OLD | NEW |
(Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_ |
| 6 #define REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_ |
| 7 |
| 8 #include "base/memory/weak_ptr.h" |
| 9 #include "remoting/protocol/authenticator.h" |
| 10 |
| 11 namespace remoting { |
| 12 |
| 13 class RsaKeyPair; |
| 14 |
| 15 namespace protocol { |
| 16 |
| 17 class Authenticator; |
| 18 |
| 19 typedef base::Callback<void(const std::string& secret)> SecretFetchedCallback; |
| 20 typedef base::Callback<void( |
| 21 const SecretFetchedCallback& secret_fetched_callback)> FetchSecretCallback; |
| 22 |
| 23 // PairingClientAuthenticator builds on top of V2Authenticator to add |
| 24 // support for PIN-less authentication via device pairing: |
| 25 // |
| 26 // * If a client device is already paired, it includes a client id in |
| 27 // the initial authentication message. |
| 28 // * If the host recognizes the id, it looks up the corresponding |
| 29 // paired secret and initiates a SPAKE with HMAC_SHA256. |
| 30 // * If it does not recognize the id, it initiates a SPAKE exchange |
| 31 // with HMAC_SHA256 using the PIN as the shared secret. The initial |
| 32 // message of this exchange includes an an error message, which |
| 33 // informs the client that the PIN-less connection failed and causes |
| 34 // it to prompt the user for a PIN to use for authentication |
| 35 // instead. |
| 36 // |
| 37 // If a client device is not already paired, but supports pairing, it |
| 38 // sends an empty initial authentication message. In this case, the |
| 39 // authenticator behaves exactly like the V2Authenticator with |
| 40 // HMAC_SHA256--only the method name differs, which the client uses to |
| 41 // detect that pairing should be offered to the user. |
| 42 class PairingClientAuthenticator : public Authenticator { |
| 43 public: |
| 44 PairingClientAuthenticator( |
| 45 const std::string& client_id, |
| 46 const std::string& paired_secret, |
| 47 const FetchSecretCallback& fetch_pin_callback, |
| 48 const std::string& authentication_tag); |
| 49 virtual ~PairingClientAuthenticator() {} |
| 50 |
| 51 // Authenticator interface. |
| 52 virtual State state() const OVERRIDE; |
| 53 virtual RejectionReason rejection_reason() const OVERRIDE; |
| 54 virtual void ProcessMessage(const buzz::XmlElement* message, |
| 55 const base::Closure& resume_callback) OVERRIDE; |
| 56 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; |
| 57 virtual scoped_ptr<ChannelAuthenticator> |
| 58 CreateChannelAuthenticator() const OVERRIDE; |
| 59 |
| 60 private: |
| 61 void CreateV2AuthenticatorWithPIN(const buzz::XmlElement* message, |
| 62 const base::Closure& resume_callback, |
| 63 const std::string& pin); |
| 64 |
| 65 // |pairing_state_| indicates the progress of the initial pairing client |
| 66 // id exchange. MESSAGE_READY, WAITING_MESSAGE and PROCESSING_MESSAGE map |
| 67 // directly to the corresponding return value from the |state| method (the |
| 68 // latter means that the user is being prompted for the PIN). ACCEPTED and |
| 69 // REJECTED mean that the client id exchange is complete and succeeded or |
| 70 // failed, respectively. Currently, no distinction is made between these |
| 71 // two states--in either case the underlying v2 authenticator has been |
| 72 // created and holds the state of the overall auth exchange. |
| 73 State pairing_state_; |
| 74 |
| 75 std::string client_id_; |
| 76 const std::string& paired_secret_; |
| 77 FetchSecretCallback fetch_pin_callback_; |
| 78 std::string authentication_tag_; |
| 79 State initial_state_; |
| 80 scoped_ptr<Authenticator> v2_authenticator_; |
| 81 bool pairing_failed_; |
| 82 base::WeakPtrFactory<PairingClientAuthenticator> weak_factory_; |
| 83 |
| 84 DISALLOW_COPY_AND_ASSIGN(PairingClientAuthenticator); |
| 85 }; |
| 86 |
| 87 } // namespace protocol |
| 88 } // namespace remoting |
| 89 |
| 90 #endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ |
OLD | NEW |