[Chromoting] Factor out common code for pin hashing.

Review URL: http://codereview.chromium.org/10243011

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@134725 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 113 insertions, 27 deletions

diff --git a/remoting/host/pin_hash.cc b/remoting/host/pin_hash.cc
new file mode 100644
index 0000000..fe17f38
--- /dev/null
+++ b/remoting/host/pin_hash.cc
@@ -0,0 +1,39 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "remoting/host/pin_hash.h"
+
+#include "base/base64.h"
+#include "base/logging.h"
+#include "remoting/protocol/authentication_method.h"
+#include "remoting/protocol/me2me_host_authenticator_factory.h"
+
+namespace remoting {
+
+std::string MakeHostPinHash(const std::string& host_id,
+                            const std::string& pin) {
+  std::string hash = protocol::AuthenticationMethod::ApplyHashFunction(
+      protocol::AuthenticationMethod::HMAC_SHA256, host_id, pin);
+  std::string hash_base64;
+  if (!base::Base64Encode(hash, &hash_base64)) {
+    LOG(FATAL) << "Base64Encode failed";
+  }
+  return "hmac:" + hash_base64;
+}
+
+bool VerifyHostPinHash(const std::string& hash,
+                       const std::string& host_id,
+                       const std::string& pin) {
+  remoting::protocol::SharedSecretHash hash_parsed;
+  if (!hash_parsed.Parse(hash)) {
+    LOG(FATAL) << "Invalid hash.";
+    return false;
+  }
+  std::string hash_calculated =
+      remoting::protocol::AuthenticationMethod::ApplyHashFunction(
+          hash_parsed.hash_function, host_id, pin);
+  return hash_calculated == hash_parsed.value;
+}
+
+}  // namespace remoting
diff --git a/remoting/host/pin_hash.h b/remoting/host/pin_hash.h
new file mode 100644
index 0000000..033ac4a
--- /dev/null
+++ b/remoting/host/pin_hash.h
@@ -0,0 +1,25 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef REMOTING_HOST_PIN_HASH_H_
+#define REMOTING_HOST_PIN_HASH_H_
+
+#include <string>
+
+namespace remoting {
+
+// Creates a Me2Me shared-secret hash, consisting of the hash method, and the
+// hashed host ID and PIN.
+std::string MakeHostPinHash(const std::string& host_id, const std::string& pin);
+
+// Extracts the hash function from the given hash, uses it to calculate the
+// hash of the given host ID and PIN, and compares that hash to the given hash.
+// Returns true if the calculated and given hashes are equal.
+bool VerifyHostPinHash(const std::string& hash,
+                       const std::string& host_id,
+                       const std::string& pin);
+
+}  // namespace remoting
+
+#endif  // REMOTING_HOST_PIN_HASH_
diff --git a/remoting/host/pin_hash_unittest.cc b/remoting/host/pin_hash_unittest.cc
new file mode 100644
index 0000000..cce48e0
--- /dev/null
+++ b/remoting/host/pin_hash_unittest.cc
@@ -0,0 +1,37 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <set>
+#include <string>
+
+#include "remoting/host/pin_hash.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace remoting {
+
+class PinHashTest : public testing::Test {
+};
+
+TEST_F(PinHashTest, KnownHashValue) {
+  std::string hash = MakeHostPinHash("Host ID", "1234");
+  ASSERT_EQ("hmac:bk6RVRFLpLO89mr4QPHSg8CemUUtI90r2F0VfvTmWLI=", hash);
+}
+
+TEST_F(PinHashTest, VerifyHostPinHash) {
+  std::string host_id1("Host ID 1");
+  std::string host_id2("Host ID 2");
+  std::string pin1("1234");
+  std::string pin2("4321");
+  ASSERT_TRUE(VerifyHostPinHash(MakeHostPinHash(host_id1, pin1),
+                                host_id1,
+                                pin1));
+  ASSERT_FALSE(VerifyHostPinHash(MakeHostPinHash(host_id1, pin1),
+                                 host_id2,
+                                 pin1));
+  ASSERT_FALSE(VerifyHostPinHash(MakeHostPinHash(host_id1, pin1),
+                                 host_id1,
+                                 pin2));
+}
+
+}  // namespace remoting
diff --git a/remoting/host/plugin/host_script_object.cc b/remoting/host/plugin/host_script_object.cc
index dae526e..760d916 100644
--- a/remoting/host/plugin/host_script_object.cc
+++ b/remoting/host/plugin/host_script_object.cc
@@ -4,7 +4,6 @@
 
 #include "remoting/host/plugin/host_script_object.h"
 
-#include "base/base64.h"
 #include "base/bind.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
@@ -23,12 +22,12 @@
 #include "remoting/host/host_key_pair.h"
 #include "remoting/host/host_secret.h"
 #include "remoting/host/it2me_host_user_interface.h"
+#include "remoting/host/pin_hash.h"
 #include "remoting/host/plugin/daemon_controller.h"
 #include "remoting/host/plugin/host_log_handler.h"
 #include "remoting/host/policy_hack/nat_policy.h"
 #include "remoting/host/register_support_host_request.h"
 #include "remoting/jingle_glue/xmpp_signal_strategy.h"
-#include "remoting/protocol/authentication_method.h"
 #include "remoting/protocol/it2me_host_authenticator_factory.h"
 
 namespace remoting {
@@ -638,15 +637,7 @@ bool HostNPScriptObject::GetPinHash(const NPVariant* args,
   }
   std::string pin = StringFromNPVariant(args[1]);
 
-  std::string hash = protocol::AuthenticationMethod::ApplyHashFunction(
-      protocol::AuthenticationMethod::HMAC_SHA256, host_id, pin);
-  std::string hash_base64;
-  bool base64_result = base::Base64Encode(hash, &hash_base64);
-  if (!base64_result) {
-    LOG(FATAL) << "Base64Encode failed";
-  }
-
-  *result = NPVariantFromString(hash_base64);
+  *result = NPVariantFromString(remoting::MakeHostPinHash(host_id, pin));
 
   return true;
 }
diff --git a/remoting/host/verify_config_window_win.cc b/remoting/host/verify_config_window_win.cc
index d2e695f..39c6a4a2 100644
--- a/remoting/host/verify_config_window_win.cc
+++ b/remoting/host/verify_config_window_win.cc
@@ -12,6 +12,7 @@
 #include "base/logging.h"
 #include "base/utf_string_conversions.h"
 #include "remoting/host/elevated_controller_resource.h"
+#include "remoting/host/pin_hash.h"
 #include "remoting/protocol/authentication_method.h"
 
 namespace remoting {
@@ -117,21 +118,8 @@ bool VerifyConfigWindowWin::VerifyHostSecretHash() {
   HWND hwndPin = GetDlgItem(hwnd_, IDC_PIN);
   CHECK(hwndPin);
   GetWindowText(hwndPin, pinWSTR.get(), kMaxPinLength);
-
-  // TODO(simonmorris): This code was copied from host_script_object.cc.
-  // Refactor to use PinIsValid(), from CL 10008092.
   std::string pin(UTF16ToUTF8(pinWSTR.get()));
-  std::string hash = protocol::AuthenticationMethod::ApplyHashFunction(
-      protocol::AuthenticationMethod::HMAC_SHA256, host_id_, pin);
-  std::string hash_base64;
-  bool base64_result = base::Base64Encode(hash, &hash_base64);
-  if (!base64_result) {
-    LOG(FATAL) << "Base64Encode failed";
-    return false;
-  }
-  hash_base64 = "hmac:" + hash_base64;
-
-  return (hash_base64 == host_secret_hash_);
+  return VerifyHostPinHash(host_secret_hash_, host_id_, pin);
 }
 
 }  // namespace remoting
diff --git a/remoting/remoting.gyp b/remoting/remoting.gyp
index ada7e81..d196b812 100644
--- a/remoting/remoting.gyp
+++ b/remoting/remoting.gyp
@@ -423,6 +423,8 @@
             'host/elevated_controller_module_win.cc',
             'host/elevated_controller_win.cc',
             'host/elevated_controller_win.h',
+            'host/pin_hash.cc',
+            'host/pin_hash.h',
             'host/verify_config_window_win.cc',
             'host/verify_config_window_win.h',
             '<(SHARED_INTERMEDIATE_DIR)/remoting/elevated_controller_version.rc'
@@ -714,6 +716,8 @@
         'host/plugin/daemon_controller.h',
         'host/daemon_controller_common_win.cc',
         'host/daemon_controller_common_win.h',
+        'host/pin_hash.cc',
+        'host/pin_hash.h',
         'host/plugin/daemon_controller_linux.cc',
         'host/plugin/daemon_controller_mac.cc',
         'host/plugin/daemon_controller_win.cc',
@@ -1576,6 +1580,8 @@
             'host/it2me_host_user_interface.h',
             'host/json_host_config_unittest.cc',
             'host/log_to_server_unittest.cc',
+            'host/pin_hash.cc',
+            'host/pin_hash_unittest.cc',
             'host/register_support_host_request_unittest.cc',
             'host/screen_recorder_unittest.cc',
             'host/server_log_entry_unittest.cc',
diff --git a/remoting/webapp/host_controller.js b/remoting/webapp/host_controller.js
index 750212e..6284a1e 100644
--- a/remoting/webapp/host_controller.js
+++ b/remoting/webapp/host_controller.js
@@ -152,7 +152,7 @@ remoting.HostController.prototype.start = function(hostPin, callback) {
 
     if (success) {
       var hostSecretHash =
-          'hmac:' + that.plugin_.getPinHash(newHostId, hostPin);
+          that.plugin_.getPinHash(newHostId, hostPin);
       var hostConfig = JSON.stringify({
           xmpp_login: remoting.oauth2.getCachedEmail(),
           oauth_refresh_token: remoting.oauth2.exportRefreshToken(),
@@ -274,7 +274,7 @@ remoting.HostController.prototype.updatePin = function(newPin, callback) {
     }
     var hostId = config['host_id'];
     var newConfig = JSON.stringify({
-        host_secret_hash: 'hmac:' + that.plugin_.getPinHash(hostId, newPin)
+        host_secret_hash: that.plugin_.getPinHash(hostId, newPin)
       });
     that.plugin_.updateDaemonConfig(newConfig, callback);
   };