Index: remoting/protocol/spake2_authenticator.h |
diff --git a/remoting/protocol/v2_authenticator.h b/remoting/protocol/spake2_authenticator.h |
similarity index 50% |
copy from remoting/protocol/v2_authenticator.h |
copy to remoting/protocol/spake2_authenticator.h |
index 77a72a5832b35db7f07ee65891621f2f7565b7bc..b16d634d6caf7ff47b6fabf5d5eda84fda6ede4a 100644 |
--- a/remoting/protocol/v2_authenticator.h |
+++ b/remoting/protocol/spake2_authenticator.h |
@@ -1,9 +1,9 @@ |
-// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
// Use of this source code is governed by a BSD-style license that can be |
// found in the LICENSE file. |
-#ifndef REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ |
-#define REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ |
+#ifndef REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |
+#define REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |
#include <queue> |
#include <string> |
@@ -12,30 +12,35 @@ |
#include "base/gtest_prod_util.h" |
#include "base/macros.h" |
#include "base/memory/scoped_ptr.h" |
-#include "crypto/p224_spake.h" |
#include "remoting/protocol/authenticator.h" |
+typedef struct spake2_ctx_st SPAKE2_CTX; |
+ |
namespace remoting { |
class RsaKeyPair; |
namespace protocol { |
-class V2Authenticator : public Authenticator { |
+// Authenticator that uses SPAKE2 implementation from BoringSSL. It |
+// implements SPAKE2 over Curve25519. |
+class Spake2Authenticator : public Authenticator { |
public: |
- static bool IsEkeMessage(const buzz::XmlElement* message); |
- |
static scoped_ptr<Authenticator> CreateForClient( |
+ const std::string& local_id, |
+ const std::string& remote_id, |
const std::string& shared_secret, |
State initial_state); |
static scoped_ptr<Authenticator> CreateForHost( |
+ const std::string& local_id, |
+ const std::string& remote_id, |
+ const std::string& shared_secret, |
const std::string& local_cert, |
scoped_refptr<RsaKeyPair> key_pair, |
- const std::string& shared_secret, |
State initial_state); |
- ~V2Authenticator() override; |
+ ~Spake2Authenticator() override; |
// Authenticator interface. |
State state() const override; |
@@ -48,36 +53,47 @@ class V2Authenticator : public Authenticator { |
scoped_ptr<ChannelAuthenticator> CreateChannelAuthenticator() const override; |
private: |
- FRIEND_TEST_ALL_PREFIXES(V2AuthenticatorTest, InvalidSecret); |
+ FRIEND_TEST_ALL_PREFIXES(Spake2AuthenticatorTest, InvalidSecret); |
- V2Authenticator(crypto::P224EncryptedKeyExchange::PeerType type, |
- const std::string& shared_secret, |
- State initial_state); |
+ Spake2Authenticator(const std::string& local_id, |
+ const std::string& remote_id, |
+ const std::string& shared_secret, |
+ bool is_host, |
+ State initial_state); |
virtual void ProcessMessageInternal(const buzz::XmlElement* message); |
- bool is_host_side() const; |
+ std::string CalculateVerificationHash(bool from_host, |
+ const std::string& local_id, |
+ const std::string& remote_id); |
+ |
+ const std::string local_id_; |
+ const std::string remote_id_; |
+ const std::string shared_secret_; |
+ const bool is_host_; |
// Used only for host authenticators. |
std::string local_cert_; |
scoped_refptr<RsaKeyPair> local_key_pair_; |
- bool certificate_sent_; |
// Used only for client authenticators. |
std::string remote_cert_; |
// Used for both host and client authenticators. |
- crypto::P224EncryptedKeyExchange key_exchange_impl_; |
+ SPAKE2_CTX* spake2_context_; |
State state_; |
- bool started_; |
- RejectionReason rejection_reason_; |
- std::queue<std::string> pending_messages_; |
+ bool started_ = false; |
+ RejectionReason rejection_reason_ = INVALID_CREDENTIALS; |
+ std::string local_spake_message_; |
+ bool spake_message_sent_ = false; |
+ std::string outgoing_verification_hash_; |
std::string auth_key_; |
+ std::string expected_verification_hash_; |
- DISALLOW_COPY_AND_ASSIGN(V2Authenticator); |
+ DISALLOW_COPY_AND_ASSIGN(Spake2Authenticator); |
}; |
} // namespace protocol |
} // namespace remoting |
-#endif // REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_ |
+#endif // REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ |