remoting/protocol/ssl_hmac_channel_authenticator.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
   6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
   7
   8 #include <string>
   9
  10 #include "base/callback.h"
  11 #include "base/memory/ref_counted.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "base/threading/non_thread_safe.h"
  14 #include "remoting/protocol/channel_authenticator.h"
  15
  16 namespace net {
  17 class DrainableIOBuffer;
  18 class GrowableIOBuffer;
  19 class SSLSocket;
  20 class TransportSecurityState;
  21 }  // namespace net
  22
  23 namespace remoting {
  24
  25 class RsaKeyPair;
  26
  27 namespace protocol {
  28
  29 // SslHmacChannelAuthenticator implements ChannelAuthenticator that
  30 // secures channels using SSL and authenticates them with a shared
  31 // secret HMAC.
  32 class SslHmacChannelAuthenticator : public ChannelAuthenticator,
  33                                     public base::NonThreadSafe {
  34  public:
  35   enum LegacyMode {
  36     NONE,
  37     SEND_ONLY,
  38     RECEIVE_ONLY,
  39   };
  40
  41   // CreateForClient() and CreateForHost() create an authenticator
  42   // instances for client and host. |auth_key| specifies shared key
  43   // known by both host and client. In case of V1Authenticator the
  44   // |auth_key| is set to access code. For EKE-based authentication
  45   // |auth_key| is the key established using EKE over the signaling
  46   // channel.
  47   static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient(
  48       const std::string& remote_cert,
  49       const std::string& auth_key);
  50
  51   static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost(
  52       const std::string& local_cert,
  53       scoped_refptr<RsaKeyPair> key_pair,
  54       const std::string& auth_key);
  55
  56   ~SslHmacChannelAuthenticator() override;
  57
  58   // ChannelAuthenticator interface.
  59   void SecureAndAuthenticate(scoped_ptr<net::StreamSocket> socket,
  60                              const DoneCallback& done_callback) override;
  61
  62  private:
  63   SslHmacChannelAuthenticator(const std::string& auth_key);
  64
  65   bool is_ssl_server();
  66
  67   void OnConnected(int result);
  68
  69   void WriteAuthenticationBytes(bool* callback_called);
  70   void OnAuthBytesWritten(int result);
  71   bool HandleAuthBytesWritten(int result, bool* callback_called);
  72
  73   void ReadAuthenticationBytes();
  74   void OnAuthBytesRead(int result);
  75   bool HandleAuthBytesRead(int result);
  76   bool VerifyAuthBytes(const std::string& received_auth_bytes);
  77
  78   void CheckDone(bool* callback_called);
  79   void NotifyError(int error);
  80   void CallDoneCallback(int error, scoped_ptr<net::StreamSocket> socket);
  81
  82   // The mutual secret used for authentication.
  83   std::string auth_key_;
  84
  85   // Used in the SERVER mode only.
  86   std::string local_cert_;
  87   scoped_refptr<RsaKeyPair> local_key_pair_;
  88
  89   // Used in the CLIENT mode only.
  90   std::string remote_cert_;
  91   scoped_ptr<net::TransportSecurityState> transport_security_state_;
  92
  93   scoped_ptr<net::SSLSocket> socket_;
  94   DoneCallback done_callback_;
  95
  96   scoped_refptr<net::DrainableIOBuffer> auth_write_buf_;
  97   scoped_refptr<net::GrowableIOBuffer> auth_read_buf_;
  98
  99   DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator);
 100 };
 101
 102 }  // namespace protocol
 103 }  // namespace remoting
 104
 105 #endif  // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_