// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "remoting/protocol/authentication_method.h"
#include "base/base64.h"
#include "base/logging.h"
#include "crypto/hmac.h"
#include "remoting/protocol/auth_util.h"
namespace remoting {
namespace protocol {
// static
AuthenticationMethod AuthenticationMethod::Invalid() {
return AuthenticationMethod();
}
// static
AuthenticationMethod AuthenticationMethod::Spake2(HashFunction hash_function) {
return AuthenticationMethod(SPAKE2, hash_function);
}
// static
AuthenticationMethod AuthenticationMethod::Spake2Pair() {
return AuthenticationMethod(SPAKE2_PAIR, HMAC_SHA256);
}
// static
AuthenticationMethod AuthenticationMethod::ThirdParty() {
return AuthenticationMethod(THIRD_PARTY, NONE);
}
// static
AuthenticationMethod AuthenticationMethod::FromString(
const std::string& value) {
if (value == "spake2_pair") {
return Spake2Pair();
} else if (value == "spake2_plain") {
return Spake2(NONE);
} else if (value == "spake2_hmac") {
return Spake2(HMAC_SHA256);
} else if (value == "third_party") {
return ThirdParty();
} else {
return AuthenticationMethod::Invalid();
}
}
// static
std::string AuthenticationMethod::ApplyHashFunction(
HashFunction hash_function,
const std::string& tag,
const std::string& shared_secret) {
switch (hash_function) {
case NONE:
return shared_secret;
break;
case HMAC_SHA256: {
crypto::HMAC response(crypto::HMAC::SHA256);
if (!response.Init(tag)) {
LOG(FATAL) << "HMAC::Init failed";
}
unsigned char out_bytes[kSharedSecretHashLength];
if (!response.Sign(shared_secret, out_bytes, sizeof(out_bytes))) {
LOG(FATAL) << "HMAC::Sign failed";
}
return std::string(out_bytes, out_bytes + sizeof(out_bytes));
}
}
NOTREACHED();
return shared_secret;
}
AuthenticationMethod::AuthenticationMethod()
: type_(INVALID),
hash_function_(NONE) {
}
AuthenticationMethod::AuthenticationMethod(MethodType type,
HashFunction hash_function)
: type_(type),
hash_function_(hash_function) {
DCHECK_NE(type_, INVALID);
}
AuthenticationMethod::HashFunction AuthenticationMethod::hash_function() const {
DCHECK(is_valid());
return hash_function_;
}
const std::string AuthenticationMethod::ToString() const {
DCHECK(is_valid());
switch (type_) {
case INVALID:
NOTREACHED();
break;
case SPAKE2_PAIR:
return "spake2_pair";
case SPAKE2:
switch (hash_function_) {
case NONE:
return "spake2_plain";
case HMAC_SHA256:
return "spake2_hmac";
}
break;
case THIRD_PARTY:
return "third_party";
}
return "invalid";
}
bool AuthenticationMethod::operator ==(
const AuthenticationMethod& other) const {
return type_ == other.type_ &&
hash_function_ == other.hash_function_;
}
bool SharedSecretHash::Parse(const std::string& as_string) {
size_t separator = as_string.find(':');
if (separator == std::string::npos)
return false;
std::string function_name = as_string.substr(0, separator);
if (function_name == "plain") {
hash_function = AuthenticationMethod::NONE;
} else if (function_name == "hmac") {
hash_function = AuthenticationMethod::HMAC_SHA256;
} else {
return false;
}
if (!base::Base64Decode(as_string.substr(separator + 1), &value)) {
return false;
}
return true;
}
} // namespace protocol
} // namespace remoting