15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// AuthenticationMethod represents an authentication algorithm and its 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// configuration. It knows how to parse and format authentication 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// method names. 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Currently the following methods are supported: 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// spake2_plain - SPAKE2 without hashing applied to the password. 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// spake2_hmac - SPAKE2 with HMAC hashing of the password. 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace remoting { 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace protocol { 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class Authenticator; 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class AuthenticationMethod { 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) enum MethodType { 252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) INVALID, 262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) SPAKE2, 2790dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) SPAKE2_PAIR, 282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) THIRD_PARTY 292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) }; 302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enum HashFunction { 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NONE, 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HMAC_SHA256, 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Constructors for various authentication methods. 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static AuthenticationMethod Invalid(); 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static AuthenticationMethod Spake2(HashFunction hash_function); 3990dce4d38c5ff5333bea97d859d4e484e27edf0cTorne (Richard Coles) static AuthenticationMethod Spake2Pair(); 402a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) static AuthenticationMethod ThirdParty(); 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Parses a string that defines an authentication method. Returns an 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // invalid value if the string is invalid. 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static AuthenticationMethod FromString(const std::string& value); 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Applies the specified hash function to |shared_secret| with the 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // specified |tag| as a key. 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static std::string ApplyHashFunction(HashFunction hash_function, 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& tag, 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& shared_secret); 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) bool is_valid() const { return type_ != INVALID; } 532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 542a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) MethodType type() const { return type_; } 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Following methods are valid only when is_valid() returns true. 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Hash function applied to the shared secret on both ends. 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HashFunction hash_function() const; 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns string representation of the value stored in this object. 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string ToString() const; 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Comparison operators so that std::find() can be used with 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // collections of this class. 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool operator ==(const AuthenticationMethod& other) const; 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool operator !=(const AuthenticationMethod& other) const { 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return !(*this == other); 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) protected: 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AuthenticationMethod(); 732a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) AuthenticationMethod(MethodType type, HashFunction hash_function); 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) MethodType type_; 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HashFunction hash_function_; 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// SharedSecretHash stores hash of a host secret paired with the type 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// of the hashing function. 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct SharedSecretHash { 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) AuthenticationMethod::HashFunction hash_function; 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string value; 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Parse string representation of a shared secret hash. The |as_string| 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // must be in form "<hash_function>:<hash_value_base64>". 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool Parse(const std::string& as_string); 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace protocol 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace remoting 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ 94