Chromium Code Reviews Chromium Code Reviews
Issue 1547533002:
remoting: use VerifyHostPinHash() in place on IsPinValid() (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: remoting/host/mac/me2me_preference_pane.mm |
| diff --git a/remoting/host/mac/me2me_preference_pane.mm b/remoting/host/mac/me2me_preference_pane.mm |
| index de33b8bf500127561dea1a3514b6e68ca5487f81..ab020bdf431e3c294efe47fff70268a7b66e98a9 100644 |
| --- a/remoting/host/mac/me2me_preference_pane.mm |
| +++ b/remoting/host/mac/me2me_preference_pane.mm |
| @@ -21,11 +21,11 @@ |
| #include "base/posix/eintr_wrapper.h" |
| #include "remoting/host/constants_mac.h" |
| #include "remoting/host/host_config.h" |
| +#include "remoting/host/pin_hash.h" |
| #import "remoting/host/mac/me2me_preference_pane_confirm_pin.h" |
| #import "remoting/host/mac/me2me_preference_pane_disable.h" |
| #include "third_party/jsoncpp/source/include/json/reader.h" |
| #include "third_party/jsoncpp/source/include/json/writer.h" |
| -#include "third_party/modp_b64/modp_b64.h" |
| namespace { |
| @@ -46,51 +46,6 @@ bool IsConfigValid(const remoting::JsonHostConfig* config) { |
| config->GetString(remoting::kXmppLoginConfigPath, &value)); |
| } |
| -bool IsPinValid(const std::string& pin, const std::string& host_id, |
| - const std::string& host_secret_hash) { |
| - // TODO(lambroslambrou): Once the "base" target supports building for 64-bit |
| - // on Mac OS X, remove this code and replace it with |VerifyHostPinHash()| |
| - // from host/pin_hash.h. |
| - size_t separator = host_secret_hash.find(':'); |
| - if (separator == std::string::npos) |
| - return false; |
| - |
| - std::string method = host_secret_hash.substr(0, separator); |
| - if (method != "hmac") { |
| - NSLog(@"Authentication method '%s' not supported", method.c_str()); |
| - return false; |
| - } |
| - |
| - std::string hash_base64 = host_secret_hash.substr(separator + 1); |
| - |
| - // Convert |hash_base64| to |hash|, based on code from base/base64.cc. |
| - int hash_base64_size = static_cast<int>(hash_base64.size()); |
| - std::string hash; |
| - hash.resize(modp_b64_decode_len(hash_base64_size)); |
| - |
| - // modp_b64_decode_len() returns at least 1, so hash[0] is safe here. |
| - int hash_size = modp_b64_decode(&(hash[0]), hash_base64.data(), |
| - hash_base64_size); |
| - if (hash_size < 0) { |
| - NSLog(@"Failed to parse host_secret_hash"); |
| - return false; |
| - } |
| - hash.resize(hash_size); |
| - |
| - std::string computed_hash; |
| - computed_hash.resize(CC_SHA256_DIGEST_LENGTH); |
| - |
| - CCHmac(kCCHmacAlgSHA256, |
| - host_id.data(), host_id.size(), |
| - pin.data(), pin.size(), |
| - &(computed_hash[0])); |
| - |
| - // Normally, a constant-time comparison function would be used, but it is |
| - // unnecessary here as the "secret" is already readable by the user |
| - // supplying input to this routine. |
| - return computed_hash == hash; |
| -} |
| - |
| } // namespace |
| // These methods are copied from base/mac, but with the logging changed to use |
| @@ -341,7 +296,7 @@ std::string JsonHostConfig::GetSerializedData() const { |
| [self showError]; |
| return; |
| } |
| - if (!IsPinValid(pin_utf8, host_id, host_secret_hash)) { |
| + if (!remoting::VerifyHostPinHash(pin_utf8, host_id, host_secret_hash)) { |
|
nicholss
2016/02/03 22:33:45
The arguments are flipped here. I will have a CL t
|
| [self showIncorrectPinMessage]; |
| return; |
| } |
