Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(246)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/host/gnubby_util.cc

Issue 138753005: Add gnubby authentication to remoting host (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Address latest review comments Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« remoting/host/gnubby_auth_handler_posix.cc ('K') | « remoting/host/gnubby_util.h ('k') | remoting/host/gnubby_util_unittest.cc » ('j') | remoting/host/me2me_desktop_environment.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "remoting/host/gnubby_util.h"
6
7 #include <endian.h>
8 #include <algorithm>
9 #include <vector>
10
11 #include "base/base64.h"
12 #include "base/json/json_reader.h"
13 #include "base/json/json_writer.h"
14 #include "base/logging.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/values.h"
17 #include "remoting/base/logging.h"
18
19 namespace remoting {
20
21 namespace {
22
23 // Failure code to use when the code from the webapp response isn't available.
24 const int kGnubbyResponseFail = 1;
25
26 const int kSsh2AgentcGnubbySignRequest = 101; // 0x65
27 const int kSsh2AgentcGnubbySignResponse = 102; // 0x66
28
29 void WebSafeBase64Encode(const std::string& data, std::string* encoded_data) {
30 base::Base64Encode(data, encoded_data);
31
32 std::replace(encoded_data->begin(), encoded_data->end(), '+', '-');
33 std::replace(encoded_data->begin(), encoded_data->end(), '/', '_');
34 encoded_data->erase(
35 std::remove(encoded_data->begin(), encoded_data->end(), '='),
36 encoded_data->end());
37 }
38
39 void WebSafeBase64Decode(const std::string& encoded_data, std::string* data) {
40 std::string temp(encoded_data);
41 std::replace(temp.begin(), temp.end(), '-', '+');
42 std::replace(temp.begin(), temp.end(), '_', '/');
43
44 int num_equals = temp.length() % 3;
45 for (int i = 0; i < num_equals; ++i) {
Sergey Ulanov 2014/02/11 08:20:38 temp.append(num_equals, '=');
psj 2014/02/12 09:01:01 Done.
46 temp += "=";
47 }
48
49 base::Base64Decode(temp, data);
50 }
51
52 bool DecodeDataFromDictionary(const base::DictionaryValue& dictionary,
53 const std::string& path,
54 std::string* data) {
55 std::string encoded_data;
56 bool result = dictionary.GetString(path, &encoded_data);
57 if (result) {
58 WebSafeBase64Decode(encoded_data, data);
59 } else {
60 HOST_LOG << "Failed to get dictionary value " << path;
61 data->erase();
62 }
63 return result;
64 }
65
66 // Class to read gnubby blob data.
67 class BlobReader {
68 public:
69 // Create a blob with the given data. Does not take ownership of the memory.
70 BlobReader(const char* data, int data_len);
71 virtual ~BlobReader();
72
73 // Read a byte from the blob. Returns true on success.
74 bool ReadByte(char* value);
75
76 // Read a four byte size from the blob. Returns true on success.
77 bool ReadSize(int* value);
78
79 // Read a size-prefixed blob. Returns true on success.
80 bool ReadBlobReader(scoped_ptr<BlobReader>* value);
81
82 // Read a size-prefixed string from the blob. Returns true on success.
83 bool ReadString(std::string* value);
84
85 private:
86 // The blob data.
87 const char* data_;
88
89 // The length of the blob data.
90 int data_len_;
91
92 // The current read index.
93 int index_;
94
95 DISALLOW_COPY_AND_ASSIGN(BlobReader);
96 };
97
98 // Class to write gnubby blob data.
99 class BlobWriter {
100 public:
101 BlobWriter();
102 virtual ~BlobWriter();
103
104 // Write a byte to the blob.
105 void WriteByte(char value);
Sergey Ulanov 2014/02/11 08:20:38 uint8_t instead of char?
psj 2014/02/12 09:01:01 Done.
106
107 // Write a four byte size to the blob.
108 void WriteSize(int value);
Sergey Ulanov 2014/02/11 08:20:38 size_t to indicate that it's unsigned?
psj 2014/02/12 09:01:01 Done.
109
110 // Write a size-prefixed blob to the blob.
111 void WriteBlobWriter(const BlobWriter& value);
112
113 // Write a size-prefixed string to the blob.
114 void WriteString(const std::string& value);
115
116 // Returns the blob data.
117 void GetData(std::string* data) const;
Sergey Ulanov 2014/02/11 08:20:38 Maybe just return std::string?
psj 2014/02/12 09:01:01 Done.
118
119 private:
120 // The blob data.
121 std::vector<char> data_;
122
123 DISALLOW_COPY_AND_ASSIGN(BlobWriter);
124 };
125
126 BlobReader::BlobReader(const char* data, int data_len)
127 : data_(data), data_len_(data_len), index_(0) {}
128
129 BlobReader::~BlobReader() {}
130
131 bool BlobReader::ReadByte(char* value) {
132 if (data_len_ - index_ < 0) {
133 *value = 0;
134 return false;
135 }
136 *value = data_[index_++];
137 return true;
138 }
139
140 bool BlobReader::ReadSize(int* value) {
141 if (data_len_ - (index_ + 4) < 0) {
142 *value = 0;
143 return false;
144 }
145 *value = le32toh(
Sergey Ulanov 2014/02/11 08:20:38 AFAIK this is not a standard function. E.g. it doe
psj 2014/02/12 09:01:01 Done.
146 ((data_[index_] & 255) << 24) + ((data_[index_ + 1] & 255) << 16) +
147 ((data_[index_ + 2] & 255) << 8) + (data_[index_ + 3] & 255));
148 index_ += 4;
149 return true;
150 }
151
152 bool BlobReader::ReadBlobReader(scoped_ptr<BlobReader>* value) {
153 int blobSize;
Sergey Ulanov 2014/02/11 08:20:38 blob_size
psj 2014/02/12 09:01:01 Done.
154 if (!ReadSize(&blobSize) || data_len_ - (index_ + blobSize) < 0) {
Sergey Ulanov 2014/02/11 08:20:38 data_len_ < index_ + blobSize?
psj 2014/02/12 09:01:01 Done.
155 value->reset();
156 return 0;
157 }
158 value->reset(new BlobReader(data_ + index_, blobSize));
159 index_ += blobSize;
160 return true;
161 }
162
163 bool BlobReader::ReadString(std::string* value) {
164 int length;
165 if (!ReadSize(&length) || data_len_ - (index_ + length) < 0) {
Sergey Ulanov 2014/02/11 08:20:38 data_len_ < index_ + length?
psj 2014/02/12 09:01:01 Done.
166 value->erase();
167 return 0;
168 }
169 value->assign(data_ + index_, length);
170 index_ += length;
171 return true;
172 }
173
174 BlobWriter::BlobWriter() {}
175
176 BlobWriter::~BlobWriter() {}
177
178 void BlobWriter::WriteByte(char value) { data_.push_back(value); }
179
180 void BlobWriter::WriteSize(int value) {
181 int le_value = htole32(value);
Sergey Ulanov 2014/02/11 08:20:38 Same comment as the one above about le32toh()
psj 2014/02/12 09:01:01 Done.
182 data_.push_back((le_value & 0xff000000) >> 24);
183 data_.push_back((le_value & 0xff0000) >> 16);
184 data_.push_back((le_value & 0xff00) >> 8);
185 data_.push_back(le_value & 0xff);
186 }
187
188 void BlobWriter::WriteBlobWriter(const BlobWriter& value) {
189 std::string data;
190 value.GetData(&data);
191 WriteString(data);
192 }
193
194 void BlobWriter::WriteString(const std::string& value) {
195 WriteSize(value.length());
196 for (std::string::const_iterator i = value.begin(); i != value.end(); ++i) {
197 data_.push_back(*i);
198 }
199 }
200
201 void BlobWriter::GetData(std::string* data) const {
202 data->assign(data_.data(), data_.size());
203 }
204
205 } // namespace
206
207 bool GetJsonFromGnubbyRequest(const char* data,
208 int data_len,
209 std::string* json) {
210 json->empty();
211
212 BlobReader ssh_request(data, data_len);
213 scoped_ptr<BlobReader> blob;
214 if (!ssh_request.ReadBlobReader(&blob)) {
215 return false;
216 }
217
218 char cmd = 0;
219 char timeout = 0;
220 int request_count = 0;
221 bool result = blob->ReadByte(&cmd);
222 result = result && blob->ReadByte(&timeout);
223 result = result && blob->ReadSize(&request_count);
224 if (!result || cmd != kSsh2AgentcGnubbySignRequest) {
225 return false;
226 }
227
228 base::DictionaryValue request;
229 request.SetString("type", "sign_helper_request");
230 request.SetInteger("timeout", timeout);
231
232 base::ListValue* sign_requests = new base::ListValue();
233 request.Set("signData", sign_requests);
234
235 for (int i = 0; i < request_count; ++i) {
236 scoped_ptr<BlobReader> sign_request;
237 std::string version;
238 std::string challenge_hash;
239 std::string origin_hash;
240 std::string key_handle;
241
242 result = result && blob->ReadBlobReader(&sign_request);
243 result = result && sign_request->ReadString(&version);
244 result = result && sign_request->ReadString(&challenge_hash);
245 result = result && sign_request->ReadString(&origin_hash);
246 result = result && sign_request->ReadString(&key_handle);
247 if (!result) {
248 return false;
249 }
250
251 std::string encoded_origin_hash;
252 std::string encoded_challenge_hash;
253 std::string encoded_key_handle;
254
255 WebSafeBase64Encode(origin_hash, &encoded_origin_hash);
256 WebSafeBase64Encode(challenge_hash, &encoded_challenge_hash);
257 WebSafeBase64Encode(key_handle, &encoded_key_handle);
258
259 base::DictionaryValue* request = new base::DictionaryValue();
260 request->SetString("appIdHash", encoded_origin_hash);
261 request->SetString("challengeHash", encoded_challenge_hash);
262 request->SetString("keyHandle", encoded_key_handle);
263 request->SetString("version", version);
264 sign_requests->Append(request);
265 }
266
267 base::JSONWriter::Write(&request, json);
268 return true;
269 }
270
271 void GetGnubbyResponseFromJson(const std::string& json, std::string* data) {
272 data->erase();
273
274 scoped_ptr<base::Value> json_value(base::JSONReader::Read(json));
275 base::DictionaryValue* reply;
276 if (json_value && json_value->GetAsDictionary(&reply)) {
277 BlobWriter response;
278 response.WriteByte(kSsh2AgentcGnubbySignResponse);
279
280 int code;
281 bool result = reply->GetInteger("code", &code);
282 if (result && code == 0) {
283 response.WriteSize(code);
284
285 std::string type;
286 base::DictionaryValue* reply_data;
287 result = reply->GetString("type", &type);
288 result = result && type == "sign_helper_reply";
289 result = result && reply->GetDictionary("responseData", &reply_data);
290 if (result) {
291 BlobWriter tmp;
292 std::string version;
293 result = reply_data->GetString("version", &version);
294 if (result) {
295 tmp.WriteString(version);
296 } else {
297 tmp.WriteSize(0);
298 }
299
300 std::string challenge_hash;
301 std::string app_id_hash;
302 std::string key_handle;
303 std::string signature_data;
304
305 result = DecodeDataFromDictionary(
306 *reply_data, "challengeHash", &challenge_hash);
307 result = result && DecodeDataFromDictionary(
308 *reply_data, "appIdHash", &app_id_hash);
309 result = result && DecodeDataFromDictionary(
310 *reply_data, "keyHandle", &key_handle);
311 result = result && DecodeDataFromDictionary(
312 *reply_data, "signatureData", &signature_data);
313
314 if (result) {
315 tmp.WriteString(challenge_hash);
316 tmp.WriteString(app_id_hash);
317 tmp.WriteString(key_handle);
318 tmp.WriteString(signature_data);
319 }
320 response.WriteBlobWriter(tmp);
321 }
322 } else {
323 response.WriteSize(kGnubbyResponseFail);
324 }
325
326 BlobWriter ssh_response;
327 ssh_response.WriteBlobWriter(response);
328 ssh_response.GetData(data);
329
330 if (!result) {
331 HOST_LOG << "Failed to create valid blob from json";
332 }
333 } else {
334 HOST_LOG << "Could not parse json: " << json;
335 }
336 }
337
338 } // namespace remoting
OLDNEW
« remoting/host/gnubby_auth_handler_posix.cc ('K') | « remoting/host/gnubby_util.h ('k') | remoting/host/gnubby_util_unittest.cc » ('j') | remoting/host/me2me_desktop_environment.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698