Revert of remoting: use VerifyHostPinHash() in place on IsPinValid() (issue 1541323004 by lukasza@chromium.org)
3 views
Skip to first unread message
luk...@chromium.org
Dec 23, 2015, 9:04:36 PM12/23/15
to ser...@chromium.org, tfa...@chromium.org, chromium...@chromium.org, chromotin...@chromium.org, lambros...@chromium.org, ma...@chromium.org, jamie...@chromium.org, w...@chromium.org
Reviewers: Sergey Ulanov, tfarina
CL: https://codereview.chromium.org/1541323004/
Message:
Created Revert of remoting: use VerifyHostPinHash() in place on IsPinValid()
Description:
Revert of remoting: use VerifyHostPinHash() in place on IsPinValid()
(patchset
#6 id:100001 of https://codereview.chromium.org/1547533002/ )
Reason for revert:
Relanding still broke the build -
https://build.chromium.org/p/chromium/builders/Mac/builds/10279/steps/compile/logs/stdio:
Undefined symbols for architecture i386:
"remoting::kHostConfigFileName", referenced from:
-[Me2MePreferencePane readNewConfig] in
remoting_host_prefpane.me2me_preference_pane.i386.o
-[Me2MePreferencePane mismatchAlertDidEnd:returnCode:contextInfo:] in
remoting_host_prefpane.me2me_preference_pane.i386.o
Original issue's description:
> remoting: use VerifyHostPinHash() in place on IsPinValid()
> For over a year, we have been shipping a 64-bit version of Chrome for Mac.
> So with this statement, this patch makes the switch to
> VerifyHostPinHash() function from remoting/host/pin_hash.h, fixing the
> lambroslambrou's TODO.
> BUG=None
> R=ser...@chromium.org
> Committed: https://crrev.com/7acd392e4018d121977e2738b6e3c59f5cf418f1
> Cr-Commit-Position: refs/heads/master@{#366762}
> Committed: https://crrev.com/d433493df4b98ea006e6407590cff7a7912e16df
> Cr-Commit-Position: refs/heads/master@{#366783}
TBR=ser...@chromium.org,tfa...@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=None
Base URL: https://chromium.googlesource.com/chromium/src.git@master
Affected files (+62, -5 lines):
M remoting/host/DEPS
M remoting/host/mac/me2me_preference_pane.mm
M remoting/remoting_host_mac.gypi
Index: remoting/host/DEPS
diff --git a/remoting/host/DEPS b/remoting/host/DEPS
index
052a0c5ca705fd2987e3891f9665f35242638fb5..3abc8545dbe42bf8933ae6066acb8037b5c824d2
100644
--- a/remoting/host/DEPS
+++ b/remoting/host/DEPS
@@ -10,6 +10,7 @@
"+remoting/signaling",
"+remoting/tools",
"+third_party/jsoncpp",
+ "+third_party/modp_b64",
"+third_party/skia",
"+third_party/webrtc",
"+ui",
Index: remoting/host/mac/me2me_preference_pane.mm
diff --git a/remoting/host/mac/me2me_preference_pane.mm
b/remoting/host/mac/me2me_preference_pane.mm
index
ab020bdf431e3c294efe47fff70268a7b66e98a9..de33b8bf500127561dea1a3514b6e68ca5487f81
100644
--- a/remoting/host/mac/me2me_preference_pane.mm
+++ b/remoting/host/mac/me2me_preference_pane.mm
@@ -21,11 +21,11 @@
#include "base/posix/eintr_wrapper.h"
#include "remoting/host/constants_mac.h"
#include "remoting/host/host_config.h"
-#include "remoting/host/pin_hash.h"
#import "remoting/host/mac/me2me_preference_pane_confirm_pin.h"
#import "remoting/host/mac/me2me_preference_pane_disable.h"
#include "third_party/jsoncpp/source/include/json/reader.h"
#include "third_party/jsoncpp/source/include/json/writer.h"
+#include "third_party/modp_b64/modp_b64.h"
namespace {
@@ -44,6 +44,51 @@
return (config->GetString(remoting::kHostIdConfigPath, &value) &&
config->GetString(remoting::kHostSecretHashConfigPath, &value) &&
config->GetString(remoting::kXmppLoginConfigPath, &value));
+}
+
+bool IsPinValid(const std::string& pin, const std::string& host_id,
+ const std::string& host_secret_hash) {
+ // TODO(lambroslambrou): Once the "base" target supports building for
64-bit
+ // on Mac OS X, remove this code and replace it with |
VerifyHostPinHash()|
+ // from host/pin_hash.h.
+ size_t separator = host_secret_hash.find(':');
+ if (separator == std::string::npos)
+ return false;
+
+ std::string method = host_secret_hash.substr(0, separator);
+ if (method != "hmac") {
+ NSLog(@"Authentication method '%s' not supported", method.c_str());
+ return false;
+ }
+
+ std::string hash_base64 = host_secret_hash.substr(separator + 1);
+
+ // Convert |hash_base64| to |hash|, based on code from base/base64.cc.
+ int hash_base64_size = static_cast<int>(hash_base64.size());
+ std::string hash;
+ hash.resize(modp_b64_decode_len(hash_base64_size));
+
+ // modp_b64_decode_len() returns at least 1, so hash[0] is safe here.
+ int hash_size = modp_b64_decode(&(hash[0]), hash_base64.data(),
+ hash_base64_size);
+ if (hash_size < 0) {
+ NSLog(@"Failed to parse host_secret_hash");
+ return false;
+ }
+ hash.resize(hash_size);
+
+ std::string computed_hash;
+ computed_hash.resize(CC_SHA256_DIGEST_LENGTH);
+
+ CCHmac(kCCHmacAlgSHA256,
+ host_id.data(), host_id.size(),
+ pin.data(), pin.size(),
+ &(computed_hash[0]));
+
+ // Normally, a constant-time comparison function would be used, but it is
+ // unnecessary here as the "secret" is already readable by the user
+ // supplying input to this routine.
+ return computed_hash == hash;
}
} // namespace
@@ -296,7 +341,7 @@
[self showError];
return;
}
- if (!remoting::VerifyHostPinHash(pin_utf8, host_id, host_secret_hash)) {
+ if (!IsPinValid(pin_utf8, host_id, host_secret_hash)) {
[self showIncorrectPinMessage];
return;
}
Index: remoting/remoting_host_mac.gypi
diff --git a/remoting/remoting_host_mac.gypi
b/remoting/remoting_host_mac.gypi
index
258a6883636e331fa074276e153f889432acd763..dce3cf08b6d79024b3c02f0ff5b44dd785a9eb60
100644
--- a/remoting/remoting_host_mac.gypi
+++ b/remoting/remoting_host_mac.gypi
@@ -178,10 +178,7 @@
'prefpane_bundle_name': '<!(python <(version_py_path) -f
<(branding_path) -t "@MAC_PREFPANE_BUNDLE_NAME@")',
},
'dependencies': [
- 'remoting_base',
- 'remoting_host',
'remoting_infoplist_strings',
- '<(DEPTH)/third_party/jsoncpp/jsoncpp.gyp:jsoncpp',
],
'defines': [
'HOST_BUNDLE_NAME="<(host_bundle_name)"',
@@ -193,7 +190,21 @@
'../third_party/jsoncpp/source/include/',
'../third_party/jsoncpp/source/src/lib_json/',
],
+
+ # These source files are included directly, instead of adding target
+ # dependencies, because the targets are not yet built for 64-bit on
+ # Mac OS X - http://crbug.com/125116.
+ #
+ # TODO(lambroslambrou): Fix this when Chrome supports building for
+ # Mac OS X 64-bit - http://crbug.com/128122.
'sources': [
+ '../third_party/jsoncpp/overrides/src/lib_json/json_value.cpp',
+ '../third_party/jsoncpp/overrides/src/lib_json/json_reader.cpp',
+ '../third_party/jsoncpp/source/src/lib_json/json_writer.cpp',
+ '../third_party/modp_b64/modp_b64.cc',
+ 'host/constants_mac.cc',
+ 'host/constants_mac.h',
+ 'host/host_config_constants.cc',
'host/mac/me2me_preference_pane.h',
'host/mac/me2me_preference_pane.mm',
'host/mac/me2me_preference_pane_confirm_pin.h',
CL: https://codereview.chromium.org/1541323004/
Message:
Created Revert of remoting: use VerifyHostPinHash() in place on IsPinValid()
Description:
Revert of remoting: use VerifyHostPinHash() in place on IsPinValid()
(patchset
#6 id:100001 of https://codereview.chromium.org/1547533002/ )
Reason for revert:
Relanding still broke the build -
https://build.chromium.org/p/chromium/builders/Mac/builds/10279/steps/compile/logs/stdio:
Undefined symbols for architecture i386:
"remoting::kHostConfigFileName", referenced from:
-[Me2MePreferencePane readNewConfig] in
remoting_host_prefpane.me2me_preference_pane.i386.o
-[Me2MePreferencePane mismatchAlertDidEnd:returnCode:contextInfo:] in
remoting_host_prefpane.me2me_preference_pane.i386.o
Original issue's description:
> remoting: use VerifyHostPinHash() in place on IsPinValid()
> For over a year, we have been shipping a 64-bit version of Chrome for Mac.
> So with this statement, this patch makes the switch to
> VerifyHostPinHash() function from remoting/host/pin_hash.h, fixing the
> lambroslambrou's TODO.
> BUG=None
> R=ser...@chromium.org
> Committed: https://crrev.com/7acd392e4018d121977e2738b6e3c59f5cf418f1
> Cr-Commit-Position: refs/heads/master@{#366762}
> Committed: https://crrev.com/d433493df4b98ea006e6407590cff7a7912e16df
> Cr-Commit-Position: refs/heads/master@{#366783}
TBR=ser...@chromium.org,tfa...@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=None
Base URL: https://chromium.googlesource.com/chromium/src.git@master
Affected files (+62, -5 lines):
M remoting/host/DEPS
M remoting/host/mac/me2me_preference_pane.mm
M remoting/remoting_host_mac.gypi
Index: remoting/host/DEPS
diff --git a/remoting/host/DEPS b/remoting/host/DEPS
index
052a0c5ca705fd2987e3891f9665f35242638fb5..3abc8545dbe42bf8933ae6066acb8037b5c824d2
100644
--- a/remoting/host/DEPS
+++ b/remoting/host/DEPS
@@ -10,6 +10,7 @@
"+remoting/signaling",
"+remoting/tools",
"+third_party/jsoncpp",
+ "+third_party/modp_b64",
"+third_party/skia",
"+third_party/webrtc",
"+ui",
Index: remoting/host/mac/me2me_preference_pane.mm
diff --git a/remoting/host/mac/me2me_preference_pane.mm
b/remoting/host/mac/me2me_preference_pane.mm
index
ab020bdf431e3c294efe47fff70268a7b66e98a9..de33b8bf500127561dea1a3514b6e68ca5487f81
100644
--- a/remoting/host/mac/me2me_preference_pane.mm
+++ b/remoting/host/mac/me2me_preference_pane.mm
@@ -21,11 +21,11 @@
#include "base/posix/eintr_wrapper.h"
#include "remoting/host/constants_mac.h"
#include "remoting/host/host_config.h"
-#include "remoting/host/pin_hash.h"
#import "remoting/host/mac/me2me_preference_pane_confirm_pin.h"
#import "remoting/host/mac/me2me_preference_pane_disable.h"
#include "third_party/jsoncpp/source/include/json/reader.h"
#include "third_party/jsoncpp/source/include/json/writer.h"
+#include "third_party/modp_b64/modp_b64.h"
namespace {
@@ -44,6 +44,51 @@
return (config->GetString(remoting::kHostIdConfigPath, &value) &&
config->GetString(remoting::kHostSecretHashConfigPath, &value) &&
config->GetString(remoting::kXmppLoginConfigPath, &value));
+}
+
+bool IsPinValid(const std::string& pin, const std::string& host_id,
+ const std::string& host_secret_hash) {
+ // TODO(lambroslambrou): Once the "base" target supports building for
64-bit
+ // on Mac OS X, remove this code and replace it with |
VerifyHostPinHash()|
+ // from host/pin_hash.h.
+ size_t separator = host_secret_hash.find(':');
+ if (separator == std::string::npos)
+ return false;
+
+ std::string method = host_secret_hash.substr(0, separator);
+ if (method != "hmac") {
+ NSLog(@"Authentication method '%s' not supported", method.c_str());
+ return false;
+ }
+
+ std::string hash_base64 = host_secret_hash.substr(separator + 1);
+
+ // Convert |hash_base64| to |hash|, based on code from base/base64.cc.
+ int hash_base64_size = static_cast<int>(hash_base64.size());
+ std::string hash;
+ hash.resize(modp_b64_decode_len(hash_base64_size));
+
+ // modp_b64_decode_len() returns at least 1, so hash[0] is safe here.
+ int hash_size = modp_b64_decode(&(hash[0]), hash_base64.data(),
+ hash_base64_size);
+ if (hash_size < 0) {
+ NSLog(@"Failed to parse host_secret_hash");
+ return false;
+ }
+ hash.resize(hash_size);
+
+ std::string computed_hash;
+ computed_hash.resize(CC_SHA256_DIGEST_LENGTH);
+
+ CCHmac(kCCHmacAlgSHA256,
+ host_id.data(), host_id.size(),
+ pin.data(), pin.size(),
+ &(computed_hash[0]));
+
+ // Normally, a constant-time comparison function would be used, but it is
+ // unnecessary here as the "secret" is already readable by the user
+ // supplying input to this routine.
+ return computed_hash == hash;
}
} // namespace
@@ -296,7 +341,7 @@
[self showError];
return;
}
- if (!remoting::VerifyHostPinHash(pin_utf8, host_id, host_secret_hash)) {
+ if (!IsPinValid(pin_utf8, host_id, host_secret_hash)) {
[self showIncorrectPinMessage];
return;
}
Index: remoting/remoting_host_mac.gypi
diff --git a/remoting/remoting_host_mac.gypi
b/remoting/remoting_host_mac.gypi
index
258a6883636e331fa074276e153f889432acd763..dce3cf08b6d79024b3c02f0ff5b44dd785a9eb60
100644
--- a/remoting/remoting_host_mac.gypi
+++ b/remoting/remoting_host_mac.gypi
@@ -178,10 +178,7 @@
'prefpane_bundle_name': '<!(python <(version_py_path) -f
<(branding_path) -t "@MAC_PREFPANE_BUNDLE_NAME@")',
},
'dependencies': [
- 'remoting_base',
- 'remoting_host',
'remoting_infoplist_strings',
- '<(DEPTH)/third_party/jsoncpp/jsoncpp.gyp:jsoncpp',
],
'defines': [
'HOST_BUNDLE_NAME="<(host_bundle_name)"',
@@ -193,7 +190,21 @@
'../third_party/jsoncpp/source/include/',
'../third_party/jsoncpp/source/src/lib_json/',
],
+
+ # These source files are included directly, instead of adding target
+ # dependencies, because the targets are not yet built for 64-bit on
+ # Mac OS X - http://crbug.com/125116.
+ #
+ # TODO(lambroslambrou): Fix this when Chrome supports building for
+ # Mac OS X 64-bit - http://crbug.com/128122.
'sources': [
+ '../third_party/jsoncpp/overrides/src/lib_json/json_value.cpp',
+ '../third_party/jsoncpp/overrides/src/lib_json/json_reader.cpp',
+ '../third_party/jsoncpp/source/src/lib_json/json_writer.cpp',
+ '../third_party/modp_b64/modp_b64.cc',
+ 'host/constants_mac.cc',
+ 'host/constants_mac.h',
+ 'host/host_config_constants.cc',
'host/mac/me2me_preference_pane.h',
'host/mac/me2me_preference_pane.mm',
'host/mac/me2me_preference_pane_confirm_pin.h',
Reply all
Reply to author
Forward
0 new messages