remoting/protocol/ssl_hmac_channel_authenticator.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
   6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
   7
   8 #include <string>
   9
  10 #include "base/callback.h"
  11 #include "base/memory/ref_counted.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "base/threading/non_thread_safe.h"
  14 #include "remoting/protocol/channel_authenticator.h"
  15
  16 namespace net {
  17 class CertVerifier;
  18 class DrainableIOBuffer;
  19 class GrowableIOBuffer;
  20 class SSLSocket;
  21 class TransportSecurityState;
  22 }  // namespace net
  23
  24 namespace remoting {
  25
  26 class RsaKeyPair;
  27
  28 namespace protocol {
  29
  30 // SslHmacChannelAuthenticator implements ChannelAuthenticator that
  31 // secures channels using SSL and authenticates them with a shared
  32 // secret HMAC.
  33 class SslHmacChannelAuthenticator : public ChannelAuthenticator,
  34                                     public base::NonThreadSafe {
  35  public:
  36   enum LegacyMode {
  37     NONE,
  38     SEND_ONLY,
  39     RECEIVE_ONLY,
  40   };
  41
  42   // CreateForClient() and CreateForHost() create an authenticator
  43   // instances for client and host. |auth_key| specifies shared key
  44   // known by both host and client. In case of V1Authenticator the
  45   // |auth_key| is set to access code. For EKE-based authentication
  46   // |auth_key| is the key established using EKE over the signaling
  47   // channel.
  48   static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient(
  49       const std::string& remote_cert,
  50       const std::string& auth_key);
  51
  52   static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost(
  53       const std::string& local_cert,
  54       scoped_refptr<RsaKeyPair> key_pair,
  55       const std::string& auth_key);
  56
  57   virtual ~SslHmacChannelAuthenticator();
  58
  59   // ChannelAuthenticator interface.
  60   virtual void SecureAndAuthenticate(
  61       scoped_ptr<net::StreamSocket> socket,
  62       const DoneCallback& done_callback) OVERRIDE;
  63
  64  private:
  65   SslHmacChannelAuthenticator(const std::string& auth_key);
  66
  67   bool is_ssl_server();
  68
  69   void OnConnected(int result);
  70
  71   void WriteAuthenticationBytes(bool* callback_called);
  72   void OnAuthBytesWritten(int result);
  73   bool HandleAuthBytesWritten(int result, bool* callback_called);
  74
  75   void ReadAuthenticationBytes();
  76   void OnAuthBytesRead(int result);
  77   bool HandleAuthBytesRead(int result);
  78   bool VerifyAuthBytes(const std::string& received_auth_bytes);
  79
  80   void CheckDone(bool* callback_called);
  81   void NotifyError(int error);
  82
  83   // The mutual secret used for authentication.
  84   std::string auth_key_;
  85
  86   // Used in the SERVER mode only.
  87   std::string local_cert_;
  88   scoped_refptr<RsaKeyPair> local_key_pair_;
  89
  90   // Used in the CLIENT mode only.
  91   std::string remote_cert_;
  92   scoped_ptr<net::CertVerifier> cert_verifier_;
  93   scoped_ptr<net::TransportSecurityState> transport_security_state_;
  94
  95   scoped_ptr<net::SSLSocket> socket_;
  96   DoneCallback done_callback_;
  97
  98   scoped_refptr<net::DrainableIOBuffer> auth_write_buf_;
  99   scoped_refptr<net::GrowableIOBuffer> auth_read_buf_;
 100
 101   DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator);
 102 };
 103
 104 }  // namespace protocol
 105 }  // namespace remoting
 106
 107 #endif  // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_