cleanup: consolidate key label constants, add key algorithm usage docs

Bug: None Change-Id: Ie4329a1a00ad35316f22340a2ce42832427243c3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2549962 Commit-Queue: Denis Kuznetsov [CET] <antrim@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#829207}

cleanup: consolidate key label constants, add key algorithm usage docs
Bug: None Change-Id: Ie4329a1a00ad35316f22340a2ce42832427243c3 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2549962 Commit-Queue: Denis Kuznetsov [CET] <antrim@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#829207}
f8a14659 · Denis Kuznetsov · Commit Bot · 66ad0698 · f8a14659 · f8a14659
Commit f8a14659 authored Nov 19, 2020 by Denis Kuznetsov Committed by Commit Bot Nov 19, 2020
5 changed files
--- a/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc
+++ b/chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc
@@ -37,6 +37,7 @@
 #include "chromeos/dbus/cryptohome/account_identifier_operators.h"
 #include "chromeos/dbus/cryptohome/fake_cryptohome_client.h"
 #include "chromeos/dbus/cryptohome/rpc.pb.h"
+#include "chromeos/login/auth/cryptohome_key_constants.h"
 #include "chromeos/login/auth/key.h"
 #include "chromeos/login/auth/mock_auth_status_consumer.h"
 #include "chromeos/login/auth/test_attempt_state.h"
@@ -64,9 +65,6 @@ namespace chromeos {

 namespace {

-// Label under which the user's key is stored.
-const char kCryptohomeGAIAKeyLabel[] = "gaia";
-
 // Salt used by pre-hashed key.
 const char kSalt[] = "SALT $$";

@@ -167,7 +165,7 @@ class TestCryptohomeClient : public ::chromeos::FakeCryptohomeClient {
    if (is_create_attempt_expected_) {
      EXPECT_EQ(expected_authorization_secret_,
                request.create().keys(0).secret());
-      EXPECT_EQ(kCryptohomeGAIAKeyLabel,
+      EXPECT_EQ(kCryptohomeGaiaKeyLabel,
                request.create().keys(0).data().label());
    }
    EXPECT_EQ(expected_id_, cryptohome_id);
@@ -271,7 +269,7 @@ class CryptohomeAuthenticatorTest : public testing::Test {
    OwnerSettingsServiceChromeOSFactory::GetInstance()
        ->SetOwnerKeyUtilForTesting(owner_key_util_);
    Key key("fakepass");
-    key.SetLabel(kCryptohomeGAIAKeyLabel);
+    key.SetLabel(kCryptohomeGaiaKeyLabel);
    user_context_.SetKey(key);
    user_context_.SetUserIDHash("me_nowhere_com_hash");
    const user_manager::User* user =
@@ -380,7 +378,7 @@ class CryptohomeAuthenticatorTest : public testing::Test {
  void ExpectGetKeyDataExCall(std::unique_ptr<int64_t> key_type,
                              std::unique_ptr<std::string> salt) {
    auto key_definition = cryptohome::KeyDefinition::CreateForPassword(
-        std::string() /* secret */, kCryptohomeGAIAKeyLabel,
+        std::string() /* secret */, kCryptohomeGaiaKeyLabel,
        cryptohome::PRIV_DEFAULT);
    key_definition.revision = 1;
    if (key_type) {

--- a/chrome/browser/chromeos/login/quick_unlock/pin_storage_cryptohome.cc
+++ b/chrome/browser/chromeos/login/quick_unlock/pin_storage_cryptohome.cc
@@ -15,6 +15,7 @@
 #include "chromeos/cryptohome/homedir_methods.h"
 #include "chromeos/cryptohome/system_salt_getter.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
+#include "chromeos/login/auth/cryptohome_key_constants.h"
 #include "chromeos/login/auth/user_context.h"
 #include "components/account_id/account_id.h"
 #include "components/user_manager/known_user.h"
@@ -24,9 +25,6 @@ namespace quick_unlock {

 namespace {

-// Key label in cryptohome.
-constexpr char kCryptohomePinLabel[] = "pin";
-
 // Read the salt from local state.
 std::string GetSalt(const AccountId& account_id) {
  std::string salt;

--- a/chromeos/login/auth/cryptohome_key_constants.cc
+++ b/chromeos/login/auth/cryptohome_key_constants.cc
@@ -15,4 +15,6 @@ namespace chromeos {
 // key label.
 const char kCryptohomeGaiaKeyLabel[] = "gaia";

+const char kCryptohomePinLabel[] = "pin";
+
 }  // namespace chromeos
--- a/chromeos/login/auth/cryptohome_key_constants.h
+++ b/chromeos/login/auth/cryptohome_key_constants.h
@@ -12,6 +12,9 @@ namespace chromeos {
 COMPONENT_EXPORT(CHROMEOS_LOGIN_AUTH)
 extern const char kCryptohomeGaiaKeyLabel[];

+COMPONENT_EXPORT(CHROMEOS_LOGIN_AUTH)
+extern const char kCryptohomePinLabel[];
+
 }  // namespace chromeos

 #endif  // CHROMEOS_LOGIN_AUTH_CRYPTOHOME_KEY_CONSTANTS_H_
--- a/chromeos/login/auth/key.h
+++ b/chromeos/login/auth/key.h
@@ -19,12 +19,17 @@ class COMPONENT_EXPORT(CHROMEOS_LOGIN_AUTH) Key {
 public:
  enum KeyType {
    // Plain text password.
+    // Used in early stages of auth process.
    KEY_TYPE_PASSWORD_PLAIN = 0,
    // SHA256 of salt + password, first half only, lower-case hex encoded.
+    // This hashing is used for user password.
    KEY_TYPE_SALTED_SHA256_TOP_HALF = 1,
    // PBKDF2 with 256 bit AES and 1234 iterations, base64 encoded.
+    // This hashing is used for user PINs.
    KEY_TYPE_SALTED_PBKDF2_AES256_1234 = 2,
    // SHA256 of salt + password, base64 encoded.
+    // This hashing is not used at the moment, it is introduced for
+    // credentials passing API.
    KEY_TYPE_SALTED_SHA256 = 3,

    // Sentinel. Must be last.