OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | |
5 // AuthenticationMethod represents an authentication algorithm and its | |
6 // configuration. It knows how to parse and format authentication | |
7 // method names. | |
8 // Currently the following methods are supported: | |
9 // spake2_plain - SPAKE2 without hashing applied to the password. | |
10 // spake2_hmac - SPAKE2 with HMAC hashing of the password. | |
11 | |
12 #ifndef REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ | 4 #ifndef REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ |
13 #define REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ | 5 #define REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ |
14 | 6 |
15 #include <string> | 7 #include <string> |
16 | 8 |
17 namespace remoting { | 9 namespace remoting { |
18 namespace protocol { | 10 namespace protocol { |
19 | 11 |
20 class Authenticator; | 12 class Authenticator; |
21 | 13 |
22 class AuthenticationMethod { | 14 // AuthenticationMethod represents an authentication algorithm. |
23 public: | 15 enum class AuthenticationMethod { |
24 enum MethodType { | 16 INVALID, |
25 INVALID, | 17 SPAKE2_SHARED_SECRET_PLAIN, |
26 SPAKE2, | 18 SPAKE2_SHARED_SECRET_HMAC, |
27 SPAKE2_PAIR, | 19 SPAKE2_PAIR, |
28 THIRD_PARTY | 20 THIRD_PARTY |
29 }; | |
30 | |
31 enum HashFunction { | |
32 NONE, | |
33 HMAC_SHA256, | |
34 }; | |
35 | |
36 // Constructors for various authentication methods. | |
37 static AuthenticationMethod Invalid(); | |
38 static AuthenticationMethod Spake2(HashFunction hash_function); | |
39 static AuthenticationMethod Spake2Pair(); | |
40 static AuthenticationMethod ThirdParty(); | |
41 | |
42 // Parses a string that defines an authentication method. Returns an | |
43 // invalid value if the string is invalid. | |
44 static AuthenticationMethod FromString(const std::string& value); | |
45 | |
46 // Applies the specified hash function to |shared_secret| with the | |
47 // specified |tag| as a key. | |
48 static std::string ApplyHashFunction(HashFunction hash_function, | |
49 const std::string& tag, | |
50 const std::string& shared_secret); | |
51 | |
52 bool is_valid() const { return type_ != INVALID; } | |
53 | |
54 MethodType type() const { return type_; } | |
55 | |
56 // Following methods are valid only when is_valid() returns true. | |
57 | |
58 // Hash function applied to the shared secret on both ends. | |
59 HashFunction hash_function() const; | |
60 | |
61 // Returns string representation of the value stored in this object. | |
62 const std::string ToString() const; | |
63 | |
64 // Comparison operators so that std::find() can be used with | |
65 // collections of this class. | |
66 bool operator ==(const AuthenticationMethod& other) const; | |
67 bool operator !=(const AuthenticationMethod& other) const { | |
68 return !(*this == other); | |
69 } | |
70 | |
71 protected: | |
72 AuthenticationMethod(); | |
73 AuthenticationMethod(MethodType type, HashFunction hash_function); | |
74 | |
75 MethodType type_; | |
76 HashFunction hash_function_; | |
77 }; | 21 }; |
78 | 22 |
79 // SharedSecretHash stores hash of a host secret paired with the type | 23 enum class HashFunction { |
80 // of the hashing function. | 24 NONE, |
81 struct SharedSecretHash { | 25 HMAC_SHA256, |
82 AuthenticationMethod::HashFunction hash_function; | 26 }; |
83 std::string value; | |
84 | 27 |
85 // Parse string representation of a shared secret hash. The |as_string| | 28 // Parses a string that defines an authentication method. Returns |
86 // must be in form "<hash_function>:<hash_value_base64>". | 29 // AuthenticationMethod::INVALID if the string is invalid. |
87 bool Parse(const std::string& as_string); | 30 AuthenticationMethod ParseAuthenticationMethodString(const std::string& value); |
88 }; | 31 |
| 32 // Returns string representation of |method|. |
| 33 const std::string AuthenticationMethodToString(AuthenticationMethod method); |
| 34 |
| 35 // Returns hash function applied to the shared secret on both ends for the |
| 36 // spefied |method|. |
| 37 HashFunction GetHashFunctionForAuthenticationMethod( |
| 38 AuthenticationMethod method); |
| 39 |
| 40 // Applies the specified hash function to |shared_secret| with the |
| 41 // specified |tag| as a key. |
| 42 std::string ApplySharedSecretHashFunction(HashFunction hash_function, |
| 43 const std::string& tag, |
| 44 const std::string& shared_secret); |
89 | 45 |
90 } // namespace protocol | 46 } // namespace protocol |
91 } // namespace remoting | 47 } // namespace remoting |
92 | 48 |
93 #endif // REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ | 49 #endif // REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ |
OLD | NEW |