1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ 6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ 7 8 #include <string> 9 10 #include "base/callback.h" 11 #include "base/memory/ref_counted.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "base/threading/non_thread_safe.h" 14 #include "remoting/protocol/channel_authenticator.h" 15 16 namespace net { 17 class DrainableIOBuffer; 18 class GrowableIOBuffer; 19 class SSLSocket; 20 class TransportSecurityState; 21 } // namespace net 22 23 namespace remoting { 24 25 class RsaKeyPair; 26 27 namespace protocol { 28 29 // SslHmacChannelAuthenticator implements ChannelAuthenticator that 30 // secures channels using SSL and authenticates them with a shared 31 // secret HMAC. 32 class SslHmacChannelAuthenticator : public ChannelAuthenticator, 33 public base::NonThreadSafe { 34 public: 35 enum LegacyMode { 36 NONE, 37 SEND_ONLY, 38 RECEIVE_ONLY, 39 }; 40 41 // CreateForClient() and CreateForHost() create an authenticator 42 // instances for client and host. |auth_key| specifies shared key 43 // known by both host and client. In case of V1Authenticator the 44 // |auth_key| is set to access code. For EKE-based authentication 45 // |auth_key| is the key established using EKE over the signaling 46 // channel. 47 static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient( 48 const std::string& remote_cert, 49 const std::string& auth_key); 50 51 static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost( 52 const std::string& local_cert, 53 scoped_refptr<RsaKeyPair> key_pair, 54 const std::string& auth_key); 55 56 virtual ~SslHmacChannelAuthenticator(); 57 58 // ChannelAuthenticator interface. 59 virtual void SecureAndAuthenticate( 60 scoped_ptr<net::StreamSocket> socket, 61 const DoneCallback& done_callback) OVERRIDE; 62 63 private: 64 SslHmacChannelAuthenticator(const std::string& auth_key); 65 66 bool is_ssl_server(); 67 68 void OnConnected(int result); 69 70 void WriteAuthenticationBytes(bool* callback_called); 71 void OnAuthBytesWritten(int result); 72 bool HandleAuthBytesWritten(int result, bool* callback_called); 73 74 void ReadAuthenticationBytes(); 75 void OnAuthBytesRead(int result); 76 bool HandleAuthBytesRead(int result); 77 bool VerifyAuthBytes(const std::string& received_auth_bytes); 78 79 void CheckDone(bool* callback_called); 80 void NotifyError(int error); 81 void CallDoneCallback(int error, scoped_ptr<net::StreamSocket> socket); 82 83 // The mutual secret used for authentication. 84 std::string auth_key_; 85 86 // Used in the SERVER mode only. 87 std::string local_cert_; 88 scoped_refptr<RsaKeyPair> local_key_pair_; 89 90 // Used in the CLIENT mode only. 91 std::string remote_cert_; 92 scoped_ptr<net::TransportSecurityState> transport_security_state_; 93 94 scoped_ptr<net::SSLSocket> socket_; 95 DoneCallback done_callback_; 96 97 scoped_refptr<net::DrainableIOBuffer> auth_write_buf_; 98 scoped_refptr<net::GrowableIOBuffer> auth_read_buf_; 99 100 DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator); 101 }; 102 103 } // namespace protocol 104 } // namespace remoting 105 106 #endif // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_ 107