remoting/protocol/auth_util.cc - Issue 8604001: Move SSL layer initialization into ChannelAuthenticator implementations.

Side by Side Diff: remoting/protocol/auth_util.cc

Issue 8604001: Move SSL layer initialization into ChannelAuthenticator implementations. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: - Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "remoting/protocol/auth_util.h"

	6

	7 #include "base/base64.h"

	8 #include "base/logging.h"

	9 #include "base/string_util.h"

	10 #include "crypto/sha2.h"
	Wez 2011/11/22 22:29:48 This should come after crypto/hmac.h This should come after crypto/hmac.h Sergey Ulanov 2011/11/23 01:23:42 Done. Show quoted text On 2011/11/22 22:29:48, Wez wrote: > This should come after crypto/hmac.h Done.
	11 #include "crypto/hmac.h"

	12

	13 namespace remoting {

	14 namespace protocol {

	15

	16 const char kClientAuthSslExporterLabel[] =

	17 "EXPORTER-remoting-channel-auth-client";

	18

	19 const char kSslFakeHostName[] = "chromoting";

	20

	21 std::string GenerateSupportAuthToken(const std::string& jid,

	22 const std::string& access_code) {

	23 std::string sha256 = crypto::SHA256HashString(jid + " " + access_code);

	24 std::string sha256_base64;

	25 if (!base::Base64Encode(sha256, &sha256_base64)) {

	26 LOG(FATAL) << "Failed to encode auth token";
	Wez 2011/11/22 22:29:48 Out of interest, how on earth can that ever fail?? Out of interest, how on earth can that ever fail?? Sergey Ulanov 2011/11/23 01:23:42 It should not, that's why we have LOG(FATAL) here, Show quoted text On 2011/11/22 22:29:48, Wez wrote: > Out of interest, how on earth can that ever fail?? It should not, that's why we have LOG(FATAL) here, but there may be cases when we get error from the library (e.g. out of memory). Ignoring possible error is not a good idea.
	27 }

	28 return sha256_base64;

	29 }

	30

	31 bool VerifySupportAuthToken(const std::string& jid,

	32 const std::string& access_code,

	33 const std::string& auth_token) {

	34 std::string expected_token =

	35 GenerateSupportAuthToken(jid, access_code);

	36 return expected_token == auth_token;

	37 }

	38

	39 // static

	40 bool GetAuthBytes(const std::string& shared_secret,

	41 const std::string& key_material,

	42 std::string* auth_bytes) {

	43 // Generate auth digest based on the keying material and shared secret.

	44 crypto::HMAC response(crypto::HMAC::SHA256);

	45 if (!response.Init(key_material)) {

	46 NOTREACHED() << "HMAC::Init failed";
	Wez 2011/11/22 22:29:48 Would it be cleaner to get rid of the return code Would it be cleaner to get rid of the return code and CHECK() these? Sergey Ulanov 2011/11/23 01:23:42 This method may fail, for example, if key_material Show quoted text On 2011/11/22 22:29:48, Wez wrote: > Would it be cleaner to get rid of the return code and CHECK() these? This method may fail, for example, if key_material has invalid length. Also current code yields smaller binary, so I think it's better to keep it as it is.
	47 return false;

	48 }

	49 unsigned char out_bytes[kAuthDigestLength];

	50 if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) {

	51 NOTREACHED() << "HMAC::Sign failed";

	52 return false;

	53 }

	54

	55 auth_bytes->assign(out_bytes, out_bytes + kAuthDigestLength);

	56 return true;

	57 }

	58

	59 } // namespace protocol

	60 } // namespace remoting

OLD	NEW

« remoting/protocol/auth_util.h ('K') | « remoting/protocol/auth_util.h ('k') | remoting/protocol/channel_authenticator.h » ('j') | remoting/protocol/channel_authenticator.h » ('J')