OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ | 5 #ifndef REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |
6 #define REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ | 6 #define REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |
7 | 7 |
8 #include <queue> | 8 #include <queue> |
9 #include <string> | 9 #include <string> |
10 | 10 |
11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
12 #include "base/gtest_prod_util.h" | 12 #include "base/gtest_prod_util.h" |
13 #include "base/macros.h" | 13 #include "base/macros.h" |
14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
15 #include "crypto/p224_spake.h" | |
16 #include "remoting/protocol/authenticator.h" | 15 #include "remoting/protocol/authenticator.h" |
17 | 16 |
| 17 typedef struct spake2_ctx_st SPAKE2_CTX; |
| 18 |
18 namespace remoting { | 19 namespace remoting { |
19 | 20 |
20 class RsaKeyPair; | 21 class RsaKeyPair; |
21 | 22 |
22 namespace protocol { | 23 namespace protocol { |
23 | 24 |
24 class V2Authenticator : public Authenticator { | 25 // Authenticator that uses SPAKE2 implementation from BoringSSL. It |
| 26 // implements SPAKE2 over Curve25519. |
| 27 class Spake2Authenticator : public Authenticator { |
25 public: | 28 public: |
26 static bool IsEkeMessage(const buzz::XmlElement* message); | |
27 | |
28 static scoped_ptr<Authenticator> CreateForClient( | 29 static scoped_ptr<Authenticator> CreateForClient( |
| 30 const std::string& local_id, |
| 31 const std::string& remote_id, |
29 const std::string& shared_secret, | 32 const std::string& shared_secret, |
30 State initial_state); | 33 State initial_state); |
31 | 34 |
32 static scoped_ptr<Authenticator> CreateForHost( | 35 static scoped_ptr<Authenticator> CreateForHost( |
| 36 const std::string& local_id, |
| 37 const std::string& remote_id, |
| 38 const std::string& shared_secret, |
33 const std::string& local_cert, | 39 const std::string& local_cert, |
34 scoped_refptr<RsaKeyPair> key_pair, | 40 scoped_refptr<RsaKeyPair> key_pair, |
35 const std::string& shared_secret, | |
36 State initial_state); | 41 State initial_state); |
37 | 42 |
38 ~V2Authenticator() override; | 43 ~Spake2Authenticator() override; |
39 | 44 |
40 // Authenticator interface. | 45 // Authenticator interface. |
41 State state() const override; | 46 State state() const override; |
42 bool started() const override; | 47 bool started() const override; |
43 RejectionReason rejection_reason() const override; | 48 RejectionReason rejection_reason() const override; |
44 void ProcessMessage(const buzz::XmlElement* message, | 49 void ProcessMessage(const buzz::XmlElement* message, |
45 const base::Closure& resume_callback) override; | 50 const base::Closure& resume_callback) override; |
46 scoped_ptr<buzz::XmlElement> GetNextMessage() override; | 51 scoped_ptr<buzz::XmlElement> GetNextMessage() override; |
47 const std::string& GetAuthKey() const override; | 52 const std::string& GetAuthKey() const override; |
48 scoped_ptr<ChannelAuthenticator> CreateChannelAuthenticator() const override; | 53 scoped_ptr<ChannelAuthenticator> CreateChannelAuthenticator() const override; |
49 | 54 |
50 private: | 55 private: |
51 FRIEND_TEST_ALL_PREFIXES(V2AuthenticatorTest, InvalidSecret); | 56 FRIEND_TEST_ALL_PREFIXES(Spake2AuthenticatorTest, InvalidSecret); |
52 | 57 |
53 V2Authenticator(crypto::P224EncryptedKeyExchange::PeerType type, | 58 Spake2Authenticator(const std::string& local_id, |
54 const std::string& shared_secret, | 59 const std::string& remote_id, |
55 State initial_state); | 60 const std::string& shared_secret, |
| 61 bool is_host, |
| 62 State initial_state); |
56 | 63 |
57 virtual void ProcessMessageInternal(const buzz::XmlElement* message); | 64 virtual void ProcessMessageInternal(const buzz::XmlElement* message); |
58 | 65 |
59 bool is_host_side() const; | 66 std::string CalculateVerificationHash(bool from_host, |
| 67 const std::string& local_id, |
| 68 const std::string& remote_id); |
| 69 |
| 70 const std::string local_id_; |
| 71 const std::string remote_id_; |
| 72 const std::string shared_secret_; |
| 73 const bool is_host_; |
60 | 74 |
61 // Used only for host authenticators. | 75 // Used only for host authenticators. |
62 std::string local_cert_; | 76 std::string local_cert_; |
63 scoped_refptr<RsaKeyPair> local_key_pair_; | 77 scoped_refptr<RsaKeyPair> local_key_pair_; |
64 bool certificate_sent_; | |
65 | 78 |
66 // Used only for client authenticators. | 79 // Used only for client authenticators. |
67 std::string remote_cert_; | 80 std::string remote_cert_; |
68 | 81 |
69 // Used for both host and client authenticators. | 82 // Used for both host and client authenticators. |
70 crypto::P224EncryptedKeyExchange key_exchange_impl_; | 83 SPAKE2_CTX* spake2_context_; |
71 State state_; | 84 State state_; |
72 bool started_; | 85 bool started_ = false; |
73 RejectionReason rejection_reason_; | 86 RejectionReason rejection_reason_ = INVALID_CREDENTIALS; |
74 std::queue<std::string> pending_messages_; | 87 std::string local_spake_message_; |
| 88 bool spake_message_sent_ = false; |
| 89 std::string outgoing_verification_hash_; |
75 std::string auth_key_; | 90 std::string auth_key_; |
| 91 std::string expected_verification_hash_; |
76 | 92 |
77 DISALLOW_COPY_AND_ASSIGN(V2Authenticator); | 93 DISALLOW_COPY_AND_ASSIGN(Spake2Authenticator); |
78 }; | 94 }; |
79 | 95 |
80 } // namespace protocol | 96 } // namespace protocol |
81 } // namespace remoting | 97 } // namespace remoting |
82 | 98 |
83 #endif // REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ | 99 #endif // REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |
OLD | NEW |