15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "remoting/protocol/auth_util.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/base64.h" 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/logging.h" 95e3f23d412006dc4db4e659864679f29341e113fTorne (Richard Coles)#include "base/strings/string_util.h" 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/hmac.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/sha2.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_errors.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/socket/ssl_socket.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace remoting { 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace protocol { 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kClientAuthSslExporterLabel[] = 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "EXPORTER-remoting-channel-auth-client"; 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kHostAuthSslExporterLabel[] = 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) "EXPORTER-remoting-channel-auth-host"; 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char kSslFakeHostName[] = "chromoting"; 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)std::string GenerateSupportAuthToken(const std::string& jid, 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& access_code) { 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string sha256 = crypto::SHA256HashString(jid + " " + access_code); 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string sha256_base64; 29a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) base::Base64Encode(sha256, &sha256_base64); 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return sha256_base64; 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool VerifySupportAuthToken(const std::string& jid, 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& access_code, 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& auth_token) { 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string expected_token = 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) GenerateSupportAuthToken(jid, access_code); 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return expected_token == auth_token; 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)std::string GetAuthBytes(net::SSLSocket* socket, 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::StringPiece& label, 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::StringPiece& shared_secret) { 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Get keying material from SSL. 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char key_material[kAuthDigestLength]; 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int export_result = socket->ExportKeyingMaterial( 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) label, false, "", key_material, kAuthDigestLength); 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (export_result != net::OK) { 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Error fetching keying material: " << export_result; 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return std::string(); 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Generate auth digest based on the keying material and shared secret. 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) crypto::HMAC response(crypto::HMAC::SHA256); 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!response.Init(key_material, kAuthDigestLength)) { 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED() << "HMAC::Init failed"; 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return std::string(); 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char out_bytes[kAuthDigestLength]; 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) { 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTREACHED() << "HMAC::Sign failed"; 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return std::string(); 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return std::string(out_bytes, out_bytes + kAuthDigestLength); 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace protocol 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace remoting 71