Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1022)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/protocol/auth_util.cc

Issue 1768383004: Cleanup AuthenticatorMethod usage. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« remoting/protocol/auth_util.h ('K') | « remoting/protocol/auth_util.h ('k') | remoting/protocol/authentication_method.h » ('j') | remoting/protocol/negotiating_authenticator_base.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/protocol/auth_util.h" 5 #include "remoting/protocol/auth_util.h"
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/strings/string_util.h" 9 #include "base/strings/string_util.h"
10 #include "crypto/hmac.h" 10 #include "crypto/hmac.h"
11 #include "crypto/sha2.h" 11 #include "crypto/sha2.h"
12 #include "net/base/net_errors.h" 12 #include "net/base/net_errors.h"
13 #include "net/socket/ssl_socket.h" 13 #include "net/socket/ssl_socket.h"
14 14
15 namespace remoting { 15 namespace remoting {
16 namespace protocol { 16 namespace protocol {
17 17
18 const char kClientAuthSslExporterLabel[] = 18 const char kClientAuthSslExporterLabel[] =
19 "EXPORTER-remoting-channel-auth-client"; 19 "EXPORTER-remoting-channel-auth-client";
20 const char kHostAuthSslExporterLabel[] = 20 const char kHostAuthSslExporterLabel[] =
21 "EXPORTER-remoting-channel-auth-host"; 21 "EXPORTER-remoting-channel-auth-host";
22 22
23 const char kSslFakeHostName[] = "chromoting"; 23 const char kSslFakeHostName[] = "chromoting";
24 24
25 std::string GenerateSupportAuthToken(const std::string& jid, 25 std::string GetSharedSecretHash(const std::string& tag,
26 const std::string& access_code) { 26 const std::string& shared_secret) {
27 std::string sha256 = crypto::SHA256HashString(jid + " " + access_code); 27 crypto::HMAC response(crypto::HMAC::SHA256);
28 std::string sha256_base64; 28 if (!response.Init(tag)) {
29 base::Base64Encode(sha256, &sha256_base64); 29 LOG(FATAL) << "HMAC::Init failed";
30 return sha256_base64; 30 }
31 }
32 31
33 bool VerifySupportAuthToken(const std::string& jid, 32 unsigned char out_bytes[kSharedSecretHashLength];
34 const std::string& access_code, 33 if (!response.Sign(shared_secret, out_bytes, sizeof(out_bytes))) {
35 const std::string& auth_token) { 34 LOG(FATAL) << "HMAC::Sign failed";
36 std::string expected_token = 35 }
37 GenerateSupportAuthToken(jid, access_code); 36
38 return expected_token == auth_token; 37 return std::string(out_bytes, out_bytes + sizeof(out_bytes));
39 } 38 }
40 39
41 // static 40 // static
42 std::string GetAuthBytes(net::SSLSocket* socket, 41 std::string GetAuthBytes(net::SSLSocket* socket,
43 const base::StringPiece& label, 42 const base::StringPiece& label,
44 const base::StringPiece& shared_secret) { 43 const base::StringPiece& shared_secret) {
45 // Get keying material from SSL. 44 // Get keying material from SSL.
46 unsigned char key_material[kAuthDigestLength]; 45 unsigned char key_material[kAuthDigestLength];
47 int export_result = socket->ExportKeyingMaterial( 46 int export_result = socket->ExportKeyingMaterial(
48 label, false, "", key_material, kAuthDigestLength); 47 label, false, "", key_material, kAuthDigestLength);
(...skipping 12 matching lines...) Expand all
61 if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) { 60 if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) {
62 NOTREACHED() << "HMAC::Sign failed"; 61 NOTREACHED() << "HMAC::Sign failed";
63 return std::string(); 62 return std::string();
64 } 63 }
65 64
66 return std::string(out_bytes, out_bytes + kAuthDigestLength); 65 return std::string(out_bytes, out_bytes + kAuthDigestLength);
67 } 66 }
68 67
69 } // namespace protocol 68 } // namespace protocol
70 } // namespace remoting 69 } // namespace remoting
OLDNEW
« remoting/protocol/auth_util.h ('K') | « remoting/protocol/auth_util.h ('k') | remoting/protocol/authentication_method.h » ('j') | remoting/protocol/negotiating_authenticator_base.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698