1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5// AuthenticationMethod represents an authentication algorithm and its 6// configuration. It knows how to parse and format authentication 7// method names. 8// Currently the following methods are supported: 9// spake2_plain - SPAKE2 without hashing applied to the password. 10// spake2_hmac - SPAKE2 with HMAC hashing of the password. 11 12#ifndef REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ 13#define REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ 14 15#include <string> 16 17namespace remoting { 18namespace protocol { 19 20class Authenticator; 21 22class AuthenticationMethod { 23 public: 24 enum MethodType { 25 INVALID, 26 SPAKE2, 27 SPAKE2_PAIR, 28 THIRD_PARTY 29 }; 30 31 enum HashFunction { 32 NONE, 33 HMAC_SHA256, 34 }; 35 36 // Constructors for various authentication methods. 37 static AuthenticationMethod Invalid(); 38 static AuthenticationMethod Spake2(HashFunction hash_function); 39 static AuthenticationMethod Spake2Pair(); 40 static AuthenticationMethod ThirdParty(); 41 42 // Parses a string that defines an authentication method. Returns an 43 // invalid value if the string is invalid. 44 static AuthenticationMethod FromString(const std::string& value); 45 46 // Applies the specified hash function to |shared_secret| with the 47 // specified |tag| as a key. 48 static std::string ApplyHashFunction(HashFunction hash_function, 49 const std::string& tag, 50 const std::string& shared_secret); 51 52 bool is_valid() const { return type_ != INVALID; } 53 54 MethodType type() const { return type_; } 55 56 // Following methods are valid only when is_valid() returns true. 57 58 // Hash function applied to the shared secret on both ends. 59 HashFunction hash_function() const; 60 61 // Returns string representation of the value stored in this object. 62 const std::string ToString() const; 63 64 // Comparison operators so that std::find() can be used with 65 // collections of this class. 66 bool operator ==(const AuthenticationMethod& other) const; 67 bool operator !=(const AuthenticationMethod& other) const { 68 return !(*this == other); 69 } 70 71 protected: 72 AuthenticationMethod(); 73 AuthenticationMethod(MethodType type, HashFunction hash_function); 74 75 MethodType type_; 76 HashFunction hash_function_; 77}; 78 79// SharedSecretHash stores hash of a host secret paired with the type 80// of the hashing function. 81struct SharedSecretHash { 82 AuthenticationMethod::HashFunction hash_function; 83 std::string value; 84 85 // Parse string representation of a shared secret hash. The |as_string| 86 // must be in form "<hash_function>:<hash_value_base64>". 87 bool Parse(const std::string& as_string); 88}; 89 90} // namespace protocol 91} // namespace remoting 92 93#endif // REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_ 94