remoting/protocol/authentication_method.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 // AuthenticationMethod represents an authentication algorithm and its
   6 // configuration. It knows how to parse and format authentication
   7 // method names.
   8 // Currently the following methods are supported:
   9 //   spake2_plain - SPAKE2 without hashing applied to the password.
  10 //   spake2_hmac - SPAKE2 with HMAC hashing of the password.
  11
  12 #ifndef REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
  13 #define REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
  14
  15 #include <string>
  16
  17 namespace remoting {
  18 namespace protocol {
  19
  20 class Authenticator;
  21
  22 class AuthenticationMethod {
  23  public:
  24   enum MethodType {
  25     INVALID,
  26     SPAKE2,
  27     SPAKE2_PAIR,
  28     THIRD_PARTY
  29   };
  30
  31   enum HashFunction {
  32     NONE,
  33     HMAC_SHA256,
  34   };
  35
  36   // Constructors for various authentication methods.
  37   static AuthenticationMethod Invalid();
  38   static AuthenticationMethod Spake2(HashFunction hash_function);
  39   static AuthenticationMethod Spake2Pair();
  40   static AuthenticationMethod ThirdParty();
  41
  42   // Parses a string that defines an authentication method. Returns an
  43   // invalid value if the string is invalid.
  44   static AuthenticationMethod FromString(const std::string& value);
  45
  46   // Applies the specified hash function to |shared_secret| with the
  47   // specified |tag| as a key.
  48   static std::string ApplyHashFunction(HashFunction hash_function,
  49                                        const std::string& tag,
  50                                        const std::string& shared_secret);
  51
  52   bool is_valid() const { return type_ != INVALID; }
  53
  54   MethodType type() const { return type_; }
  55
  56   // Following methods are valid only when is_valid() returns true.
  57
  58   // Hash function applied to the shared secret on both ends.
  59   HashFunction hash_function() const;
  60
  61   // Returns string representation of the value stored in this object.
  62   const std::string ToString() const;
  63
  64   // Comparison operators so that std::find() can be used with
  65   // collections of this class.
  66   bool operator ==(const AuthenticationMethod& other) const;
  67   bool operator !=(const AuthenticationMethod& other) const {
  68     return !(*this == other);
  69   }
  70
  71  protected:
  72   AuthenticationMethod();
  73   AuthenticationMethod(MethodType type, HashFunction hash_function);
  74
  75   MethodType type_;
  76   HashFunction hash_function_;
  77 };
  78
  79 // SharedSecretHash stores hash of a host secret paired with the type
  80 // of the hashing function.
  81 struct SharedSecretHash {
  82   AuthenticationMethod::HashFunction hash_function;
  83   std::string value;
  84
  85   // Parse string representation of a shared secret hash. The |as_string|
  86   // must be in form "<hash_function>:<hash_value_base64>".
  87   bool Parse(const std::string& as_string);
  88 };
  89
  90 }  // namespace protocol
  91 }  // namespace remoting
  92
  93 #endif  // REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_