// Copyright 2016 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "remoting/protocol/spake2_authenticator.h" #include <utility> #include "base/base64.h" #include "base/containers/span.h" #include "base/logging.h" #include "base/memory/ptr_util.h" #include "base/numerics/byte_conversions.h" #include "crypto/hmac.h" #include "crypto/secure_util.h" #include "remoting/base/constants.h" #include "remoting/base/rsa_key_pair.h" #include "remoting/protocol/ssl_hmac_channel_authenticator.h" #include "third_party/boringssl/src/include/openssl/curve25519.h" #include "third_party/libjingle_xmpp/xmllite/xmlelement.h" namespace remoting::protocol { namespace { // Each peer sends 2 messages: <spake-message> and <verification-hash>. The // content of <spake-message> is the output of SPAKE2_generate_msg() and must // be passed to SPAKE2_process_msg() on the other end. This is enough to // generate authentication key. <verification-hash> is sent to confirm that both // ends get the same authentication key (which means they both know the // password). This verification hash is calculated in // CalculateVerificationHash() as follows: // HMAC_SHA256(auth_key, ("host"|"client") + local_jid.length() + local_jid + // remote_jid.length() + remote_jid) // where auth_key is the key produced by SPAKE2. const jingle_xmpp::StaticQName kSpakeMessageTag = …; const jingle_xmpp::StaticQName kVerificationHashTag = …; const jingle_xmpp::StaticQName kCertificateTag = …; std::unique_ptr<jingle_xmpp::XmlElement> EncodeBinaryValueToXml( const jingle_xmpp::StaticQName& qname, const std::string& content) { … } // Finds tag named |qname| in base_message and decodes it from base64 and stores // in |data|. If the element is not present then found is set to false otherwise // it's set to true. If the element is there and it's content couldn't be // decoded then false is returned. bool DecodeBinaryValueFromXml(const jingle_xmpp::XmlElement* message, const jingle_xmpp::QName& qname, bool* found, std::string* data) { … } std::string PrefixWithLength(const std::string& str) { … } } // namespace // static std::unique_ptr<Authenticator> Spake2Authenticator::CreateForClient( const std::string& local_id, const std::string& remote_id, const std::string& shared_secret, Authenticator::State initial_state) { … } // static std::unique_ptr<Authenticator> Spake2Authenticator::CreateForHost( const std::string& local_id, const std::string& remote_id, const std::string& local_cert, scoped_refptr<RsaKeyPair> key_pair, const std::string& shared_secret, Authenticator::State initial_state) { … } Spake2Authenticator::Spake2Authenticator(const std::string& local_id, const std::string& remote_id, const std::string& shared_secret, bool is_host, Authenticator::State initial_state) : … { … } Spake2Authenticator::~Spake2Authenticator() { … } CredentialsType Spake2Authenticator::credentials_type() const { … } const Authenticator& Spake2Authenticator::implementing_authenticator() const { … } Authenticator::State Spake2Authenticator::state() const { … } bool Spake2Authenticator::started() const { … } Authenticator::RejectionReason Spake2Authenticator::rejection_reason() const { … } void Spake2Authenticator::ProcessMessage(const jingle_xmpp::XmlElement* message, base::OnceClosure resume_callback) { … } void Spake2Authenticator::ProcessMessageInternal( const jingle_xmpp::XmlElement* message) { … } std::unique_ptr<jingle_xmpp::XmlElement> Spake2Authenticator::GetNextMessage() { … } const std::string& Spake2Authenticator::GetAuthKey() const { … } std::unique_ptr<ChannelAuthenticator> Spake2Authenticator::CreateChannelAuthenticator() const { … } std::string Spake2Authenticator::CalculateVerificationHash( bool from_host, const std::string& local_id, const std::string& remote_id) { … } } // namespace remoting::protocol
Codebase Browser
chromium