| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ | 5 #ifndef REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |
| 6 #define REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ | 6 #define REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |
| 7 | 7 |
| 8 #include <queue> | 8 #include <queue> |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| 11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
| 12 #include "base/gtest_prod_util.h" | 12 #include "base/gtest_prod_util.h" |
| 13 #include "base/macros.h" | 13 #include "base/macros.h" |
| 14 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
| 15 #include "crypto/p224_spake.h" | |
| 16 #include "remoting/protocol/authenticator.h" | 15 #include "remoting/protocol/authenticator.h" |
| 17 | 16 |
| 17 typedef struct spake2_ctx_st SPAKE2_CTX; |
| 18 |
| 18 namespace remoting { | 19 namespace remoting { |
| 19 | 20 |
| 20 class RsaKeyPair; | 21 class RsaKeyPair; |
| 21 | 22 |
| 22 namespace protocol { | 23 namespace protocol { |
| 23 | 24 |
| 24 class V2Authenticator : public Authenticator { | 25 // Authenticator that uses SPAKE2 implementation from BoringSSL. It |
| 26 // implements SPAKE2 over Curve25519. |
| 27 class Spake2Authenticator : public Authenticator { |
| 25 public: | 28 public: |
| 26 static bool IsEkeMessage(const buzz::XmlElement* message); | |
| 27 | |
| 28 static scoped_ptr<Authenticator> CreateForClient( | 29 static scoped_ptr<Authenticator> CreateForClient( |
| 30 const std::string& local_id, |
| 31 const std::string& remote_id, |
| 29 const std::string& shared_secret, | 32 const std::string& shared_secret, |
| 30 State initial_state); | 33 State initial_state); |
| 31 | 34 |
| 32 static scoped_ptr<Authenticator> CreateForHost( | 35 static scoped_ptr<Authenticator> CreateForHost( |
| 36 const std::string& local_id, |
| 37 const std::string& remote_id, |
| 38 const std::string& shared_secret, |
| 33 const std::string& local_cert, | 39 const std::string& local_cert, |
| 34 scoped_refptr<RsaKeyPair> key_pair, | 40 scoped_refptr<RsaKeyPair> key_pair, |
| 35 const std::string& shared_secret, | |
| 36 State initial_state); | 41 State initial_state); |
| 37 | 42 |
| 38 ~V2Authenticator() override; | 43 ~Spake2Authenticator() override; |
| 39 | 44 |
| 40 // Authenticator interface. | 45 // Authenticator interface. |
| 41 State state() const override; | 46 State state() const override; |
| 42 bool started() const override; | 47 bool started() const override; |
| 43 RejectionReason rejection_reason() const override; | 48 RejectionReason rejection_reason() const override; |
| 44 void ProcessMessage(const buzz::XmlElement* message, | 49 void ProcessMessage(const buzz::XmlElement* message, |
| 45 const base::Closure& resume_callback) override; | 50 const base::Closure& resume_callback) override; |
| 46 scoped_ptr<buzz::XmlElement> GetNextMessage() override; | 51 scoped_ptr<buzz::XmlElement> GetNextMessage() override; |
| 47 const std::string& GetAuthKey() const override; | 52 const std::string& GetAuthKey() const override; |
| 48 scoped_ptr<ChannelAuthenticator> CreateChannelAuthenticator() const override; | 53 scoped_ptr<ChannelAuthenticator> CreateChannelAuthenticator() const override; |
| 49 | 54 |
| 50 private: | 55 private: |
| 51 FRIEND_TEST_ALL_PREFIXES(V2AuthenticatorTest, InvalidSecret); | 56 FRIEND_TEST_ALL_PREFIXES(Spake2AuthenticatorTest, InvalidSecret); |
| 52 | 57 |
| 53 V2Authenticator(crypto::P224EncryptedKeyExchange::PeerType type, | 58 Spake2Authenticator(const std::string& local_id, |
| 54 const std::string& shared_secret, | 59 const std::string& remote_id, |
| 55 State initial_state); | 60 const std::string& shared_secret, |
| 61 bool is_host, |
| 62 State initial_state); |
| 56 | 63 |
| 57 virtual void ProcessMessageInternal(const buzz::XmlElement* message); | 64 virtual void ProcessMessageInternal(const buzz::XmlElement* message); |
| 58 | 65 |
| 59 bool is_host_side() const; | 66 std::string CalculateVerificationHash(bool from_host, |
| 67 const std::string& local_id, |
| 68 const std::string& remote_id); |
| 69 |
| 70 const std::string local_id_; |
| 71 const std::string remote_id_; |
| 72 const std::string shared_secret_; |
| 73 const bool is_host_; |
| 60 | 74 |
| 61 // Used only for host authenticators. | 75 // Used only for host authenticators. |
| 62 std::string local_cert_; | 76 std::string local_cert_; |
| 63 scoped_refptr<RsaKeyPair> local_key_pair_; | 77 scoped_refptr<RsaKeyPair> local_key_pair_; |
| 64 bool certificate_sent_; | |
| 65 | 78 |
| 66 // Used only for client authenticators. | 79 // Used only for client authenticators. |
| 67 std::string remote_cert_; | 80 std::string remote_cert_; |
| 68 | 81 |
| 69 // Used for both host and client authenticators. | 82 // Used for both host and client authenticators. |
| 70 crypto::P224EncryptedKeyExchange key_exchange_impl_; | 83 SPAKE2_CTX* spake2_context_; |
| 71 State state_; | 84 State state_; |
| 72 bool started_; | 85 bool started_ = false; |
| 73 RejectionReason rejection_reason_; | 86 RejectionReason rejection_reason_ = INVALID_CREDENTIALS; |
| 74 std::queue<std::string> pending_messages_; | 87 std::string local_spake_message_; |
| 88 bool spake_message_sent_ = false; |
| 89 std::string outgoing_verification_hash_; |
| 75 std::string auth_key_; | 90 std::string auth_key_; |
| 91 std::string expected_verification_hash_; |
| 76 | 92 |
| 77 DISALLOW_COPY_AND_ASSIGN(V2Authenticator); | 93 DISALLOW_COPY_AND_ASSIGN(Spake2Authenticator); |
| 78 }; | 94 }; |
| 79 | 95 |
| 80 } // namespace protocol | 96 } // namespace protocol |
| 81 } // namespace remoting | 97 } // namespace remoting |
| 82 | 98 |
| 83 #endif // REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ | 99 #endif // REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1759313002:
Implement authenticator based on SPAKE2 implementation in boringssl. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master