Index: remoting/protocol/pairing_host_authenticator.h |
diff --git a/remoting/protocol/pairing_host_authenticator.h b/remoting/protocol/pairing_host_authenticator.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..cb3f2d7edfbd8b78d03b67c62625a6155c3888fb |
--- /dev/null |
+++ b/remoting/protocol/pairing_host_authenticator.h |
@@ -0,0 +1,74 @@ |
+// Copyright 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_ |
+#define REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_ |
+ |
+#include "remoting/protocol/authenticator.h" |
+ |
+namespace remoting { |
+ |
+class RsaKeyPair; |
+ |
+namespace protocol { |
+ |
+class V2Authenticator; |
+class PairingRegistry; |
+ |
+// PairingHostAuthenticator builds on top of V2Authenticator to add |
+// support for PIN-less authentication via device pairing: |
+// |
+// * If a client device is already paired, it includes a client id in |
+// the initial authentication message. |
+// * If the host recognizes the id, it looks up the corresponding |
+// paired secret and initiates a SPAKE with HMAC_SHA256. |
+// * If it does not recognize the id, it initiates a SPAKE exchange |
+// with HMAC_SHA256 using the PIN as the shared secret. The initial |
+// message of this exchange includes an an error message, which |
+// informs the client that the PIN-less connection failed and causes |
+// it to prompt the user for a PIN to use for authentication |
+// instead. |
+// |
+// If a client device is not already paired, but supports pairing, it |
+// sends an empty initial authentication message. In this case, the |
+// authenticator behaves exactly like the V2Authenticator with |
+// HMAC_SHA256--only the method name differs, which the client uses to |
+// detect that pairing should be offered to the user. |
+class PairingHostAuthenticator : public Authenticator { |
+ public: |
+ PairingHostAuthenticator( |
+ scoped_refptr<PairingRegistry> pairing_registry, |
+ const std::string& local_cert, |
+ scoped_refptr<RsaKeyPair> key_pair, |
+ const std::string& pin, |
+ State initial_state); |
+ virtual ~PairingHostAuthenticator() {} |
+ |
+ // Authenticator interface. |
+ virtual State state() const OVERRIDE; |
+ virtual RejectionReason rejection_reason() const OVERRIDE; |
+ virtual void ProcessMessage(const buzz::XmlElement* message, |
+ const base::Closure& resume_callback) OVERRIDE; |
+ virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; |
+ virtual scoped_ptr<ChannelAuthenticator> |
+ CreateChannelAuthenticator() const OVERRIDE; |
+ |
+ private: |
+ void CreateV2AuthenticatorWithPIN(); |
+ |
+ scoped_refptr<PairingRegistry> pairing_registry_; |
+ std::string local_cert_; |
+ scoped_refptr<RsaKeyPair> key_pair_; |
+ const std::string& pin_; |
+ scoped_ptr<Authenticator> v2_authenticator_; |
+ std::string error_message_; |
+ bool protocol_error_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(PairingHostAuthenticator); |
+}; |
+ |
+} // namespace protocol |
+} // namespace remoting |
+ |
+#endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ |