OLD | NEW |
(Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_ |
| 6 #define REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_ |
| 7 |
| 8 #include "remoting/protocol/authenticator.h" |
| 9 |
| 10 namespace remoting { |
| 11 |
| 12 class RsaKeyPair; |
| 13 |
| 14 namespace protocol { |
| 15 |
| 16 class V2Authenticator; |
| 17 class PairingRegistry; |
| 18 |
| 19 // PairingHostAuthenticator builds on top of V2Authenticator to add |
| 20 // support for PIN-less authentication via device pairing: |
| 21 // |
| 22 // * If a client device is already paired, it includes a client id in |
| 23 // the initial authentication message. |
| 24 // * If the host recognizes the id, it looks up the corresponding |
| 25 // paired secret and initiates a SPAKE with HMAC_SHA256. |
| 26 // * If it does not recognize the id, it initiates a SPAKE exchange |
| 27 // with HMAC_SHA256 using the PIN as the shared secret. The initial |
| 28 // message of this exchange includes an an error message, which |
| 29 // informs the client that the PIN-less connection failed and causes |
| 30 // it to prompt the user for a PIN to use for authentication |
| 31 // instead. |
| 32 // |
| 33 // If a client device is not already paired, but supports pairing, it |
| 34 // sends an empty initial authentication message. In this case, the |
| 35 // authenticator behaves exactly like the V2Authenticator with |
| 36 // HMAC_SHA256--only the method name differs, which the client uses to |
| 37 // detect that pairing should be offered to the user. |
| 38 class PairingHostAuthenticator : public Authenticator { |
| 39 public: |
| 40 PairingHostAuthenticator( |
| 41 scoped_refptr<PairingRegistry> pairing_registry, |
| 42 const std::string& local_cert, |
| 43 scoped_refptr<RsaKeyPair> key_pair, |
| 44 const std::string& pin, |
| 45 State initial_state); |
| 46 virtual ~PairingHostAuthenticator() {} |
| 47 |
| 48 // Authenticator interface. |
| 49 virtual State state() const OVERRIDE; |
| 50 virtual RejectionReason rejection_reason() const OVERRIDE; |
| 51 virtual void ProcessMessage(const buzz::XmlElement* message, |
| 52 const base::Closure& resume_callback) OVERRIDE; |
| 53 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; |
| 54 virtual scoped_ptr<ChannelAuthenticator> |
| 55 CreateChannelAuthenticator() const OVERRIDE; |
| 56 |
| 57 private: |
| 58 void CreateV2AuthenticatorWithPIN(); |
| 59 |
| 60 scoped_refptr<PairingRegistry> pairing_registry_; |
| 61 std::string local_cert_; |
| 62 scoped_refptr<RsaKeyPair> key_pair_; |
| 63 const std::string& pin_; |
| 64 scoped_ptr<Authenticator> v2_authenticator_; |
| 65 std::string error_message_; |
| 66 bool protocol_error_; |
| 67 |
| 68 DISALLOW_COPY_AND_ASSIGN(PairingHostAuthenticator); |
| 69 }; |
| 70 |
| 71 } // namespace protocol |
| 72 } // namespace remoting |
| 73 |
| 74 #endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ |
OLD | NEW |