1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5// AuthenticationMethod represents an authentication algorithm and its
6// configuration. It knows how to parse and format authentication
7// method names.
8// Currently the following methods are supported:
9//   spake2_plain - SPAKE2 without hashing applied to the password.
10//   spake2_hmac - SPAKE2 with HMAC hashing of the password.
11
12#ifndef REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
13#define REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
14
15#include <string>
16
17namespace remoting {
18namespace protocol {
19
20class Authenticator;
21
22class AuthenticationMethod {
23 public:
24  enum MethodType {
25    INVALID,
26    SPAKE2,
27    SPAKE2_PAIR,
28    THIRD_PARTY
29  };
30
31  enum HashFunction {
32    NONE,
33    HMAC_SHA256,
34  };
35
36  // Constructors for various authentication methods.
37  static AuthenticationMethod Invalid();
38  static AuthenticationMethod Spake2(HashFunction hash_function);
39  static AuthenticationMethod Spake2Pair();
40  static AuthenticationMethod ThirdParty();
41
42  // Parses a string that defines an authentication method. Returns an
43  // invalid value if the string is invalid.
44  static AuthenticationMethod FromString(const std::string& value);
45
46  // Applies the specified hash function to |shared_secret| with the
47  // specified |tag| as a key.
48  static std::string ApplyHashFunction(HashFunction hash_function,
49                                       const std::string& tag,
50                                       const std::string& shared_secret);
51
52  bool is_valid() const { return type_ != INVALID; }
53
54  MethodType type() const { return type_; }
55
56  // Following methods are valid only when is_valid() returns true.
57
58  // Hash function applied to the shared secret on both ends.
59  HashFunction hash_function() const;
60
61  // Returns string representation of the value stored in this object.
62  const std::string ToString() const;
63
64  // Comparison operators so that std::find() can be used with
65  // collections of this class.
66  bool operator ==(const AuthenticationMethod& other) const;
67  bool operator !=(const AuthenticationMethod& other) const {
68    return !(*this == other);
69  }
70
71 protected:
72  AuthenticationMethod();
73  AuthenticationMethod(MethodType type, HashFunction hash_function);
74
75  MethodType type_;
76  HashFunction hash_function_;
77};
78
79// SharedSecretHash stores hash of a host secret paired with the type
80// of the hashing function.
81struct SharedSecretHash {
82  AuthenticationMethod::HashFunction hash_function;
83  std::string value;
84
85  // Parse string representation of a shared secret hash. The |as_string|
86  // must be in form "<hash_function>:<hash_value_base64>".
87  bool Parse(const std::string& as_string);
88};
89
90}  // namespace protocol
91}  // namespace remoting
92
93#endif  // REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
94