Chromium Code Reviews Chromium Code Reviews
Issue 12326090:
Third Party authentication protocol. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@host_key_pair| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/authentication_method.h" | 5 #include "remoting/protocol/authentication_method.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "crypto/hmac.h" | 9 #include "crypto/hmac.h" |
| 10 #include "remoting/protocol/auth_util.h" | 10 #include "remoting/protocol/auth_util.h" |
| 11 | 11 |
| 12 namespace remoting { | 12 namespace remoting { |
| 13 namespace protocol { | 13 namespace protocol { |
| 14 | 14 |
| 15 // static | 15 // static |
| 16 AuthenticationMethod AuthenticationMethod::Invalid() { | 16 AuthenticationMethod AuthenticationMethod::Invalid() { |
| 17 return AuthenticationMethod(); | 17 return AuthenticationMethod(); |
| 18 } | 18 } |
| 19 | 19 |
| 20 // static | 20 // static |
| 21 AuthenticationMethod AuthenticationMethod::Spake2(HashFunction hash_function) { | 21 AuthenticationMethod AuthenticationMethod::Spake2(HashFunction hash_function) { |
| 22 return AuthenticationMethod(hash_function); | 22 return AuthenticationMethod(hash_function, false); |
| 23 } | 23 } |
| 24 | 24 |
| 25 // static | 25 // static |
| 26 AuthenticationMethod AuthenticationMethod::ThirdParty() { | |
| 27 return AuthenticationMethod(NONE, true); | |
| 28 } | |
| 29 | |
| 30 // static | |
| 26 AuthenticationMethod AuthenticationMethod::FromString( | 31 AuthenticationMethod AuthenticationMethod::FromString( |
| 27 const std::string& value) { | 32 const std::string& value) { |
| 28 if (value == "spake2_plain") { | 33 if (value == "spake2_plain") { |
| 29 return Spake2(NONE); | 34 return Spake2(NONE); |
| 30 } else if (value == "spake2_hmac") { | 35 } else if (value == "spake2_hmac") { |
| 31 return Spake2(HMAC_SHA256); | 36 return Spake2(HMAC_SHA256); |
| 37 } else if (value == "third_party") { | |
| 38 return ThirdParty(); | |
| 32 } else { | 39 } else { |
| 33 return AuthenticationMethod::Invalid(); | 40 return AuthenticationMethod::Invalid(); |
| 34 } | 41 } |
| 35 } | 42 } |
| 36 | 43 |
| 37 // static | 44 // static |
| 38 std::string AuthenticationMethod::ApplyHashFunction( | 45 std::string AuthenticationMethod::ApplyHashFunction( |
| 39 HashFunction hash_function, | 46 HashFunction hash_function, |
| 40 const std::string& tag, | 47 const std::string& tag, |
| 41 const std::string& shared_secret) { | 48 const std::string& shared_secret) { |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 58 return std::string(out_bytes, out_bytes + sizeof(out_bytes)); | 65 return std::string(out_bytes, out_bytes + sizeof(out_bytes)); |
| 59 } | 66 } |
| 60 } | 67 } |
| 61 | 68 |
| 62 NOTREACHED(); | 69 NOTREACHED(); |
| 63 return shared_secret; | 70 return shared_secret; |
| 64 } | 71 } |
| 65 | 72 |
| 66 AuthenticationMethod::AuthenticationMethod() | 73 AuthenticationMethod::AuthenticationMethod() |
| 67 : invalid_(true), | 74 : invalid_(true), |
| 75 requires_token_(false), | |
| 68 hash_function_(NONE) { | 76 hash_function_(NONE) { |
| 69 } | 77 } |
| 70 | 78 |
| 71 AuthenticationMethod::AuthenticationMethod(HashFunction hash_function) | 79 AuthenticationMethod::AuthenticationMethod(HashFunction hash_function, |
| 80 bool requires_token) | |
| 72 : invalid_(false), | 81 : invalid_(false), |
| 82 requires_token_(requires_token), | |
| 73 hash_function_(hash_function) { | 83 hash_function_(hash_function) { |
| 74 } | 84 } |
| 75 | 85 |
| 76 AuthenticationMethod::HashFunction AuthenticationMethod::hash_function() const { | 86 AuthenticationMethod::HashFunction AuthenticationMethod::hash_function() const { |
| 77 DCHECK(is_valid()); | 87 DCHECK(is_valid()); |
| 78 return hash_function_; | 88 return hash_function_; |
| 79 } | 89 } |
| 80 | 90 |
| 81 const std::string AuthenticationMethod::ToString() const { | 91 const std::string AuthenticationMethod::ToString() const { |
| 82 DCHECK(is_valid()); | 92 DCHECK(is_valid()); |
| 83 | 93 |
| 94 if (requires_token_) { | |
| 95 return "third_party"; | |
|
Wez
2013/03/05 22:55:53
nit: No need for {} on single-line if.
| |
| 96 } | |
| 97 | |
| 84 switch (hash_function_) { | 98 switch (hash_function_) { |
| 85 case NONE: | 99 case NONE: |
| 86 return "spake2_plain"; | 100 return "spake2_plain"; |
| 87 case HMAC_SHA256: | 101 case HMAC_SHA256: |
| 88 return "spake2_hmac"; | 102 return "spake2_hmac"; |
| 103 default: | |
| 104 NOTREACHED(); | |
| 89 } | 105 } |
| 90 | 106 |
| 91 NOTREACHED(); | 107 return "invalid"; |
| 92 return ""; | |
| 93 } | 108 } |
| 94 | 109 |
| 95 bool AuthenticationMethod::operator ==( | 110 bool AuthenticationMethod::operator ==( |
| 96 const AuthenticationMethod& other) const { | 111 const AuthenticationMethod& other) const { |
| 97 if (!is_valid()) | 112 if (!is_valid()) |
| 98 return !other.is_valid(); | 113 return !other.is_valid(); |
| 99 if (!other.is_valid()) | 114 if (!other.is_valid()) |
| 100 return false; | 115 return false; |
| 101 return hash_function_ == other.hash_function_; | 116 return ToString() == other.ToString(); |
|
Wez
2013/03/05 22:55:53
nit: This creates two std::strings on every compar
| |
| 102 } | 117 } |
| 103 | 118 |
| 104 bool SharedSecretHash::Parse(const std::string& as_string) { | 119 bool SharedSecretHash::Parse(const std::string& as_string) { |
| 105 size_t separator = as_string.find(':'); | 120 size_t separator = as_string.find(':'); |
| 106 if (separator == std::string::npos) | 121 if (separator == std::string::npos) |
| 107 return false; | 122 return false; |
| 108 | 123 |
| 109 std::string function_name = as_string.substr(0, separator); | 124 std::string function_name = as_string.substr(0, separator); |
| 110 if (function_name == "plain") { | 125 if (function_name == "plain") { |
| 111 hash_function = AuthenticationMethod::NONE; | 126 hash_function = AuthenticationMethod::NONE; |
| 112 } else if (function_name == "hmac") { | 127 } else if (function_name == "hmac") { |
| 113 hash_function = AuthenticationMethod::HMAC_SHA256; | 128 hash_function = AuthenticationMethod::HMAC_SHA256; |
| 114 } else { | 129 } else { |
| 115 return false; | 130 return false; |
| 116 } | 131 } |
| 117 | 132 |
| 118 if (!base::Base64Decode(as_string.substr(separator + 1), &value)) { | 133 if (!base::Base64Decode(as_string.substr(separator + 1), &value)) { |
| 119 return false; | 134 return false; |
|
Wez
2013/03/05 22:55:53
nit: This shouldn't have {} either, for consistenc
| |
| 120 } | 135 } |
| 121 | 136 |
| 122 return true; | 137 return true; |
| 123 } | 138 } |
| 124 | 139 |
| 125 } // namespace protocol | 140 } // namespace protocol |
| 126 } // namespace remoting | 141 } // namespace remoting |
| OLD | NEW |
