components/osauth/public/cryptohome_core.h"
#include "components/account_id/account_id.h"
#include "components/prefs/pref_service.h"
#include "components/user_manager/known_user.h"

namespace ash {

CryptohomePinEngine::CryptohomePinEngine(CryptohomeCore& core,
                                         PrefService* local_state)
    : CryptohomeBasedEngine(core, AshAuthFactor::kCryptohomePin),
      local_state_(local_state) {}

CryptohomePinEngine::~CryptohomePinEngine() = default;

std::optional<cryptohome::AuthFactorRef> CryptohomePinEngine::LookUpFactor(
    UserContext& context) {
  const cryptohome::AuthFactor* pin_factor =
      context.GetAuthFactorsData().FindPinFactor();
  if (!pin_factor) {
    return std::nullopt;
  }
  return pin_factor->ref();
}

void CryptohomePinEngine::OnAuthFactorUpdate(cryptohome::AuthFactorRef factor) {
}

bool CryptohomePinEngine::IsDisabledByPolicy() {
  return false;
}

bool CryptohomePinEngine::IsLockedOut() {
  return false;
}

bool CryptohomePinEngine::IsFactorSpecificRestricted() {
  return false;
}

void CryptohomePinEngine::PerformPinAttempt(const std::string& raw_pin) {
  if (get_usage_allowed() != UsageAllowed::kEnabled) {
    LOG(ERROR) << "Ignoring pin attempt as factor is disabled";
    return;
  }
  CHECK(get_ref().has_value());
  get_observer()->OnFactorAttempt(GetFactor());
  get_core()->BorrowContext(
      base::BindOnce(&CryptohomePinEngine::PerformAuthenticationAttempt,
                     weak_factory_.GetWeakPtr(), raw_pin));
}

void CryptohomePinEngine::OnAuthAttempt(
    std::unique_ptr<UserContext> context,
    std::optional<AuthenticationError> error) {
  get_core()->ReturnContext(std::move(context));
  get_observer()->OnFactorAttemptResult(GetFactor(),
                                        /* success= */ !error.has_value());
}

void CryptohomePinEngine::PerformAuthenticationAttempt(
    const std::string& raw_pin,
    std::unique_ptr<UserContext> context) {
  const AccountId& account_id = context->GetAccountId();
  get_core()->GetAuthPerformer()->AuthenticateWithPin(
      raw_pin, GetUserSalt(account_id, local_state_), std::move(context),
      base::BindOnce(&CryptohomePinEngine::OnAuthAttempt,
                     weak_factory_.GetWeakPtr()));
}

std::string CryptohomePinEngine::GetUserSalt(const AccountId& account_id,
                                             PrefService* local_state) const {
  user_manager::KnownUser known_user(local_state);
  if (const std::string* salt =
          known_user.FindStringPath(account_id, prefs::kQuickUnlockPinSalt)) {
    return *salt;
  }
  return {};
}

CryptohomePinEngineFactory::CryptohomePinEngineFactory(PrefService* local_state)
    : local_state_(local_state) {}

CryptohomePinEngineFactory::~CryptohomePinEngineFactory() = default;

AshAuthFactor CryptohomePinEngineFactory::GetFactor() {
  return AshAuthFactor::kCryptohomePin;
}

std::unique_ptr<AuthFactorEngine> CryptohomePinEngineFactory::CreateEngine(
    AuthHubMode mode) {
  CHECK(CryptohomeCore::Get());
  return std::make_unique<CryptohomePinEngine>(*CryptohomeCore::Get(),
                                               local_state_);
}

}  // namespace ash