| Index: remoting/protocol/pairing_client_authenticator.h
|
| diff --git a/remoting/protocol/pairing_client_authenticator.h b/remoting/protocol/pairing_client_authenticator.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..945507ebf4a87a3668c120ed23738f24c1edaa62
|
| --- /dev/null
|
| +++ b/remoting/protocol/pairing_client_authenticator.h
|
| @@ -0,0 +1,90 @@
|
| +// Copyright 2013 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_
|
| +#define REMOTING_PROTOCOL_PAIRING_CLIENT_AUTHENTICATOR_H_
|
| +
|
| +#include "base/memory/weak_ptr.h"
|
| +#include "remoting/protocol/authenticator.h"
|
| +
|
| +namespace remoting {
|
| +
|
| +class RsaKeyPair;
|
| +
|
| +namespace protocol {
|
| +
|
| +class Authenticator;
|
| +
|
| +typedef base::Callback<void(const std::string& secret)> SecretFetchedCallback;
|
| +typedef base::Callback<void(
|
| + const SecretFetchedCallback& secret_fetched_callback)> FetchSecretCallback;
|
| +
|
| +// PairingClientAuthenticator builds on top of V2Authenticator to add
|
| +// support for PIN-less authentication via device pairing:
|
| +//
|
| +// * If a client device is already paired, it includes a client id in
|
| +// the initial authentication message.
|
| +// * If the host recognizes the id, it looks up the corresponding
|
| +// paired secret and initiates a SPAKE with HMAC_SHA256.
|
| +// * If it does not recognize the id, it initiates a SPAKE exchange
|
| +// with HMAC_SHA256 using the PIN as the shared secret. The initial
|
| +// message of this exchange includes an an error message, which
|
| +// informs the client that the PIN-less connection failed and causes
|
| +// it to prompt the user for a PIN to use for authentication
|
| +// instead.
|
| +//
|
| +// If a client device is not already paired, but supports pairing, it
|
| +// sends an empty initial authentication message. In this case, the
|
| +// authenticator behaves exactly like the V2Authenticator with
|
| +// HMAC_SHA256--only the method name differs, which the client uses to
|
| +// detect that pairing should be offered to the user.
|
| +class PairingClientAuthenticator : public Authenticator {
|
| + public:
|
| + PairingClientAuthenticator(
|
| + const std::string& client_id,
|
| + const std::string& paired_secret,
|
| + const FetchSecretCallback& fetch_pin_callback,
|
| + const std::string& authentication_tag);
|
| + virtual ~PairingClientAuthenticator() {}
|
| +
|
| + // Authenticator interface.
|
| + virtual State state() const OVERRIDE;
|
| + virtual RejectionReason rejection_reason() const OVERRIDE;
|
| + virtual void ProcessMessage(const buzz::XmlElement* message,
|
| + const base::Closure& resume_callback) OVERRIDE;
|
| + virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE;
|
| + virtual scoped_ptr<ChannelAuthenticator>
|
| + CreateChannelAuthenticator() const OVERRIDE;
|
| +
|
| + private:
|
| + void CreateV2AuthenticatorWithPIN(const buzz::XmlElement* message,
|
| + const base::Closure& resume_callback,
|
| + const std::string& pin);
|
| +
|
| + // |pairing_state_| indicates the progress of the initial pairing client
|
| + // id exchange. MESSAGE_READY, WAITING_MESSAGE and PROCESSING_MESSAGE map
|
| + // directly to the corresponding return value from the |state| method (the
|
| + // latter means that the user is being prompted for the PIN). ACCEPTED and
|
| + // REJECTED mean that the client id exchange is complete and succeeded or
|
| + // failed, respectively. Currently, no distinction is made between these
|
| + // two states--in either case the underlying v2 authenticator has been
|
| + // created and holds the state of the overall auth exchange.
|
| + State pairing_state_;
|
| +
|
| + std::string client_id_;
|
| + const std::string& paired_secret_;
|
| + FetchSecretCallback fetch_pin_callback_;
|
| + std::string authentication_tag_;
|
| + State initial_state_;
|
| + scoped_ptr<Authenticator> v2_authenticator_;
|
| + bool pairing_failed_;
|
| + base::WeakPtrFactory<PairingClientAuthenticator> weak_factory_;
|
| +
|
| + DISALLOW_COPY_AND_ASSIGN(PairingClientAuthenticator);
|
| +};
|
| +
|
| +} // namespace protocol
|
| +} // namespace remoting
|
| +
|
| +#endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_
|
|
|
Chromium Code Reviews
Issue 14793021:
PairingAuthenticator implementation and plumbing. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src