Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(818)

Side by Side Diff: remoting/host/mac/me2me_preference_pane.mm

Issue 1547533002: remoting: use VerifyHostPinHash() in place on IsPinValid() (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: restore modp_b64_nacl as well Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #import "remoting/host/mac/me2me_preference_pane.h" 5 #import "remoting/host/mac/me2me_preference_pane.h"
6 6
7 #import <Cocoa/Cocoa.h> 7 #import <Cocoa/Cocoa.h>
8 #include <CommonCrypto/CommonHMAC.h> 8 #include <CommonCrypto/CommonHMAC.h>
9 #include <errno.h> 9 #include <errno.h>
10 #include <launch.h> 10 #include <launch.h>
11 #import <PreferencePanes/PreferencePanes.h> 11 #import <PreferencePanes/PreferencePanes.h>
12 #import <SecurityInterface/SFAuthorizationView.h> 12 #import <SecurityInterface/SFAuthorizationView.h>
13 #include <stdlib.h> 13 #include <stdlib.h>
14 #include <unistd.h> 14 #include <unistd.h>
15 15
16 #include <fstream> 16 #include <fstream>
17 17
18 #include "base/mac/scoped_launch_data.h" 18 #include "base/mac/scoped_launch_data.h"
19 #include "base/memory/scoped_ptr.h" 19 #include "base/memory/scoped_ptr.h"
20 #include "base/posix/eintr_wrapper.h" 20 #include "base/posix/eintr_wrapper.h"
21 #include "remoting/host/constants_mac.h" 21 #include "remoting/host/constants_mac.h"
22 #include "remoting/host/host_config.h" 22 #include "remoting/host/host_config.h"
23 #include "remoting/host/pin_hash.h"
23 #import "remoting/host/mac/me2me_preference_pane_confirm_pin.h" 24 #import "remoting/host/mac/me2me_preference_pane_confirm_pin.h"
24 #import "remoting/host/mac/me2me_preference_pane_disable.h" 25 #import "remoting/host/mac/me2me_preference_pane_disable.h"
25 #include "third_party/jsoncpp/source/include/json/reader.h" 26 #include "third_party/jsoncpp/source/include/json/reader.h"
26 #include "third_party/jsoncpp/source/include/json/writer.h" 27 #include "third_party/jsoncpp/source/include/json/writer.h"
27 #include "third_party/modp_b64/modp_b64.h"
28 28
29 namespace { 29 namespace {
30 30
31 bool GetTemporaryConfigFilePath(std::string* path) { 31 bool GetTemporaryConfigFilePath(std::string* path) {
32 NSString* filename = NSTemporaryDirectory(); 32 NSString* filename = NSTemporaryDirectory();
33 if (filename == nil) 33 if (filename == nil)
34 return false; 34 return false;
35 35
36 *path = [[NSString stringWithFormat:@"%@/%s", 36 *path = [[NSString stringWithFormat:@"%@/%s",
37 filename, remoting::kHostConfigFileName] UTF8String]; 37 filename, remoting::kHostConfigFileName] UTF8String];
38 return true; 38 return true;
39 } 39 }
40 40
41 bool IsConfigValid(const remoting::JsonHostConfig* config) { 41 bool IsConfigValid(const remoting::JsonHostConfig* config) {
42 std::string value; 42 std::string value;
43 return (config->GetString(remoting::kHostIdConfigPath, &value) && 43 return (config->GetString(remoting::kHostIdConfigPath, &value) &&
44 config->GetString(remoting::kHostSecretHashConfigPath, &value) && 44 config->GetString(remoting::kHostSecretHashConfigPath, &value) &&
45 config->GetString(remoting::kXmppLoginConfigPath, &value)); 45 config->GetString(remoting::kXmppLoginConfigPath, &value));
46 } 46 }
47 47
48 bool IsPinValid(const std::string& pin, const std::string& host_id,
49 const std::string& host_secret_hash) {
50 // TODO(lambroslambrou): Once the "base" target supports building for 64-bit
51 // on Mac OS X, remove this code and replace it with |VerifyHostPinHash()|
52 // from host/pin_hash.h.
53 size_t separator = host_secret_hash.find(':');
54 if (separator == std::string::npos)
55 return false;
56
57 std::string method = host_secret_hash.substr(0, separator);
58 if (method != "hmac") {
59 NSLog(@"Authentication method '%s' not supported", method.c_str());
60 return false;
61 }
62
63 std::string hash_base64 = host_secret_hash.substr(separator + 1);
64
65 // Convert |hash_base64| to |hash|, based on code from base/base64.cc.
66 int hash_base64_size = static_cast<int>(hash_base64.size());
67 std::string hash;
68 hash.resize(modp_b64_decode_len(hash_base64_size));
69
70 // modp_b64_decode_len() returns at least 1, so hash[0] is safe here.
71 int hash_size = modp_b64_decode(&(hash[0]), hash_base64.data(),
72 hash_base64_size);
73 if (hash_size < 0) {
74 NSLog(@"Failed to parse host_secret_hash");
75 return false;
76 }
77 hash.resize(hash_size);
78
79 std::string computed_hash;
80 computed_hash.resize(CC_SHA256_DIGEST_LENGTH);
81
82 CCHmac(kCCHmacAlgSHA256,
83 host_id.data(), host_id.size(),
84 pin.data(), pin.size(),
85 &(computed_hash[0]));
86
87 // Normally, a constant-time comparison function would be used, but it is
88 // unnecessary here as the "secret" is already readable by the user
89 // supplying input to this routine.
90 return computed_hash == hash;
91 }
92
93 } // namespace 48 } // namespace
94 49
95 // These methods are copied from base/mac, but with the logging changed to use 50 // These methods are copied from base/mac, but with the logging changed to use
96 // NSLog(). 51 // NSLog().
97 // 52 //
98 // TODO(lambroslambrou): Once the "base" target supports building for 64-bit 53 // TODO(lambroslambrou): Once the "base" target supports building for 64-bit
99 // on Mac OS X, remove these implementations and use the ones in base/mac. 54 // on Mac OS X, remove these implementations and use the ones in base/mac.
100 namespace base { 55 namespace base {
101 namespace mac { 56 namespace mac {
102 57
(...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after
333 288
334 std::string pin_utf8 = [pin UTF8String]; 289 std::string pin_utf8 = [pin UTF8String];
335 std::string host_id, host_secret_hash; 290 std::string host_id, host_secret_hash;
336 bool result = (config_->GetString(remoting::kHostIdConfigPath, &host_id) && 291 bool result = (config_->GetString(remoting::kHostIdConfigPath, &host_id) &&
337 config_->GetString(remoting::kHostSecretHashConfigPath, 292 config_->GetString(remoting::kHostSecretHashConfigPath,
338 &host_secret_hash)); 293 &host_secret_hash));
339 if (!result) { 294 if (!result) {
340 [self showError]; 295 [self showError];
341 return; 296 return;
342 } 297 }
343 if (!IsPinValid(pin_utf8, host_id, host_secret_hash)) { 298 if (!VerifyHostPinHash(pin_utf8, host_id, host_secret_hash)) {
344 [self showIncorrectPinMessage]; 299 [self showIncorrectPinMessage];
345 return; 300 return;
346 } 301 }
347 302
348 [self applyNewServiceConfig]; 303 [self applyNewServiceConfig];
349 [self updateUI]; 304 [self updateUI];
350 } 305 }
351 306
352 - (void)onDisable:(id)sender { 307 - (void)onDisable:(id)sender {
353 // Ensure the authorization token is up-to-date before using it. 308 // Ensure the authorization token is up-to-date before using it.
(...skipping 399 matching lines...) Expand 10 before | Expand all | Expand 10 after
753 NSArray* arguments = [NSArray arrayWithObjects:@"--relaunch-prefpane", nil]; 708 NSArray* arguments = [NSArray arrayWithObjects:@"--relaunch-prefpane", nil];
754 [task setLaunchPath:command]; 709 [task setLaunchPath:command];
755 [task setArguments:arguments]; 710 [task setArguments:arguments];
756 [task setStandardInput:[NSPipe pipe]]; 711 [task setStandardInput:[NSPipe pipe]];
757 [task launch]; 712 [task launch];
758 [task release]; 713 [task release];
759 [NSApp terminate:nil]; 714 [NSApp terminate:nil];
760 } 715 }
761 716
762 @end 717 @end
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698