OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/auth_util.h" | 5 #include "remoting/protocol/auth_util.h" |
6 | 6 |
7 #include "base/base64.h" | 7 #include "base/base64.h" |
8 #include "base/logging.h" | 8 #include "base/logging.h" |
9 #include "base/strings/string_util.h" | 9 #include "base/strings/string_util.h" |
10 #include "crypto/hmac.h" | 10 #include "crypto/hmac.h" |
11 #include "crypto/sha2.h" | 11 #include "crypto/sha2.h" |
12 #include "net/base/net_errors.h" | 12 #include "net/base/net_errors.h" |
13 #include "net/socket/ssl_socket.h" | 13 #include "net/socket/ssl_socket.h" |
14 | 14 |
15 namespace remoting { | 15 namespace remoting { |
16 namespace protocol { | 16 namespace protocol { |
17 | 17 |
18 const char kClientAuthSslExporterLabel[] = | 18 const char kClientAuthSslExporterLabel[] = |
19 "EXPORTER-remoting-channel-auth-client"; | 19 "EXPORTER-remoting-channel-auth-client"; |
20 const char kHostAuthSslExporterLabel[] = | 20 const char kHostAuthSslExporterLabel[] = |
21 "EXPORTER-remoting-channel-auth-host"; | 21 "EXPORTER-remoting-channel-auth-host"; |
22 | 22 |
23 const char kSslFakeHostName[] = "chromoting"; | 23 const char kSslFakeHostName[] = "chromoting"; |
24 | 24 |
25 std::string GenerateSupportAuthToken(const std::string& jid, | 25 std::string GetSharedSecretHash(const std::string& tag, |
26 const std::string& access_code) { | 26 const std::string& shared_secret) { |
27 std::string sha256 = crypto::SHA256HashString(jid + " " + access_code); | 27 crypto::HMAC response(crypto::HMAC::SHA256); |
28 std::string sha256_base64; | 28 if (!response.Init(tag)) { |
29 base::Base64Encode(sha256, &sha256_base64); | 29 LOG(FATAL) << "HMAC::Init failed"; |
30 return sha256_base64; | 30 } |
31 } | |
32 | 31 |
33 bool VerifySupportAuthToken(const std::string& jid, | 32 unsigned char out_bytes[kSharedSecretHashLength]; |
34 const std::string& access_code, | 33 if (!response.Sign(shared_secret, out_bytes, sizeof(out_bytes))) { |
35 const std::string& auth_token) { | 34 LOG(FATAL) << "HMAC::Sign failed"; |
36 std::string expected_token = | 35 } |
37 GenerateSupportAuthToken(jid, access_code); | 36 |
38 return expected_token == auth_token; | 37 return std::string(out_bytes, out_bytes + sizeof(out_bytes)); |
39 } | 38 } |
40 | 39 |
41 // static | 40 // static |
42 std::string GetAuthBytes(net::SSLSocket* socket, | 41 std::string GetAuthBytes(net::SSLSocket* socket, |
43 const base::StringPiece& label, | 42 const base::StringPiece& label, |
44 const base::StringPiece& shared_secret) { | 43 const base::StringPiece& shared_secret) { |
45 // Get keying material from SSL. | 44 // Get keying material from SSL. |
46 unsigned char key_material[kAuthDigestLength]; | 45 unsigned char key_material[kAuthDigestLength]; |
47 int export_result = socket->ExportKeyingMaterial( | 46 int export_result = socket->ExportKeyingMaterial( |
48 label, false, "", key_material, kAuthDigestLength); | 47 label, false, "", key_material, kAuthDigestLength); |
(...skipping 12 matching lines...) Expand all Loading... |
61 if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) { | 60 if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) { |
62 NOTREACHED() << "HMAC::Sign failed"; | 61 NOTREACHED() << "HMAC::Sign failed"; |
63 return std::string(); | 62 return std::string(); |
64 } | 63 } |
65 | 64 |
66 return std::string(out_bytes, out_bytes + kAuthDigestLength); | 65 return std::string(out_bytes, out_bytes + kAuthDigestLength); |
67 } | 66 } |
68 | 67 |
69 } // namespace protocol | 68 } // namespace protocol |
70 } // namespace remoting | 69 } // namespace remoting |
OLD | NEW |