OLD | NEW |
(Empty) | |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_ |
| 6 #define REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_ |
| 7 |
| 8 #include "base/memory/weak_ptr.h" |
| 9 #include "remoting/protocol/authenticator.h" |
| 10 |
| 11 namespace remoting { |
| 12 |
| 13 class RsaKeyPair; |
| 14 |
| 15 namespace protocol { |
| 16 |
| 17 class V2Authenticator; |
| 18 class PairingRegistry; |
| 19 |
| 20 // PairingHostAuthenticator builds on top of V2Authenticator to add |
| 21 // support for PIN-less authentication via device pairing: |
| 22 // |
| 23 // * If a client device is already paired, it includes a client id in |
| 24 // the initial authentication message. |
| 25 // * If the host recognizes the id, it looks up the corresponding |
| 26 // paired secret and initiates a SPAKE with HMAC_SHA256. |
| 27 // * If it does not recognize the id, it initiates a SPAKE exchange |
| 28 // with HMAC_SHA256 using the PIN as the shared secret. The initial |
| 29 // message of this exchange includes an an error message, which |
| 30 // informs the client that the PIN-less connection failed and causes |
| 31 // it to prompt the user for a PIN to use for authentication |
| 32 // instead. |
| 33 // |
| 34 // If a client device is not already paired, but supports pairing, it |
| 35 // sends an empty initial authentication message. In this case, the |
| 36 // authenticator behaves exactly like the V2Authenticator with |
| 37 // HMAC_SHA256--only the method name differs, which the client uses to |
| 38 // detect that pairing should be offered to the user. |
| 39 class PairingHostAuthenticator : public Authenticator { |
| 40 public: |
| 41 PairingHostAuthenticator( |
| 42 scoped_refptr<PairingRegistry> pairing_registry, |
| 43 const std::string& local_cert, |
| 44 scoped_refptr<RsaKeyPair> key_pair, |
| 45 const std::string& pin, |
| 46 State initial_state); |
| 47 virtual ~PairingHostAuthenticator() {} |
| 48 |
| 49 // Authenticator interface. |
| 50 virtual State state() const OVERRIDE; |
| 51 virtual RejectionReason rejection_reason() const OVERRIDE; |
| 52 virtual void ProcessMessage(const buzz::XmlElement* message, |
| 53 const base::Closure& resume_callback) OVERRIDE; |
| 54 virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; |
| 55 virtual scoped_ptr<ChannelAuthenticator> |
| 56 CreateChannelAuthenticator() const OVERRIDE; |
| 57 |
| 58 private: |
| 59 void CreateV2AuthenticatorWithPIN(); |
| 60 void CheckForFailedSpakeExchange(const base::Closure& resume_callback); |
| 61 |
| 62 scoped_refptr<PairingRegistry> pairing_registry_; |
| 63 std::string local_cert_; |
| 64 scoped_refptr<RsaKeyPair> key_pair_; |
| 65 const std::string& pin_; |
| 66 scoped_ptr<Authenticator> v2_authenticator_; |
| 67 std::string error_message_; |
| 68 bool protocol_error_; |
| 69 bool using_paired_secret_; |
| 70 base::WeakPtrFactory<PairingHostAuthenticator> weak_factory_; |
| 71 |
| 72 DISALLOW_COPY_AND_ASSIGN(PairingHostAuthenticator); |
| 73 }; |
| 74 |
| 75 } // namespace protocol |
| 76 } // namespace remoting |
| 77 |
| 78 #endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ |
OLD | NEW |