Roll src/third_party/WebKit 3529d49:06e8485 (svn 202554:202555)
[chromium-blink-merge.git] / remoting / protocol / auth_util.cc
blob17263bfa0ede61e129d1eb47fd7f6f3c15b648f4
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "remoting/protocol/auth_util.h"
7 #include "base/base64.h"
8 #include "base/logging.h"
9 #include "base/strings/string_util.h"
10 #include "crypto/hmac.h"
11 #include "crypto/sha2.h"
12 #include "net/base/net_errors.h"
13 #include "net/socket/ssl_socket.h"
15 namespace remoting {
16 namespace protocol {
18 const char kClientAuthSslExporterLabel[] =
19 "EXPORTER-remoting-channel-auth-client";
20 const char kHostAuthSslExporterLabel[] =
21 "EXPORTER-remoting-channel-auth-host";
23 const char kSslFakeHostName[] = "chromoting";
25 std::string GenerateSupportAuthToken(const std::string& jid,
26 const std::string& access_code) {
27 std::string sha256 = crypto::SHA256HashString(jid + " " + access_code);
28 std::string sha256_base64;
29 base::Base64Encode(sha256, &sha256_base64);
30 return sha256_base64;
33 bool VerifySupportAuthToken(const std::string& jid,
34 const std::string& access_code,
35 const std::string& auth_token) {
36 std::string expected_token =
37 GenerateSupportAuthToken(jid, access_code);
38 return expected_token == auth_token;
41 // static
42 std::string GetAuthBytes(net::SSLSocket* socket,
43 const base::StringPiece& label,
44 const base::StringPiece& shared_secret) {
45 // Get keying material from SSL.
46 unsigned char key_material[kAuthDigestLength];
47 int export_result = socket->ExportKeyingMaterial(
48 label, false, "", key_material, kAuthDigestLength);
49 if (export_result != net::OK) {
50 LOG(ERROR) << "Error fetching keying material: " << export_result;
51 return std::string();
54 // Generate auth digest based on the keying material and shared secret.
55 crypto::HMAC response(crypto::HMAC::SHA256);
56 if (!response.Init(key_material, kAuthDigestLength)) {
57 NOTREACHED() << "HMAC::Init failed";
58 return std::string();
60 unsigned char out_bytes[kAuthDigestLength];
61 if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) {
62 NOTREACHED() << "HMAC::Sign failed";
63 return std::string();
66 return std::string(out_bytes, out_bytes + kAuthDigestLength);
69 } // namespace protocol
70 } // namespace remoting