• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
7 
8 #include <string>
9 
10 #include "base/callback.h"
11 #include "base/memory/ref_counted.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/threading/non_thread_safe.h"
14 #include "remoting/protocol/channel_authenticator.h"
15 
16 namespace net {
17 class DrainableIOBuffer;
18 class GrowableIOBuffer;
19 class SSLSocket;
20 class TransportSecurityState;
21 }  // namespace net
22 
23 namespace remoting {
24 
25 class RsaKeyPair;
26 
27 namespace protocol {
28 
29 // SslHmacChannelAuthenticator implements ChannelAuthenticator that
30 // secures channels using SSL and authenticates them with a shared
31 // secret HMAC.
32 class SslHmacChannelAuthenticator : public ChannelAuthenticator,
33                                     public base::NonThreadSafe {
34  public:
35   enum LegacyMode {
36     NONE,
37     SEND_ONLY,
38     RECEIVE_ONLY,
39   };
40 
41   // CreateForClient() and CreateForHost() create an authenticator
42   // instances for client and host. |auth_key| specifies shared key
43   // known by both host and client. In case of V1Authenticator the
44   // |auth_key| is set to access code. For EKE-based authentication
45   // |auth_key| is the key established using EKE over the signaling
46   // channel.
47   static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient(
48       const std::string& remote_cert,
49       const std::string& auth_key);
50 
51   static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost(
52       const std::string& local_cert,
53       scoped_refptr<RsaKeyPair> key_pair,
54       const std::string& auth_key);
55 
56   virtual ~SslHmacChannelAuthenticator();
57 
58   // ChannelAuthenticator interface.
59   virtual void SecureAndAuthenticate(
60       scoped_ptr<net::StreamSocket> socket,
61       const DoneCallback& done_callback) OVERRIDE;
62 
63  private:
64   SslHmacChannelAuthenticator(const std::string& auth_key);
65 
66   bool is_ssl_server();
67 
68   void OnConnected(int result);
69 
70   void WriteAuthenticationBytes(bool* callback_called);
71   void OnAuthBytesWritten(int result);
72   bool HandleAuthBytesWritten(int result, bool* callback_called);
73 
74   void ReadAuthenticationBytes();
75   void OnAuthBytesRead(int result);
76   bool HandleAuthBytesRead(int result);
77   bool VerifyAuthBytes(const std::string& received_auth_bytes);
78 
79   void CheckDone(bool* callback_called);
80   void NotifyError(int error);
81   void CallDoneCallback(int error, scoped_ptr<net::StreamSocket> socket);
82 
83   // The mutual secret used for authentication.
84   std::string auth_key_;
85 
86   // Used in the SERVER mode only.
87   std::string local_cert_;
88   scoped_refptr<RsaKeyPair> local_key_pair_;
89 
90   // Used in the CLIENT mode only.
91   std::string remote_cert_;
92   scoped_ptr<net::TransportSecurityState> transport_security_state_;
93 
94   scoped_ptr<net::SSLSocket> socket_;
95   DoneCallback done_callback_;
96 
97   scoped_refptr<net::DrainableIOBuffer> auth_write_buf_;
98   scoped_refptr<net::GrowableIOBuffer> auth_read_buf_;
99 
100   DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator);
101 };
102 
103 }  // namespace protocol
104 }  // namespace remoting
105 
106 #endif  // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
107