Move SSL layer initialization into ChannelAuthenticator implementations.

remoting/protocol/auth_util.h

Index: remoting/protocol/auth_util.h
diff --git a/remoting/protocol/auth_util.h b/remoting/protocol/auth_util.h
new file mode 100644
index 0000000000000000000000000000000000000000..7a81c126819b9073975ff21326a3ff8d5bcaf473
--- /dev/null
+++ b/remoting/protocol/auth_util.h
@@ -0,0 +1,39 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_PROTOCOL_AUTH_UTIL_H_
+#define REMOTING_PROTOCOL_AUTH_UTIL_H_

[Wez, 2011/11/22 22:29:48]

This code defines constants and functions for the IT2Me authentication protocol
version 1, so consider either naming this file accordingly, or putting the
definitions & functions in a namespace in this header?

[Sergey Ulanov, 2011/11/23 01:23:42]

Some of the code defined in this file will still be useful for EKE-based auth,
e.g. kSslFakeHostName, GetAuthBytes, etc. 

GenerateSupportAuthToken(), VerifySupportAuthToken() will not be used in the
future, but their names are unambiguous already. I agree that it would be better
to rename them, but I would prefer to do it in a separate CL.

+
+#include <string>
+
+namespace remoting {
+namespace protocol {
+
+// Labels for use when exporting the SSL master keys.
+extern const char kClientAuthSslExporterLabel[];
+
+// Fake hostname used for SSL connections.
+extern const char kSslFakeHostName[];
+
+// Size of the HMAC-SHA-256 authentication digest.
+const size_t kAuthDigestLength = 32;
+
+// Generates auth token for the specified |jid| and |access_code|.
+std::string GenerateSupportAuthToken(const std::string& jid,
+                                     const std::string& access_code);
+
+// Verifies validity of an |access_token|.
+bool VerifySupportAuthToken(const std::string& jid,
+                            const std::string& access_code,
+                            const std::string& auth_token);

[Wez, 2011/11/22 22:29:48]

Should these be base::StringPiece, not std::string?

[Sergey Ulanov, 2011/11/23 01:23:42]

Yes, but I just moving this code in this CL, so I'd rather to keep it as is.

+
+// Returns hash used for channel authentication.
+bool GetAuthBytes(const std::string& shared_secret,
+                  const std::string& key_material,
+                  std::string* auth_bytes);
+
+}  // namespace protocol
+}  // namespace remoting
+
+#endif  // REMOTING_PROTOCOL_AUTH_UTIL_H_