File: auth_util.cc

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (69 lines) | stat: -rw-r--r-- 2,255 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include "remoting/protocol/auth_util.h"

#include "base/base64.h"
#include "base/logging.h"
#include "base/strings/string_util.h"
#include "crypto/hmac.h"
#include "crypto/sha2.h"
#include "net/base/net_errors.h"
#include "net/socket/ssl_socket.h"

namespace remoting::protocol {

const char kClientAuthSslExporterLabel[] =
    "EXPORTER-remoting-channel-auth-client";
const char kHostAuthSslExporterLabel[] = "EXPORTER-remoting-channel-auth-host";

const char kSslFakeHostName[] = "chromoting";

std::string GetSharedSecretHash(const std::string& tag,
                                const std::string& shared_secret) {
  crypto::HMAC response(crypto::HMAC::SHA256);
  if (!response.Init(tag)) {
    LOG(FATAL) << "HMAC::Init failed";
  }

  unsigned char out_bytes[kSharedSecretHashLength];
  if (!response.Sign(shared_secret, out_bytes, sizeof(out_bytes))) {
    LOG(FATAL) << "HMAC::Sign failed";
  }

  return std::string(out_bytes, out_bytes + sizeof(out_bytes));
}

// static
std::string GetAuthBytes(net::SSLSocket* socket,
                         const std::string_view& label,
                         const std::string_view& shared_secret) {
  // Get keying material from SSL.
  std::array<uint8_t, kAuthDigestLength> key_material;
  int export_result =
      socket->ExportKeyingMaterial(label, std::nullopt, key_material);
  if (export_result != net::OK) {
    LOG(ERROR) << "Error fetching keying material: " << export_result;
    return std::string();
  }

  // Generate auth digest based on the keying material and shared secret.
  crypto::HMAC response(crypto::HMAC::SHA256);
  if (!response.Init(key_material.data(), kAuthDigestLength)) {
    NOTREACHED() << "HMAC::Init failed";
  }
  unsigned char out_bytes[kAuthDigestLength];
  if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) {
    NOTREACHED() << "HMAC::Sign failed";
  }

  return std::string(out_bytes, out_bytes + kAuthDigestLength);
}

}  // namespace remoting::protocol