| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/channel_authenticator.h" | 5 #include "remoting/protocol/channel_authenticator.h" |
| 6 | 6 |
| 7 #include "base/compiler_specific.h" | 7 #include "base/compiler_specific.h" |
| 8 #include "base/string_piece.h" | 8 #include "base/string_piece.h" |
| 9 #include "crypto/hmac.h" | 9 #include "crypto/hmac.h" |
| 10 #include "net/base/io_buffer.h" | 10 #include "net/base/io_buffer.h" |
| 11 #include "net/base/net_errors.h" | 11 #include "net/base/net_errors.h" |
| 12 #include "net/socket/ssl_client_socket.h" | 12 #include "net/socket/ssl_client_socket.h" |
| 13 #include "net/socket/ssl_server_socket.h" | 13 #include "net/socket/ssl_server_socket.h" |
| 14 #include "net/socket/stream_socket.h" | 14 #include "net/socket/stream_socket.h" |
| 15 | 15 |
| 16 namespace remoting { | 16 namespace remoting { |
| 17 namespace protocol { | 17 namespace protocol { |
| 18 | 18 |
| 19 namespace { | 19 namespace { |
| 20 | 20 |
| 21 // Labels for use when exporting the SSL master keys. | 21 // Labels for use when exporting the SSL master keys. |
| 22 const char kClientSslExporterLabel[] = "EXPORTER-remoting-channel-auth-client"; | 22 const char kClientSslExporterLabel[] = "EXPORTER-remoting-channel-auth-client"; |
| 23 | 23 |
| 24 // Size of the HMAC-SHA-1 authentication digest. | 24 // Size of the HMAC-SHA-256 authentication digest. |
| 25 const size_t kAuthDigestLength = 20; | 25 const size_t kAuthDigestLength = 32; |
| 26 | 26 |
| 27 // static | 27 // static |
| 28 bool GetAuthBytes(const std::string& shared_secret, | 28 bool GetAuthBytes(const std::string& shared_secret, |
| 29 const std::string& key_material, | 29 const std::string& key_material, |
| 30 std::string* auth_bytes) { | 30 std::string* auth_bytes) { |
| 31 // Generate auth digest based on the keying material and shared secret. | 31 // Generate auth digest based on the keying material and shared secret. |
| 32 crypto::HMAC response(crypto::HMAC::SHA1); | 32 crypto::HMAC response(crypto::HMAC::SHA256); |
| 33 if (!response.Init(shared_secret)) { | 33 if (!response.Init(key_material)) { |
| 34 NOTREACHED() << "HMAC::Init failed"; | 34 NOTREACHED() << "HMAC::Init failed"; |
| 35 return false; | 35 return false; |
| 36 } | 36 } |
| 37 unsigned char out_bytes[kAuthDigestLength]; | 37 unsigned char out_bytes[kAuthDigestLength]; |
| 38 if (!response.Sign(key_material, out_bytes, kAuthDigestLength)) { | 38 if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) { |
| 39 NOTREACHED() << "HMAC::Sign failed"; | 39 NOTREACHED() << "HMAC::Sign failed"; |
| 40 return false; | 40 return false; |
| 41 } | 41 } |
| 42 | 42 |
| 43 auth_bytes->assign(out_bytes, out_bytes + kAuthDigestLength); | 43 auth_bytes->assign(out_bytes, out_bytes + kAuthDigestLength); |
| 44 return true; | 44 return true; |
| 45 } | 45 } |
| 46 | 46 |
| 47 } // namespace | 47 } // namespace |
| 48 | 48 |
| (...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 207 auth_write_buf_->DidConsume(result); | 207 auth_write_buf_->DidConsume(result); |
| 208 if (auth_write_buf_->BytesRemaining() > 0) | 208 if (auth_write_buf_->BytesRemaining() > 0) |
| 209 return true; | 209 return true; |
| 210 | 210 |
| 211 done_callback_.Run(SUCCESS); | 211 done_callback_.Run(SUCCESS); |
| 212 return false; | 212 return false; |
| 213 } | 213 } |
| 214 | 214 |
| 215 } // namespace protocol | 215 } // namespace protocol |
| 216 } // namespace remoting | 216 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7528015:
Use HMAC SHA-256, since SHA-1 won't work inside the Windows sandbox. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src