remoting/protocol/authentication_method.cc - Issue 14793021: PairingAuthenticator implementation and plumbing.

Side by Side Diff: remoting/protocol/authentication_method.cc

Issue 14793021: PairingAuthenticator implementation and plumbing. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Reviewer comments. Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« remoting/host/remoting_me2me_host.cc ('K') | « remoting/protocol/authentication_method.h ('k') | remoting/protocol/it2me_host_authenticator_factory.cc » ('j') | remoting/protocol/negotiating_client_authenticator.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "remoting/protocol/authentication_method.h"	5 #include "remoting/protocol/authentication_method.h"

6	6

7 #include "base/base64.h"	7 #include "base/base64.h"

8 #include "base/logging.h"	8 #include "base/logging.h"

9 #include "crypto/hmac.h"	9 #include "crypto/hmac.h"

10 #include "remoting/protocol/auth_util.h"	10 #include "remoting/protocol/auth_util.h"

11	11

12 namespace remoting {	12 namespace remoting {

13 namespace protocol {	13 namespace protocol {

14	14

15 // static	15 // static

16 AuthenticationMethod AuthenticationMethod::Invalid() {	16 AuthenticationMethod AuthenticationMethod::Invalid() {

17 return AuthenticationMethod();	17 return AuthenticationMethod();

18 }	18 }

19	19

20 // static	20 // static

21 AuthenticationMethod AuthenticationMethod::Spake2(HashFunction hash_function) {	21 AuthenticationMethod AuthenticationMethod::Spake2(HashFunction hash_function) {

22 return AuthenticationMethod(SPAKE2, hash_function);	22 return AuthenticationMethod(SPAKE2, hash_function);

23 }	23 }

24	24

25 // static	25 // static

	26 AuthenticationMethod AuthenticationMethod::Spake2Pair() {

	27 return AuthenticationMethod(SPAKE2_PAIR, HMAC_SHA256);
	Sergey Ulanov 2013/05/17 01:57:17 Do we really need to hash the secret? I think we c Do we really need to hash the secret? I think we can use NONE here. It's useful for pin-based when user reuses the same pin for multiple machines. Since pairing secret generated randomly hashing it doesn't really add anything. rmsousa 2013/05/17 20:09:03 There are some cases where this falls back to the Show quoted text On 2013/05/17 01:57:17, Sergey Ulanov wrote: > Do we really need to hash the secret? I think we can use NONE here. It's useful > for pin-based when user reuses the same pin for multiple machines. Since pairing > secret generated randomly hashing it doesn't really add anything. There are some cases where this falls back to the PIN. Using HMAC_SHA256 for everything allows this method to have a consistent hashing algorithm. Jamie 2013/05/21 01:24:33 I've left it as HMAC_SHA256, for the reason Renato Show quoted text On 2013/05/17 20:09:03, rmsousa wrote: > On 2013/05/17 01:57:17, Sergey Ulanov wrote: > > Do we really need to hash the secret? I think we can use NONE here. It's > useful > > for pin-based when user reuses the same pin for multiple machines. Since > pairing > > secret generated randomly hashing it doesn't really add anything. > > There are some cases where this falls back to the PIN. Using HMAC_SHA256 for > everything allows this method to have a consistent hashing algorithm. I've left it as HMAC_SHA256, for the reason Renato mentions.
	28 }

	29

	30 // static

26 AuthenticationMethod AuthenticationMethod::ThirdParty() {	31 AuthenticationMethod AuthenticationMethod::ThirdParty() {

27 return AuthenticationMethod(THIRD_PARTY, NONE);	32 return AuthenticationMethod(THIRD_PARTY, NONE);

28 }	33 }

29	34

30 // static	35 // static

31 AuthenticationMethod AuthenticationMethod::FromString(	36 AuthenticationMethod AuthenticationMethod::FromString(

32 const std::string& value) {	37 const std::string& value) {

33 if (value == "spake2_plain") {	38 if (value == "spake2_pair") {

	39 return Spake2Pair();

	40 } else if (value == "spake2_plain") {

34 return Spake2(NONE);	41 return Spake2(NONE);

35 } else if (value == "spake2_hmac") {	42 } else if (value == "spake2_hmac") {

36 return Spake2(HMAC_SHA256);	43 return Spake2(HMAC_SHA256);

37 } else if (value == "third_party") {	44 } else if (value == "third_party") {

38 return ThirdParty();	45 return ThirdParty();

39 } else {	46 } else {

40 return AuthenticationMethod::Invalid();	47 return AuthenticationMethod::Invalid();

41 }	48 }

42 }	49 }

43	50

(...skipping 39 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
83 }	90 }

84	91

85 AuthenticationMethod::HashFunction AuthenticationMethod::hash_function() const {	92 AuthenticationMethod::HashFunction AuthenticationMethod::hash_function() const {

86 DCHECK(is_valid());	93 DCHECK(is_valid());

87 return hash_function_;	94 return hash_function_;

88 }	95 }

89	96

90 const std::string AuthenticationMethod::ToString() const {	97 const std::string AuthenticationMethod::ToString() const {

91 DCHECK(is_valid());	98 DCHECK(is_valid());

92	99

93 if (type_ == THIRD_PARTY)	100 switch (type_) {

94 return "third_party";	101 case INVALID:
	Sergey Ulanov 2013/05/17 01:57:17 This is not necessary - there is DCHECK on top. Ma This is not necessary - there is DCHECK on top. Maybe remove DCHECK and add NOTREACHED() here. Jamie 2013/05/21 01:24:33 The compiler complains if it's not handled. NOTREA Show quoted text On 2013/05/17 01:57:17, Sergey Ulanov wrote: > This is not necessary - there is DCHECK on top. Maybe remove DCHECK and add > NOTREACHED() here. The compiler complains if it's not handled. NOTREACHED is a good suggestion though. Done.
	102 break;

95	103

96 DCHECK_EQ(type_, SPAKE2);	104 case SPAKE2_PAIR:

	105 return "spake2_pair";

97	106

98 switch (hash_function_) {	107 case SPAKE2:

99 case NONE:	108 switch (hash_function_) {

100 return "spake2_plain";	109 case NONE:

101 case HMAC_SHA256:	110 return "spake2_plain";

102 return "spake2_hmac";	111 case HMAC_SHA256:

	112 return "spake2_hmac";

	113 }

	114 break;

	115

	116 case THIRD_PARTY:

	117 return "third_party";

103 }	118 }

104	119

105 return "invalid";	120 return "invalid";

106 }	121 }

107	122

108 bool AuthenticationMethod::operator ==(	123 bool AuthenticationMethod::operator ==(

109 const AuthenticationMethod& other) const {	124 const AuthenticationMethod& other) const {

110 return type_ == other.type_ &&	125 return type_ == other.type_ &&

111 hash_function_ == other.hash_function_;	126 hash_function_ == other.hash_function_;

112 }	127 }

(...skipping 14 matching lines...) Expand all Loading...
127	142

128 if (!base::Base64Decode(as_string.substr(separator + 1), &value)) {	143 if (!base::Base64Decode(as_string.substr(separator + 1), &value)) {

129 return false;	144 return false;

130 }	145 }

131	146

132 return true;	147 return true;

133 }	148 }

134	149

135 } // namespace protocol	150 } // namespace protocol

136 } // namespace remoting	151 } // namespace remoting

OLD	NEW