Home | History | Annotate | Download | only in protocol 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 // AuthenticationMethod represents an authentication algorithm and its
      6 // configuration. It knows how to parse and format authentication
      7 // method names.
      8 // Currently the following methods are supported:
      9 //   spake2_plain - SPAKE2 without hashing applied to the password.
     10 //   spake2_hmac - SPAKE2 with HMAC hashing of the password.
     11 
     12 #ifndef REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
     13 #define REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
     14 
     15 #include <string>
     16 
     17 namespace remoting {
     18 namespace protocol {
     19 
     20 class Authenticator;
     21 
     22 class AuthenticationMethod {
     23  public:
     24   enum MethodType {
     25     INVALID,
     26     SPAKE2,
     27     SPAKE2_PAIR,
     28     THIRD_PARTY
     29   };
     30 
     31   enum HashFunction {
     32     NONE,
     33     HMAC_SHA256,
     34   };
     35 
     36   // Constructors for various authentication methods.
     37   static AuthenticationMethod Invalid();
     38   static AuthenticationMethod Spake2(HashFunction hash_function);
     39   static AuthenticationMethod Spake2Pair();
     40   static AuthenticationMethod ThirdParty();
     41 
     42   // Parses a string that defines an authentication method. Returns an
     43   // invalid value if the string is invalid.
     44   static AuthenticationMethod FromString(const std::string& value);
     45 
     46   // Applies the specified hash function to |shared_secret| with the
     47   // specified |tag| as a key.
     48   static std::string ApplyHashFunction(HashFunction hash_function,
     49                                        const std::string& tag,
     50                                        const std::string& shared_secret);
     51 
     52   bool is_valid() const { return type_ != INVALID; }
     53 
     54   MethodType type() const { return type_; }
     55 
     56   // Following methods are valid only when is_valid() returns true.
     57 
     58   // Hash function applied to the shared secret on both ends.
     59   HashFunction hash_function() const;
     60 
     61   // Returns string representation of the value stored in this object.
     62   const std::string ToString() const;
     63 
     64   // Comparison operators so that std::find() can be used with
     65   // collections of this class.
     66   bool operator ==(const AuthenticationMethod& other) const;
     67   bool operator !=(const AuthenticationMethod& other) const {
     68     return !(*this == other);
     69   }
     70 
     71  protected:
     72   AuthenticationMethod();
     73   AuthenticationMethod(MethodType type, HashFunction hash_function);
     74 
     75   MethodType type_;
     76   HashFunction hash_function_;
     77 };
     78 
     79 // SharedSecretHash stores hash of a host secret paired with the type
     80 // of the hashing function.
     81 struct SharedSecretHash {
     82   AuthenticationMethod::HashFunction hash_function;
     83   std::string value;
     84 
     85   // Parse string representation of a shared secret hash. The |as_string|
     86   // must be in form "<hash_function>:<hash_value_base64>".
     87   bool Parse(const std::string& as_string);
     88 };
     89 
     90 }  // namespace protocol
     91 }  // namespace remoting
     92 
     93 #endif  // REMOTING_PROTOCOL_AUTHENTICATION_METHOD_H_
     94