Index: remoting/protocol/pairing_host_authenticator.h |
diff --git a/remoting/protocol/pairing_host_authenticator.h b/remoting/protocol/pairing_host_authenticator.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..ddc7929262781771d2f880dd56029e7c03de6fa4 |
--- /dev/null |
+++ b/remoting/protocol/pairing_host_authenticator.h |
@@ -0,0 +1,73 @@ |
+// Copyright 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_ |
+#define REMOTING_PROTOCOL_PAIRING_HOST_AUTHENTICATOR_H_ |
+ |
+#include "remoting/protocol/authenticator.h" |
+ |
+namespace remoting { |
+ |
+class RsaKeyPair; |
+ |
+namespace protocol { |
+ |
+class V2Authenticator; |
+class PairingRegistry; |
+ |
+// PairingClientAuthenticator builds on top of V2Authenticator to add |
+// support for PIN-less authentication via device pairing: |
+// |
+// * If a client device is already paired, it includes a client id in |
+// the initial authentication message. |
+// * If the host recognizes the id, it looks up the corresponding |
+// shared secret and the rest of the protocol is host-initiated |
+// SPAKE with HMAC_SHA256. |
+// * If it does not recognize the id, it sends an error message to |
+// the client, which will prompt the user for a PIN to use for |
+// authentication instead. In this case, the rest of the procotol |
+// is client-initiated SPAKE with HMAC_SHA256. |
+// |
+// If a client device is not already paired, but supports pairing, it |
+// sends an empty initial authentication message. In this case, the |
+// authenticator behaves exactly like the V2Authenticator with |
rmsousa
2013/05/16 00:46:25
Please clarify who sends the first SPAKE message i
|
+// HMAC_SHA256--only the protocol type differs, which the client uses |
+// to detect that pairing should be offered to the user. |
+class PairingHostAuthenticator : public Authenticator { |
+ public: |
+ PairingHostAuthenticator( |
+ scoped_refptr<PairingRegistry> pairing_registry, |
+ const std::string& local_cert, |
+ scoped_refptr<RsaKeyPair> key_pair, |
+ const std::string& shared_secret, |
+ State initial_state); |
+ virtual ~PairingHostAuthenticator() {} |
+ |
+ // Authenticator interface. |
+ virtual State state() const OVERRIDE; |
+ virtual RejectionReason rejection_reason() const OVERRIDE; |
+ virtual void ProcessMessage(const buzz::XmlElement* message, |
+ const base::Closure& resume_callback) OVERRIDE; |
+ virtual scoped_ptr<buzz::XmlElement> GetNextMessage() OVERRIDE; |
+ virtual scoped_ptr<ChannelAuthenticator> |
+ CreateChannelAuthenticator() const OVERRIDE; |
+ |
+ private: |
+ void CreateV2AuthenticatorWithPIN(State initial_state); |
+ |
+ scoped_refptr<PairingRegistry> pairing_registry_; |
+ std::string local_cert_; |
+ scoped_refptr<RsaKeyPair> key_pair_; |
+ const std::string& shared_secret_; |
+ scoped_ptr<Authenticator> v2_authenticator_; |
+ std::string error_message_; |
+ bool protocol_error_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(PairingHostAuthenticator); |
+}; |
+ |
+} // namespace protocol |
+} // namespace remoting |
+ |
+#endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_H_ |