diff options
| author | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-22 13:06:04 +0000 |
|---|---|---|
| committer | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-12-22 13:06:04 +0000 |
| commit | 34deb103e128d7081e1a3459c0d24c1582290dac (patch) | |
| tree | 20efa74c0213158808a815300557a6b71f26e909 /remoting/protocol/auth_util.cc | |
| parent | d6be33ef12e0768fb8c4e7ad779854f98d913840 (diff) | |
| download | chromium_src-34deb103e128d7081e1a3459c0d24c1582290dac.zip chromium_src-34deb103e128d7081e1a3459c0d24c1582290dac.tar.gz chromium_src-34deb103e128d7081e1a3459c0d24c1582290dac.tar.bz2 | |
Replace V1*ChannelAuthenticator with SslHmacChannelAuthenticator.
The new class will be used for both V1 and V2 authentication
BUG=105214
Review URL: http://codereview.chromium.org/8963005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@115519 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting/protocol/auth_util.cc')
| -rw-r--r-- | remoting/protocol/auth_util.cc | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/remoting/protocol/auth_util.cc b/remoting/protocol/auth_util.cc index 51f7af5..281dabc 100644 --- a/remoting/protocol/auth_util.cc +++ b/remoting/protocol/auth_util.cc @@ -9,12 +9,16 @@ #include "base/string_util.h" #include "crypto/hmac.h" #include "crypto/sha2.h" +#include "net/base/net_errors.h" +#include "net/socket/ssl_socket.h" namespace remoting { namespace protocol { const char kClientAuthSslExporterLabel[] = "EXPORTER-remoting-channel-auth-client"; +const char kHostAuthSslExporterLabel[] = + "EXPORTER-remoting-channel-auth-host"; const char kSslFakeHostName[] = "chromoting"; @@ -37,23 +41,31 @@ bool VerifySupportAuthToken(const std::string& jid, } // static -bool GetAuthBytes(const std::string& shared_secret, - const std::string& key_material, - std::string* auth_bytes) { +std::string GetAuthBytes(net::SSLSocket* socket, + const base::StringPiece& label, + const base::StringPiece& shared_secret) { + // Get keying material from SSL. + unsigned char key_material[kAuthDigestLength]; + int export_result = socket->ExportKeyingMaterial( + label, "", key_material, kAuthDigestLength); + if (export_result != net::OK) { + LOG(ERROR) << "Error fetching keying material: " << export_result; + return std::string(); + } + // Generate auth digest based on the keying material and shared secret. crypto::HMAC response(crypto::HMAC::SHA256); - if (!response.Init(key_material)) { + if (!response.Init(key_material, kAuthDigestLength)) { NOTREACHED() << "HMAC::Init failed"; - return false; + return std::string(); } unsigned char out_bytes[kAuthDigestLength]; if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) { NOTREACHED() << "HMAC::Sign failed"; - return false; + return std::string(); } - auth_bytes->assign(out_bytes, out_bytes + kAuthDigestLength); - return true; + return std::string(out_bytes, out_bytes + kAuthDigestLength); } } // namespace protocol |