// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "remoting/protocol/authentication_method.h" #include "base/base64.h" #include "base/logging.h" #include "crypto/hmac.h" #include "remoting/protocol/auth_util.h" namespace remoting { namespace protocol { // static AuthenticationMethod AuthenticationMethod::Invalid() { return AuthenticationMethod(); } // static AuthenticationMethod AuthenticationMethod::Spake2(HashFunction hash_function) { return AuthenticationMethod(SPAKE2, hash_function); } // static AuthenticationMethod AuthenticationMethod::ThirdParty() { return AuthenticationMethod(THIRD_PARTY, NONE); } // static AuthenticationMethod AuthenticationMethod::FromString( const std::string& value) { if (value == "spake2_plain") { return Spake2(NONE); } else if (value == "spake2_hmac") { return Spake2(HMAC_SHA256); } else if (value == "third_party") { return ThirdParty(); } else { return AuthenticationMethod::Invalid(); } } // static std::string AuthenticationMethod::ApplyHashFunction( HashFunction hash_function, const std::string& tag, const std::string& shared_secret) { switch (hash_function) { case NONE: return shared_secret; break; case HMAC_SHA256: { crypto::HMAC response(crypto::HMAC::SHA256); if (!response.Init(tag)) { LOG(FATAL) << "HMAC::Init failed"; } unsigned char out_bytes[kSharedSecretHashLength]; if (!response.Sign(shared_secret, out_bytes, sizeof(out_bytes))) { LOG(FATAL) << "HMAC::Sign failed"; } return std::string(out_bytes, out_bytes + sizeof(out_bytes)); } } NOTREACHED(); return shared_secret; } AuthenticationMethod::AuthenticationMethod() : type_(INVALID), hash_function_(NONE) { } AuthenticationMethod::AuthenticationMethod(MethodType type, HashFunction hash_function) : type_(type), hash_function_(hash_function) { DCHECK_NE(type_, INVALID); } AuthenticationMethod::HashFunction AuthenticationMethod::hash_function() const { DCHECK(is_valid()); return hash_function_; } const std::string AuthenticationMethod::ToString() const { DCHECK(is_valid()); if (type_ == THIRD_PARTY) return "third_party"; DCHECK_EQ(type_, SPAKE2); switch (hash_function_) { case NONE: return "spake2_plain"; case HMAC_SHA256: return "spake2_hmac"; } return "invalid"; } bool AuthenticationMethod::operator ==( const AuthenticationMethod& other) const { return type_ == other.type_ && hash_function_ == other.hash_function_; } bool SharedSecretHash::Parse(const std::string& as_string) { size_t separator = as_string.find(':'); if (separator == std::string::npos) return false; std::string function_name = as_string.substr(0, separator); if (function_name == "plain") { hash_function = AuthenticationMethod::NONE; } else if (function_name == "hmac") { hash_function = AuthenticationMethod::HMAC_SHA256; } else { return false; } if (!base::Base64Decode(as_string.substr(separator + 1), &value)) { return false; } return true; } } // namespace protocol } // namespace remoting