1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ 6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ 7 8 #include <string> 9 10 #include "base/callback.h" 11 #include "base/memory/ref_counted.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "base/threading/non_thread_safe.h" 14 #include "remoting/protocol/channel_authenticator.h" 15 16 namespace net { 17 class CertVerifier; 18 class DrainableIOBuffer; 19 class GrowableIOBuffer; 20 class SSLSocket; 21 class TransportSecurityState; 22 } // namespace net 23 24 namespace remoting { 25 26 class RsaKeyPair; 27 28 namespace protocol { 29 30 // SslHmacChannelAuthenticator implements ChannelAuthenticator that 31 // secures channels using SSL and authenticates them with a shared 32 // secret HMAC. 33 class SslHmacChannelAuthenticator : public ChannelAuthenticator, 34 public base::NonThreadSafe { 35 public: 36 enum LegacyMode { 37 NONE, 38 SEND_ONLY, 39 RECEIVE_ONLY, 40 }; 41 42 // CreateForClient() and CreateForHost() create an authenticator 43 // instances for client and host. |auth_key| specifies shared key 44 // known by both host and client. In case of V1Authenticator the 45 // |auth_key| is set to access code. For EKE-based authentication 46 // |auth_key| is the key established using EKE over the signaling 47 // channel. 48 static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient( 49 const std::string& remote_cert, 50 const std::string& auth_key); 51 52 static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost( 53 const std::string& local_cert, 54 scoped_refptr<RsaKeyPair> key_pair, 55 const std::string& auth_key); 56 57 virtual ~SslHmacChannelAuthenticator(); 58 59 // ChannelAuthenticator interface. 60 virtual void SecureAndAuthenticate( 61 scoped_ptr<net::StreamSocket> socket, 62 const DoneCallback& done_callback) OVERRIDE; 63 64 private: 65 SslHmacChannelAuthenticator(const std::string& auth_key); 66 67 bool is_ssl_server(); 68 69 void OnConnected(int result); 70 71 void WriteAuthenticationBytes(bool* callback_called); 72 void OnAuthBytesWritten(int result); 73 bool HandleAuthBytesWritten(int result, bool* callback_called); 74 75 void ReadAuthenticationBytes(); 76 void OnAuthBytesRead(int result); 77 bool HandleAuthBytesRead(int result); 78 bool VerifyAuthBytes(const std::string& received_auth_bytes); 79 80 void CheckDone(bool* callback_called); 81 void NotifyError(int error); 82 83 // The mutual secret used for authentication. 84 std::string auth_key_; 85 86 // Used in the SERVER mode only. 87 std::string local_cert_; 88 scoped_refptr<RsaKeyPair> local_key_pair_; 89 90 // Used in the CLIENT mode only. 91 std::string remote_cert_; 92 scoped_ptr<net::CertVerifier> cert_verifier_; 93 scoped_ptr<net::TransportSecurityState> transport_security_state_; 94 95 scoped_ptr<net::SSLSocket> socket_; 96 DoneCallback done_callback_; 97 98 scoped_refptr<net::DrainableIOBuffer> auth_write_buf_; 99 scoped_refptr<net::GrowableIOBuffer> auth_read_buf_; 100 101 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator); 102 }; 103 104 } // namespace protocol 105 } // namespace remoting 106 107 #endif // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ 108