Revert of remoting: use VerifyHostPinHash() in place on IsPinValid()

remoting/host/mac/me2me_preference_pane.mm

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "remoting/host/mac/me2me_preference_pane.h"
 
 #import <Cocoa/Cocoa.h>
 #include <CommonCrypto/CommonHMAC.h>
 #include <errno.h>
 #include <launch.h>
 #import <PreferencePanes/PreferencePanes.h>
 #import <SecurityInterface/SFAuthorizationView.h>
 #include <stddef.h>
 #include <stdlib.h>
 #include <unistd.h>
 
 #include <fstream>
 
 #include "base/mac/scoped_launch_data.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/posix/eintr_wrapper.h"
 #include "remoting/host/constants_mac.h"
 #include "remoting/host/host_config.h"
-#include "remoting/host/pin_hash.h"
 #import "remoting/host/mac/me2me_preference_pane_confirm_pin.h"
 #import "remoting/host/mac/me2me_preference_pane_disable.h"
 #include "third_party/jsoncpp/source/include/json/reader.h"
 #include "third_party/jsoncpp/source/include/json/writer.h"
+#include "third_party/modp_b64/modp_b64.h"
 
 namespace {
 
 bool GetTemporaryConfigFilePath(std::string* path) {
   NSString* filename = NSTemporaryDirectory();
   if (filename == nil)
     return false;
 
   *path = [[NSString stringWithFormat:@"%@/%s",
             filename, remoting::kHostConfigFileName] UTF8String];
   return true;
 }
 
 bool IsConfigValid(const remoting::JsonHostConfig* config) {
   std::string value;
   return (config->GetString(remoting::kHostIdConfigPath, &value) &&
           config->GetString(remoting::kHostSecretHashConfigPath, &value) &&
           config->GetString(remoting::kXmppLoginConfigPath, &value));
 }
 
+bool IsPinValid(const std::string& pin, const std::string& host_id,
+                const std::string& host_secret_hash) {
+  // TODO(lambroslambrou): Once the "base" target supports building for 64-bit
+  // on Mac OS X, remove this code and replace it with |VerifyHostPinHash()|
+  // from host/pin_hash.h.
+  size_t separator = host_secret_hash.find(':');
+  if (separator == std::string::npos)
+    return false;
+
+  std::string method = host_secret_hash.substr(0, separator);
+  if (method != "hmac") {
+    NSLog(@"Authentication method '%s' not supported", method.c_str());
+    return false;
+  }
+
+  std::string hash_base64 = host_secret_hash.substr(separator + 1);
+
+  // Convert |hash_base64| to |hash|, based on code from base/base64.cc.
+  int hash_base64_size = static_cast<int>(hash_base64.size());
+  std::string hash;
+  hash.resize(modp_b64_decode_len(hash_base64_size));
+
+  // modp_b64_decode_len() returns at least 1, so hash[0] is safe here.
+  int hash_size = modp_b64_decode(&(hash[0]), hash_base64.data(),
+                                  hash_base64_size);
+  if (hash_size < 0) {
+    NSLog(@"Failed to parse host_secret_hash");
+    return false;
+  }
+  hash.resize(hash_size);
+
+  std::string computed_hash;
+  computed_hash.resize(CC_SHA256_DIGEST_LENGTH);
+
+  CCHmac(kCCHmacAlgSHA256,
+         host_id.data(), host_id.size(),
+         pin.data(), pin.size(),
+         &(computed_hash[0]));
+
+  // Normally, a constant-time comparison function would be used, but it is
+  // unnecessary here as the "secret" is already readable by the user
+  // supplying input to this routine.
+  return computed_hash == hash;
+}
+
 }  // namespace
 
 // These methods are copied from base/mac, but with the logging changed to use
 // NSLog().
 //
 // TODO(lambroslambrou): Once the "base" target supports building for 64-bit
 // on Mac OS X, remove these implementations and use the ones in base/mac.
 namespace base {
 namespace mac {
 
@@ skipping 230 matching lines @@
 
   std::string pin_utf8 = [pin UTF8String];
   std::string host_id, host_secret_hash;
   bool result = (config_->GetString(remoting::kHostIdConfigPath, &host_id) &&
                  config_->GetString(remoting::kHostSecretHashConfigPath,
                                     &host_secret_hash));
   if (!result) {
     [self showError];
     return;
   }
-  if (!VerifyHostPinHash(pin_utf8, host_id, host_secret_hash)) {
+  if (!IsPinValid(pin_utf8, host_id, host_secret_hash)) {
     [self showIncorrectPinMessage];
     return;
   }
 
   [self applyNewServiceConfig];
   [self updateUI];
 }
 
 - (void)onDisable:(id)sender {
   // Ensure the authorization token is up-to-date before using it.
@@ skipping 399 matching lines @@
   NSArray* arguments = [NSArray arrayWithObjects:@"--relaunch-prefpane", nil];
   [task setLaunchPath:command];
   [task setArguments:arguments];
   [task setStandardInput:[NSPipe pipe]];
   [task launch];
   [task release];
   [NSApp terminate:nil];
 }
 
 @end