Chromium Code Reviews Chromium Code Reviews
Issue 138753005:
Add gnubby authentication to remoting host (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: remoting/host/gnubby_utils.cc |
| diff --git a/remoting/host/gnubby_utils.cc b/remoting/host/gnubby_utils.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..64663805aec27906ad3ab3be142e9fda9cbd8692 |
| --- /dev/null |
| +++ b/remoting/host/gnubby_utils.cc |
| @@ -0,0 +1,343 @@ |
| +// Copyright 2014 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "remoting/host/gnubby_utils.h" |
| + |
| +#include <algorithm> |
| +#include <vector> |
| + |
| +#include "base/base64.h" |
| +#include "base/json/json_reader.h" |
| +#include "base/json/json_writer.h" |
| +#include "base/logging.h" |
| +#include "base/memory/scoped_ptr.h" |
| +#include "base/values.h" |
| +#include "remoting/base/logging.h" |
| + |
| +namespace remoting { |
| + |
| +namespace { |
| + |
| +// Failure code to use when the code from the webapp response isn't available. |
| +const int kGnubbyResponseFail = 1; |
| + |
| +const int kSsh2AgentcGnubbySignRequest = 101; // 0x65 |
| +const int kSsh2AgentcGnubbySignResponse = 102; // 0x66 |
| + |
| +// Class to read gnubby blob data. |
| +class BlobReader { |
|
Sergey Ulanov
2014/02/09 22:29:54
Reuse Pickle from base/pickle.h?
psj
2014/02/10 22:57:22
Unfortunately not. Pickle pads to int boundaries a
|
| + public: |
| + // Create a blob with the given data. Does not take ownership of the memory. |
| + BlobReader(const char* data, int data_len); |
| + virtual ~BlobReader(); |
| + |
| + // Read a byte from the blob. Returns true on success. |
| + bool ReadByte(char* value); |
| + |
| + // Read a four byte size from the blob. Returns true on success. |
| + bool ReadSize(int* value); |
| + |
| + // Read a size-prefixed blob. Returns true on success. |
| + bool ReadBlobReader(scoped_ptr<BlobReader>* value); |
| + |
| + // Read a size-prefixed string from the blob. Returns true on success. |
| + bool ReadString(std::string* value); |
| + |
| + private: |
| + // The blob data. |
| + const char* data_; |
| + |
| + // The length of the blob data. |
| + int data_len_; |
| + |
| + // The current read index. |
| + int index_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(BlobReader); |
| +}; |
| + |
| +// Class to write gnubby blob data. |
| +class BlobWriter { |
|
Sergey Ulanov
2014/02/09 22:29:54
ditto
psj
2014/02/10 22:57:22
ditto
|
| + public: |
| + BlobWriter(); |
| + virtual ~BlobWriter(); |
| + |
| + // Write a byte to the blob. |
| + void WriteByte(char value); |
| + |
| + // Write a four byte size to the blob. |
| + void WriteSize(int value); |
| + |
| + // Write a size-prefixed blob to the blob. |
| + void WriteBlobWriter(const BlobWriter& value); |
| + |
| + // Write a size-prefixed string to the blob. |
| + void WriteString(const std::string& value); |
| + |
| + // Returns the blob data. |
| + void GetData(std::string* data) const; |
| + |
| + private: |
| + // The blob data. |
| + std::vector<char> data_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(BlobWriter); |
| +}; |
| + |
| +BlobReader::BlobReader(const char* data, int data_len) |
| + : data_(data), data_len_(data_len), index_(0) {} |
| + |
| +BlobReader::~BlobReader() {} |
| + |
| +bool BlobReader::ReadByte(char* value) { |
| + if (data_len_ - index_ < 0) { |
| + *value = 0; |
| + return false; |
| + } |
| + *value = data_[index_++]; |
| + return true; |
| +} |
| + |
| +bool BlobReader::ReadSize(int* value) { |
| + if (data_len_ - (index_ + 4) < 0) { |
| + *value = 0; |
| + return false; |
| + } |
| + *value = |
| + ((data_[index_] & 255) << 24) + |
| + ((data_[index_ + 1] & 255) << 16) + |
| + ((data_[index_ + 2] & 255) << 8) + |
| + (data_[index_ + 3] & 255); |
| + index_ += 4; |
| + return true; |
| +} |
| + |
| +bool BlobReader::ReadBlobReader(scoped_ptr<BlobReader>* value) { |
| + int blobSize; |
| + if (!ReadSize(&blobSize) || data_len_ - (index_ + blobSize) < 0) { |
| + value->reset(); |
| + return 0; |
| + } |
| + value->reset(new BlobReader(data_ + index_, blobSize)); |
| + index_ += blobSize; |
| + return true; |
| +} |
| + |
| +bool BlobReader::ReadString(std::string* value) { |
| + int length; |
| + if (!ReadSize(&length) || data_len_ - (index_ + length) < 0) { |
| + value->erase(); |
| + return 0; |
| + } |
| + value->assign(data_ + index_, length); |
| + index_ += length; |
| + return true; |
| +} |
| + |
| +BlobWriter::BlobWriter() {} |
| + |
| +BlobWriter::~BlobWriter() {} |
| + |
| +void BlobWriter::WriteByte(char value) { |
| + data_.push_back(value); |
| +} |
| + |
| +void BlobWriter::WriteSize(int value) { |
| + data_.push_back((value & 0xff000000) >> 24); |
| + data_.push_back((value & 0xff0000) >> 16); |
| + data_.push_back((value & 0xff00) >> 8); |
| + data_.push_back(value & 0xff); |
| +} |
| + |
| +void BlobWriter::WriteBlobWriter(const BlobWriter& value) { |
| + std::string data; |
| + value.GetData(&data); |
| + WriteString(data); |
| +} |
| + |
| +void BlobWriter::WriteString(const std::string& value) { |
| + WriteSize(value.length()); |
| + for (std::string::const_iterator i = value.begin(); i != value.end(); ++i) { |
| + data_.push_back(*i); |
| + } |
| +} |
| + |
| +void BlobWriter::GetData(std::string* data) const { |
| + data->assign(data_.data(), data_.size()); |
| +} |
| + |
| +} // namespace |
| + |
| +bool GnubbyUtils::GetJsonFromRequest(const char* data, |
| + int data_len, |
| + std::string* json) { |
| + json->empty(); |
| + |
| + BlobReader ssh_request(data, data_len); |
| + scoped_ptr<BlobReader> blob; |
| + if (!ssh_request.ReadBlobReader(&blob)) { |
| + return false; |
| + } |
| + |
| + char cmd = 0; |
| + char timeout = 0; |
| + int request_count = 0; |
| + bool result = blob->ReadByte(&cmd); |
| + result = result && blob->ReadByte(&timeout); |
| + result = result && blob->ReadSize(&request_count); |
| + if (!result || cmd != kSsh2AgentcGnubbySignRequest) { |
| + return false; |
| + } |
| + |
| + base::DictionaryValue request; |
| + request.SetString("type", "sign_helper_request"); |
| + request.SetInteger("timeout", timeout); |
| + |
| + base::ListValue* sign_requests = new base::ListValue(); |
| + request.Set("signData", sign_requests); |
| + |
| + for (int i = 0; i < request_count; ++i) { |
| + scoped_ptr<BlobReader> sign_request; |
| + std::string version; |
| + std::string challenge_hash; |
| + std::string origin_hash; |
| + std::string key_handle; |
| + |
| + result = result && blob->ReadBlobReader(&sign_request); |
| + result = result && sign_request->ReadString(&version); |
| + result = result && sign_request->ReadString(&challenge_hash); |
| + result = result && sign_request->ReadString(&origin_hash); |
| + result = result && sign_request->ReadString(&key_handle); |
| + if (!result) { |
| + return false; |
| + } |
| + |
| + std::string encoded_origin_hash; |
| + std::string encoded_challenge_hash; |
| + std::string encoded_key_handle; |
| + |
| + WebSafeBase64Encode(origin_hash, &encoded_origin_hash); |
| + WebSafeBase64Encode(challenge_hash, &encoded_challenge_hash); |
| + WebSafeBase64Encode(key_handle, &encoded_key_handle); |
| + |
| + base::DictionaryValue* request = new base::DictionaryValue(); |
| + request->SetString("appIdHash", encoded_origin_hash); |
| + request->SetString("challengeHash", encoded_challenge_hash); |
| + request->SetString("keyHandle", encoded_key_handle); |
| + request->SetString("version", version); |
| + sign_requests->Append(request); |
| + } |
| + |
| + base::JSONWriter::Write(&request, json); |
| + return true; |
| +} |
| + |
| +void GnubbyUtils::GetResponseFromJson(std::string json, std::string* data) { |
| + data->erase(); |
| + |
| + scoped_ptr<base::Value> json_value(base::JSONReader::Read(json)); |
| + base::DictionaryValue* reply; |
| + if (json_value && json_value->GetAsDictionary(&reply)) { |
| + BlobWriter response; |
| + response.WriteByte(kSsh2AgentcGnubbySignResponse); |
| + |
| + int code; |
| + bool result = reply->GetInteger("code", &code); |
| + if (result && code == 0) { |
| + response.WriteSize(code); |
| + |
| + std::string type; |
| + base::DictionaryValue* reply_data; |
| + result = reply->GetString("type", &type); |
| + result = result && type == "sign_helper_reply"; |
| + result = result && reply->GetDictionary("responseData", &reply_data); |
| + if (result) { |
| + BlobWriter tmp; |
| + std::string version; |
| + result = reply_data->GetString("version", &version); |
| + if (result) { |
| + tmp.WriteString(version); |
| + } else { |
| + tmp.WriteSize(0); |
| + } |
| + |
| + std::string challenge_hash; |
| + std::string app_id_hash; |
| + std::string key_handle; |
| + std::string signature_data; |
| + |
| + result = DecodeDataFromDictionary( |
| + *reply_data, "challengeHash", &challenge_hash); |
| + result = result && DecodeDataFromDictionary( |
| + *reply_data, "appIdHash", &app_id_hash); |
| + result = result && DecodeDataFromDictionary( |
| + *reply_data, "keyHandle", &key_handle); |
| + result = result && DecodeDataFromDictionary( |
| + *reply_data, "signatureData", &signature_data); |
| + |
| + if (result) { |
| + tmp.WriteString(challenge_hash); |
| + tmp.WriteString(app_id_hash); |
| + tmp.WriteString(key_handle); |
| + tmp.WriteString(signature_data); |
| + } |
| + response.WriteBlobWriter(tmp); |
| + } |
| + } else { |
| + response.WriteSize(kGnubbyResponseFail); |
| + } |
| + |
| + BlobWriter ssh_response; |
| + ssh_response.WriteBlobWriter(response); |
| + ssh_response.GetData(data); |
| + |
| + if (!result) { |
| + HOST_LOG << "Failed to create valid blob from json"; |
| + } |
| + } else { |
| + HOST_LOG << "Could not parse json: " << json; |
| + } |
| +} |
| + |
| +void GnubbyUtils::WebSafeBase64Encode(const std::string& data, |
| + std::string* encoded_data) { |
| + base::Base64Encode(data, encoded_data); |
| + |
| + std::replace(encoded_data->begin(), encoded_data->end(), '+', '-'); |
| + std::replace(encoded_data->begin(), encoded_data->end(), '/', '_'); |
| + encoded_data->erase( |
| + std::remove(encoded_data->begin(), encoded_data->end(), '='), |
| + encoded_data->end()); |
| +} |
| + |
| +void GnubbyUtils::WebSafeBase64Decode(const std::string& encoded_data, |
| + std::string* data) { |
| + std::string temp(encoded_data); |
| + std::replace(temp.begin(), temp.end(), '-', '+'); |
| + std::replace(temp.begin(), temp.end(), '_', '/'); |
| + |
| + int num_equals = temp.length() % 3; |
| + for (int i = 0; i < num_equals; ++i) { |
| + temp += "="; |
| + } |
| + |
| + base::Base64Decode(temp, data); |
| +} |
| + |
| +bool GnubbyUtils::DecodeDataFromDictionary( |
| + const base::DictionaryValue& dictionary, |
| + const std::string& path, |
| + std::string* data) { |
| + std::string encoded_data; |
| + bool result = dictionary.GetString(path, &encoded_data); |
| + if (result) { |
| + WebSafeBase64Decode(encoded_data, data); |
| + } else { |
| + HOST_LOG << "Failed to get dictionary value " << path; |
| + data->erase(); |
| + } |
| + return result; |
| +} |
| + |
| +} // namespace remoting |
