OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/spake2_authenticator.h" | 5 #include "remoting/protocol/spake2_authenticator.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/base64.h" | 9 #include "base/base64.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/ptr_util.h" |
11 #include "base/sys_byteorder.h" | 12 #include "base/sys_byteorder.h" |
12 #include "crypto/hmac.h" | 13 #include "crypto/hmac.h" |
13 #include "crypto/secure_util.h" | 14 #include "crypto/secure_util.h" |
14 #include "remoting/base/constants.h" | 15 #include "remoting/base/constants.h" |
15 #include "remoting/base/rsa_key_pair.h" | 16 #include "remoting/base/rsa_key_pair.h" |
16 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 17 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
17 #include "third_party/boringssl/src/include/openssl/curve25519.h" | 18 #include "third_party/boringssl/src/include/openssl/curve25519.h" |
18 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" | 19 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" |
19 | 20 |
20 namespace remoting { | 21 namespace remoting { |
(...skipping 12 matching lines...) Expand all Loading... |
33 // remote_jid.length() + remote_jid) | 34 // remote_jid.length() + remote_jid) |
34 // where auth_key is the key produced by SPAKE2. | 35 // where auth_key is the key produced by SPAKE2. |
35 | 36 |
36 const buzz::StaticQName kSpakeMessageTag = {kChromotingXmlNamespace, | 37 const buzz::StaticQName kSpakeMessageTag = {kChromotingXmlNamespace, |
37 "spake-message"}; | 38 "spake-message"}; |
38 const buzz::StaticQName kVerificationHashTag = {kChromotingXmlNamespace, | 39 const buzz::StaticQName kVerificationHashTag = {kChromotingXmlNamespace, |
39 "verification-hash"}; | 40 "verification-hash"}; |
40 const buzz::StaticQName kCertificateTag = {kChromotingXmlNamespace, | 41 const buzz::StaticQName kCertificateTag = {kChromotingXmlNamespace, |
41 "certificate"}; | 42 "certificate"}; |
42 | 43 |
43 scoped_ptr<buzz::XmlElement> EncodeBinaryValueToXml( | 44 std::unique_ptr<buzz::XmlElement> EncodeBinaryValueToXml( |
44 const buzz::StaticQName& qname, | 45 const buzz::StaticQName& qname, |
45 const std::string& content) { | 46 const std::string& content) { |
46 std::string content_base64; | 47 std::string content_base64; |
47 base::Base64Encode(content, &content_base64); | 48 base::Base64Encode(content, &content_base64); |
48 | 49 |
49 scoped_ptr<buzz::XmlElement> result(new buzz::XmlElement(qname)); | 50 std::unique_ptr<buzz::XmlElement> result(new buzz::XmlElement(qname)); |
50 result->SetBodyText(content_base64); | 51 result->SetBodyText(content_base64); |
51 return result; | 52 return result; |
52 } | 53 } |
53 | 54 |
54 // Finds tag named |qname| in base_message and decodes it from base64 and stores | 55 // Finds tag named |qname| in base_message and decodes it from base64 and stores |
55 // in |data|. If the element is not present then found is set to false otherwise | 56 // in |data|. If the element is not present then found is set to false otherwise |
56 // it's set to true. If the element is there and it's content cound't be decoded | 57 // it's set to true. If the element is there and it's content cound't be decoded |
57 // then false is returned. | 58 // then false is returned. |
58 bool DecodeBinaryValueFromXml(const buzz::XmlElement* message, | 59 bool DecodeBinaryValueFromXml(const buzz::XmlElement* message, |
59 const buzz::QName& qname, | 60 const buzz::QName& qname, |
(...skipping 13 matching lines...) Expand all Loading... |
73 } | 74 } |
74 | 75 |
75 std::string PrefixWithLength(const std::string& str) { | 76 std::string PrefixWithLength(const std::string& str) { |
76 uint32_t length = base::HostToNet32(str.size()); | 77 uint32_t length = base::HostToNet32(str.size()); |
77 return std::string(reinterpret_cast<char*>(&length), sizeof(length)) + str; | 78 return std::string(reinterpret_cast<char*>(&length), sizeof(length)) + str; |
78 } | 79 } |
79 | 80 |
80 } // namespace | 81 } // namespace |
81 | 82 |
82 // static | 83 // static |
83 scoped_ptr<Authenticator> Spake2Authenticator::CreateForClient( | 84 std::unique_ptr<Authenticator> Spake2Authenticator::CreateForClient( |
84 const std::string& local_id, | 85 const std::string& local_id, |
85 const std::string& remote_id, | 86 const std::string& remote_id, |
86 const std::string& shared_secret, | 87 const std::string& shared_secret, |
87 Authenticator::State initial_state) { | 88 Authenticator::State initial_state) { |
88 return make_scoped_ptr(new Spake2Authenticator( | 89 return base::WrapUnique(new Spake2Authenticator( |
89 local_id, remote_id, shared_secret, false, initial_state)); | 90 local_id, remote_id, shared_secret, false, initial_state)); |
90 } | 91 } |
91 | 92 |
92 // static | 93 // static |
93 scoped_ptr<Authenticator> Spake2Authenticator::CreateForHost( | 94 std::unique_ptr<Authenticator> Spake2Authenticator::CreateForHost( |
94 const std::string& local_id, | 95 const std::string& local_id, |
95 const std::string& remote_id, | 96 const std::string& remote_id, |
96 const std::string& local_cert, | 97 const std::string& local_cert, |
97 scoped_refptr<RsaKeyPair> key_pair, | 98 scoped_refptr<RsaKeyPair> key_pair, |
98 const std::string& shared_secret, | 99 const std::string& shared_secret, |
99 Authenticator::State initial_state) { | 100 Authenticator::State initial_state) { |
100 scoped_ptr<Spake2Authenticator> result(new Spake2Authenticator( | 101 std::unique_ptr<Spake2Authenticator> result(new Spake2Authenticator( |
101 local_id, remote_id, shared_secret, true, initial_state)); | 102 local_id, remote_id, shared_secret, true, initial_state)); |
102 result->local_cert_ = local_cert; | 103 result->local_cert_ = local_cert; |
103 result->local_key_pair_ = key_pair; | 104 result->local_key_pair_ = key_pair; |
104 return std::move(result); | 105 return std::move(result); |
105 } | 106 } |
106 | 107 |
107 Spake2Authenticator::Spake2Authenticator(const std::string& local_id, | 108 Spake2Authenticator::Spake2Authenticator(const std::string& local_id, |
108 const std::string& remote_id, | 109 const std::string& remote_id, |
109 const std::string& shared_secret, | 110 const std::string& shared_secret, |
110 bool is_host, | 111 bool is_host, |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
240 rejection_reason_ = INVALID_CREDENTIALS; | 241 rejection_reason_ = INVALID_CREDENTIALS; |
241 return; | 242 return; |
242 } | 243 } |
243 state_ = ACCEPTED; | 244 state_ = ACCEPTED; |
244 return; | 245 return; |
245 } | 246 } |
246 | 247 |
247 state_ = MESSAGE_READY; | 248 state_ = MESSAGE_READY; |
248 } | 249 } |
249 | 250 |
250 scoped_ptr<buzz::XmlElement> Spake2Authenticator::GetNextMessage() { | 251 std::unique_ptr<buzz::XmlElement> Spake2Authenticator::GetNextMessage() { |
251 DCHECK_EQ(state(), MESSAGE_READY); | 252 DCHECK_EQ(state(), MESSAGE_READY); |
252 | 253 |
253 scoped_ptr<buzz::XmlElement> message = CreateEmptyAuthenticatorMessage(); | 254 std::unique_ptr<buzz::XmlElement> message = CreateEmptyAuthenticatorMessage(); |
254 | 255 |
255 if (!spake_message_sent_) { | 256 if (!spake_message_sent_) { |
256 if (!local_cert_.empty()) { | 257 if (!local_cert_.empty()) { |
257 message->AddElement( | 258 message->AddElement( |
258 EncodeBinaryValueToXml(kCertificateTag, local_cert_).release()); | 259 EncodeBinaryValueToXml(kCertificateTag, local_cert_).release()); |
259 } | 260 } |
260 | 261 |
261 message->AddElement( | 262 message->AddElement( |
262 EncodeBinaryValueToXml(kSpakeMessageTag, local_spake_message_) | 263 EncodeBinaryValueToXml(kSpakeMessageTag, local_spake_message_) |
263 .release()); | 264 .release()); |
(...skipping 11 matching lines...) Expand all Loading... |
275 if (state_ != ACCEPTED) { | 276 if (state_ != ACCEPTED) { |
276 state_ = WAITING_MESSAGE; | 277 state_ = WAITING_MESSAGE; |
277 } | 278 } |
278 return message; | 279 return message; |
279 } | 280 } |
280 | 281 |
281 const std::string& Spake2Authenticator::GetAuthKey() const { | 282 const std::string& Spake2Authenticator::GetAuthKey() const { |
282 return auth_key_; | 283 return auth_key_; |
283 } | 284 } |
284 | 285 |
285 scoped_ptr<ChannelAuthenticator> | 286 std::unique_ptr<ChannelAuthenticator> |
286 Spake2Authenticator::CreateChannelAuthenticator() const { | 287 Spake2Authenticator::CreateChannelAuthenticator() const { |
287 DCHECK_EQ(state(), ACCEPTED); | 288 DCHECK_EQ(state(), ACCEPTED); |
288 CHECK(!auth_key_.empty()); | 289 CHECK(!auth_key_.empty()); |
289 | 290 |
290 if (is_host_) { | 291 if (is_host_) { |
291 return SslHmacChannelAuthenticator::CreateForHost( | 292 return SslHmacChannelAuthenticator::CreateForHost( |
292 local_cert_, local_key_pair_, auth_key_); | 293 local_cert_, local_key_pair_, auth_key_); |
293 } else { | 294 } else { |
294 return SslHmacChannelAuthenticator::CreateForClient(remote_cert_, | 295 return SslHmacChannelAuthenticator::CreateForClient(remote_cert_, |
295 auth_key_); | 296 auth_key_); |
(...skipping 12 matching lines...) Expand all Loading... |
308 if (!hmac.Init(auth_key_) || | 309 if (!hmac.Init(auth_key_) || |
309 !hmac.Sign(message, reinterpret_cast<uint8_t*>(&result[0]), | 310 !hmac.Sign(message, reinterpret_cast<uint8_t*>(&result[0]), |
310 result.length())) { | 311 result.length())) { |
311 LOG(FATAL) << "Failed to calculate HMAC."; | 312 LOG(FATAL) << "Failed to calculate HMAC."; |
312 } | 313 } |
313 return result; | 314 return result; |
314 } | 315 } |
315 | 316 |
316 } // namespace protocol | 317 } // namespace protocol |
317 } // namespace remoting | 318 } // namespace remoting |
OLD | NEW |