File: auth_util.cc

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (69 lines) | stat: -rw-r--r-- 2,255 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include "remoting/protocol/auth_util.h"

#include "base/base64.h"
#include "base/logging.h"
#include "base/strings/string_util.h"
#include "crypto/hmac.h"
#include "crypto/sha2.h"
#include "net/base/net_errors.h"
#include "net/socket/ssl_socket.h"

namespace remoting::protocol {

const char kClientAuthSslExporterLabel[] =
    "EXPORTER-remoting-channel-auth-client";
const char kHostAuthSslExporterLabel[] = "EXPORTER-remoting-channel-auth-host";

const char kSslFakeHostName[] = "chromoting";

std::string GetSharedSecretHash(const std::string& tag,
                                const std::string& shared_secret) {
  crypto::HMAC response(crypto::HMAC::SHA256);
  if (!response.Init(tag)) {
    LOG(FATAL) << "HMAC::Init failed";
  }

  unsigned char out_bytes[kSharedSecretHashLength];
  if (!response.Sign(shared_secret, out_bytes, sizeof(out_bytes))) {
    LOG(FATAL) << "HMAC::Sign failed";
  }

  return std::string(out_bytes, out_bytes + sizeof(out_bytes));
}

// static
std::string GetAuthBytes(net::SSLSocket* socket,
                         const std::string_view& label,
                         const std::string_view& shared_secret) {
  // Get keying material from SSL.
  std::array<uint8_t, kAuthDigestLength> key_material;
  int export_result =
      socket->ExportKeyingMaterial(label, std::nullopt, key_material);
  if (export_result != net::OK) {
    LOG(ERROR) << "Error fetching keying material: " << export_result;
    return std::string();
  }

  // Generate auth digest based on the keying material and shared secret.
  crypto::HMAC response(crypto::HMAC::SHA256);
  if (!response.Init(key_material.data(), kAuthDigestLength)) {
    NOTREACHED() << "HMAC::Init failed";
  }
  unsigned char out_bytes[kAuthDigestLength];
  if (!response.Sign(shared_secret, out_bytes, kAuthDigestLength)) {
    NOTREACHED() << "HMAC::Sign failed";
  }

  return std::string(out_bytes, out_bytes + kAuthDigestLength);
}

}  // namespace remoting::protocol