remoting/protocol/ssl_hmac_channel_authenticator.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
   6 #define REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_
   7
   8 #include <string>
   9
  10 #include "base/callback.h"
  11 #include "base/memory/ref_counted.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "base/threading/non_thread_safe.h"
  14 #include "remoting/protocol/channel_authenticator.h"
  15
  16 namespace net {
  17 class CertVerifier;
  18 class DrainableIOBuffer;
  19 class GrowableIOBuffer;
  20 class SSLSocket;
  21 class TransportSecurityState;
  22 }  // namespace net
  23
  24 namespace remoting {
  25
  26 class RsaKeyPair;
  27
  28 namespace protocol {
  29
  30 // SslHmacChannelAuthenticator implements ChannelAuthenticator that
  31 // secures channels using SSL and authenticates them with a shared
  32 // secret HMAC.
  33 class SslHmacChannelAuthenticator : public ChannelAuthenticator,
  34                                     public base::NonThreadSafe {
  35  public:
  36   enum LegacyMode {
  37     NONE,
  38     SEND_ONLY,
  39     RECEIVE_ONLY,
  40   };
  41
  42   // CreateForClient() and CreateForHost() create an authenticator
  43   // instances for client and host. |auth_key| specifies shared key
  44   // known by both host and client. In case of V1Authenticator the
  45   // |auth_key| is set to access code. For EKE-based authentication
  46   // |auth_key| is the key established using EKE over the signaling
  47   // channel.
  48   static scoped_ptr<SslHmacChannelAuthenticator> CreateForClient(
  49       const std::string& remote_cert,
  50       const std::string& auth_key);
  51
  52   static scoped_ptr<SslHmacChannelAuthenticator> CreateForHost(
  53       const std::string& local_cert,
  54       scoped_refptr<RsaKeyPair> key_pair,
  55       const std::string& auth_key);
  56
  57   ~SslHmacChannelAuthenticator() override;
  58
  59   // ChannelAuthenticator interface.
  60   void SecureAndAuthenticate(scoped_ptr<P2PStreamSocket> socket,
  61                              const DoneCallback& done_callback) override;
  62
  63  private:
  64   SslHmacChannelAuthenticator(const std::string& auth_key);
  65
  66   bool is_ssl_server();
  67
  68   void OnConnected(int result);
  69
  70   void WriteAuthenticationBytes(bool* callback_called);
  71   void OnAuthBytesWritten(int result);
  72   bool HandleAuthBytesWritten(int result, bool* callback_called);
  73
  74   void ReadAuthenticationBytes();
  75   void OnAuthBytesRead(int result);
  76   bool HandleAuthBytesRead(int result);
  77   bool VerifyAuthBytes(const std::string& received_auth_bytes);
  78
  79   void CheckDone(bool* callback_called);
  80   void NotifyError(int error);
  81
  82   // The mutual secret used for authentication.
  83   std::string auth_key_;
  84
  85   // Used in the SERVER mode only.
  86   std::string local_cert_;
  87   scoped_refptr<RsaKeyPair> local_key_pair_;
  88
  89   // Used in the CLIENT mode only.
  90   std::string remote_cert_;
  91   scoped_ptr<net::TransportSecurityState> transport_security_state_;
  92   scoped_ptr<net::CertVerifier> cert_verifier_;
  93
  94   scoped_ptr<net::SSLSocket> socket_;
  95   DoneCallback done_callback_;
  96
  97   scoped_refptr<net::DrainableIOBuffer> auth_write_buf_;
  98   scoped_refptr<net::GrowableIOBuffer> auth_read_buf_;
  99
 100   DISALLOW_COPY_AND_ASSIGN(SslHmacChannelAuthenticator);
 101 };
 102
 103 }  // namespace protocol
 104 }  // namespace remoting
 105
 106 #endif  // REMOTING_PROTOCOL_SSL_HMAC_CHANNEL_AUTHENTICATOR_H_