| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/channel_authenticator.h" | 5 #include "remoting/protocol/channel_authenticator.h" |
| 6 | 6 |
| 7 #include "base/compiler_specific.h" | 7 #include "base/compiler_specific.h" |
| 8 #include "base/string_piece.h" | 8 #include "base/string_piece.h" |
| 9 #include "crypto/hmac.h" | 9 #include "crypto/hmac.h" |
| 10 #include "net/base/io_buffer.h" | 10 #include "net/base/io_buffer.h" |
| 11 #include "net/base/net_errors.h" | 11 #include "net/base/net_errors.h" |
| 12 #include "net/socket/ssl_client_socket.h" | 12 #include "net/socket/ssl_socket.h" |
| 13 #include "net/socket/ssl_server_socket.h" | |
| 14 #include "net/socket/stream_socket.h" | 13 #include "net/socket/stream_socket.h" |
| 15 | 14 |
| 16 namespace remoting { | 15 namespace remoting { |
| 17 namespace protocol { | 16 namespace protocol { |
| 18 | 17 |
| 19 namespace { | 18 namespace { |
| 20 | 19 |
| 21 // Labels for use when exporting the SSL master keys. | 20 // Labels for use when exporting the SSL master keys. |
| 22 const char kClientSslExporterLabel[] = "EXPORTER-remoting-channel-auth-client"; | 21 const char kClientSslExporterLabel[] = "EXPORTER-remoting-channel-auth-client"; |
| 23 | 22 |
| (...skipping 15 matching lines...) Expand all Loading... |
| 39 NOTREACHED() << "HMAC::Sign failed"; | 38 NOTREACHED() << "HMAC::Sign failed"; |
| 40 return false; | 39 return false; |
| 41 } | 40 } |
| 42 | 41 |
| 43 auth_bytes->assign(out_bytes, out_bytes + kAuthDigestLength); | 42 auth_bytes->assign(out_bytes, out_bytes + kAuthDigestLength); |
| 44 return true; | 43 return true; |
| 45 } | 44 } |
| 46 | 45 |
| 47 } // namespace | 46 } // namespace |
| 48 | 47 |
| 49 HostChannelAuthenticator::HostChannelAuthenticator(net::SSLServerSocket* socket) | 48 HostChannelAuthenticator::HostChannelAuthenticator( |
| 50 : socket_(socket), | 49 const std::string& shared_secret) |
| 50 : shared_secret_(shared_secret), |
| 51 socket_(NULL), |
| 51 ALLOW_THIS_IN_INITIALIZER_LIST(auth_read_callback_( | 52 ALLOW_THIS_IN_INITIALIZER_LIST(auth_read_callback_( |
| 52 this, &HostChannelAuthenticator::OnAuthBytesRead)) { | 53 this, &HostChannelAuthenticator::OnAuthBytesRead)) { |
| 53 } | 54 } |
| 54 | 55 |
| 55 HostChannelAuthenticator::~HostChannelAuthenticator() { | 56 HostChannelAuthenticator::~HostChannelAuthenticator() { |
| 56 } | 57 } |
| 57 | 58 |
| 58 void HostChannelAuthenticator::Authenticate(const std::string& shared_secret, | 59 void HostChannelAuthenticator::Authenticate(net::SSLSocket* socket, |
| 59 const DoneCallback& done_callback) { | 60 const DoneCallback& done_callback) { |
| 60 DCHECK(CalledOnValidThread()); | 61 DCHECK(CalledOnValidThread()); |
| 61 | 62 |
| 63 socket_ = socket; |
| 62 done_callback_ = done_callback; | 64 done_callback_ = done_callback; |
| 63 | 65 |
| 64 unsigned char key_material[kAuthDigestLength]; | 66 unsigned char key_material[kAuthDigestLength]; |
| 65 int result = socket_->ExportKeyingMaterial( | 67 int result = socket_->ExportKeyingMaterial( |
| 66 kClientSslExporterLabel, "", key_material, kAuthDigestLength); | 68 kClientSslExporterLabel, "", key_material, kAuthDigestLength); |
| 67 if (result != net::OK) { | 69 if (result != net::OK) { |
| 68 LOG(ERROR) << "Error fetching keying material: " << result; | 70 LOG(ERROR) << "Error fetching keying material: " << result; |
| 69 done_callback.Run(FAILURE); | 71 done_callback.Run(FAILURE); |
| 70 return; | 72 return; |
| 71 } | 73 } |
| 72 | 74 |
| 73 if (!GetAuthBytes(shared_secret, | 75 if (!GetAuthBytes(shared_secret_, |
| 74 std::string(key_material, key_material + kAuthDigestLength), | 76 std::string(key_material, key_material + kAuthDigestLength), |
| 75 &auth_bytes_)) { | 77 &auth_bytes_)) { |
| 76 done_callback.Run(FAILURE); | 78 done_callback.Run(FAILURE); |
| 77 return; | 79 return; |
| 78 } | 80 } |
| 79 | 81 |
| 80 // Read an authentication digest. | 82 // Read an authentication digest. |
| 81 auth_read_buf_ = new net::GrowableIOBuffer(); | 83 auth_read_buf_ = new net::GrowableIOBuffer(); |
| 82 auth_read_buf_->SetCapacity(kAuthDigestLength); | 84 auth_read_buf_->SetCapacity(kAuthDigestLength); |
| 83 DoAuthRead(); | 85 DoAuthRead(); |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 // Compare the received and expected digests in fixed time, to limit the | 134 // Compare the received and expected digests in fixed time, to limit the |
| 133 // scope for timing attacks. | 135 // scope for timing attacks. |
| 134 uint8 result = 0; | 136 uint8 result = 0; |
| 135 for (unsigned i = 0; i < auth_bytes_.length(); i++) { | 137 for (unsigned i = 0; i < auth_bytes_.length(); i++) { |
| 136 result |= received_auth_bytes[i] ^ auth_bytes_[i]; | 138 result |= received_auth_bytes[i] ^ auth_bytes_[i]; |
| 137 } | 139 } |
| 138 return result == 0; | 140 return result == 0; |
| 139 } | 141 } |
| 140 | 142 |
| 141 ClientChannelAuthenticator::ClientChannelAuthenticator( | 143 ClientChannelAuthenticator::ClientChannelAuthenticator( |
| 142 net::SSLClientSocket* socket) | 144 const std::string& shared_secret) |
| 143 : socket_(socket), | 145 : shared_secret_(shared_secret), |
| 146 socket_(NULL), |
| 144 ALLOW_THIS_IN_INITIALIZER_LIST(auth_write_callback_( | 147 ALLOW_THIS_IN_INITIALIZER_LIST(auth_write_callback_( |
| 145 this, &ClientChannelAuthenticator::OnAuthBytesWritten)) { | 148 this, &ClientChannelAuthenticator::OnAuthBytesWritten)) { |
| 146 } | 149 } |
| 147 | 150 |
| 148 ClientChannelAuthenticator::~ClientChannelAuthenticator() { | 151 ClientChannelAuthenticator::~ClientChannelAuthenticator() { |
| 149 } | 152 } |
| 150 | 153 |
| 151 void ClientChannelAuthenticator::Authenticate( | 154 void ClientChannelAuthenticator::Authenticate( |
| 152 const std::string& shared_secret, | 155 net::SSLSocket* socket, |
| 153 const DoneCallback& done_callback) { | 156 const DoneCallback& done_callback) { |
| 154 DCHECK(CalledOnValidThread()); | 157 DCHECK(CalledOnValidThread()); |
| 155 | 158 |
| 159 socket_ = socket; |
| 156 done_callback_ = done_callback; | 160 done_callback_ = done_callback; |
| 157 | 161 |
| 158 unsigned char key_material[kAuthDigestLength]; | 162 unsigned char key_material[kAuthDigestLength]; |
| 159 int result = socket_->ExportKeyingMaterial( | 163 int result = socket_->ExportKeyingMaterial( |
| 160 kClientSslExporterLabel, "", key_material, kAuthDigestLength); | 164 kClientSslExporterLabel, "", key_material, kAuthDigestLength); |
| 161 if (result != net::OK) { | 165 if (result != net::OK) { |
| 162 LOG(ERROR) << "Error fetching keying material: " << result; | 166 LOG(ERROR) << "Error fetching keying material: " << result; |
| 163 done_callback.Run(FAILURE); | 167 done_callback.Run(FAILURE); |
| 164 return; | 168 return; |
| 165 } | 169 } |
| 166 | 170 |
| 167 std::string auth_bytes; | 171 std::string auth_bytes; |
| 168 if (!GetAuthBytes(shared_secret, | 172 if (!GetAuthBytes(shared_secret_, |
| 169 std::string(key_material, key_material + kAuthDigestLength), | 173 std::string(key_material, key_material + kAuthDigestLength), |
| 170 &auth_bytes)) { | 174 &auth_bytes)) { |
| 171 done_callback.Run(FAILURE); | 175 done_callback.Run(FAILURE); |
| 172 return; | 176 return; |
| 173 } | 177 } |
| 174 | 178 |
| 175 // Allocate a buffer to write the authentication digest. | 179 // Allocate a buffer to write the authentication digest. |
| 176 auth_write_buf_ = new net::DrainableIOBuffer( | 180 auth_write_buf_ = new net::DrainableIOBuffer( |
| 177 new net::StringIOBuffer(auth_bytes), auth_bytes.size()); | 181 new net::StringIOBuffer(auth_bytes), auth_bytes.size()); |
| 178 DoAuthWrite(); | 182 DoAuthWrite(); |
| (...skipping 28 matching lines...) Expand all Loading... |
| 207 auth_write_buf_->DidConsume(result); | 211 auth_write_buf_->DidConsume(result); |
| 208 if (auth_write_buf_->BytesRemaining() > 0) | 212 if (auth_write_buf_->BytesRemaining() > 0) |
| 209 return true; | 213 return true; |
| 210 | 214 |
| 211 done_callback_.Run(SUCCESS); | 215 done_callback_.Run(SUCCESS); |
| 212 return false; | 216 return false; |
| 213 } | 217 } |
| 214 | 218 |
| 215 } // namespace protocol | 219 } // namespace protocol |
| 216 } // namespace remoting | 220 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8527018:
Refactor ChannelAuthenticator so that it can be used with Authenticator. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src