Implement authenticator based on SPAKE2 implementation in boringssl.

remoting/protocol/spake2_authenticator.h

Index: remoting/protocol/spake2_authenticator.h
diff --git a/remoting/protocol/v2_authenticator.h b/remoting/protocol/spake2_authenticator.h
similarity index 50%
copy from remoting/protocol/v2_authenticator.h
copy to remoting/protocol/spake2_authenticator.h
index 77a72a5832b35db7f07ee65891621f2f7565b7bc..b16d634d6caf7ff47b6fabf5d5eda84fda6ede4a 100644
--- a/remoting/protocol/v2_authenticator.h
+++ b/remoting/protocol/spake2_authenticator.h
@@ -1,9 +1,9 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_
-#define REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_
+#ifndef REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_
+#define REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_
 
 #include <queue>
 #include <string>
@@ -12,30 +12,35 @@
 #include "base/gtest_prod_util.h"
 #include "base/macros.h"
 #include "base/memory/scoped_ptr.h"
-#include "crypto/p224_spake.h"
 #include "remoting/protocol/authenticator.h"
 
+typedef struct spake2_ctx_st SPAKE2_CTX;
+
 namespace remoting {
 
 class RsaKeyPair;
 
 namespace protocol {
 
-class V2Authenticator : public Authenticator {
+// Authenticator that uses SPAKE2 implementation from BoringSSL. It
+// implements SPAKE2 over Curve25519.
+class Spake2Authenticator : public Authenticator {
  public:
-  static bool IsEkeMessage(const buzz::XmlElement* message);
-
   static scoped_ptr<Authenticator> CreateForClient(
+      const std::string& local_id,
+      const std::string& remote_id,
       const std::string& shared_secret,
       State initial_state);
 
   static scoped_ptr<Authenticator> CreateForHost(
+      const std::string& local_id,
+      const std::string& remote_id,
+      const std::string& shared_secret,
       const std::string& local_cert,
       scoped_refptr<RsaKeyPair> key_pair,
-      const std::string& shared_secret,
       State initial_state);
 
-  ~V2Authenticator() override;
+  ~Spake2Authenticator() override;
 
   // Authenticator interface.
   State state() const override;
@@ -48,36 +53,47 @@ class V2Authenticator : public Authenticator {
   scoped_ptr<ChannelAuthenticator> CreateChannelAuthenticator() const override;
 
  private:
-  FRIEND_TEST_ALL_PREFIXES(V2AuthenticatorTest, InvalidSecret);
+  FRIEND_TEST_ALL_PREFIXES(Spake2AuthenticatorTest, InvalidSecret);
 
-  V2Authenticator(crypto::P224EncryptedKeyExchange::PeerType type,
-                  const std::string& shared_secret,
-                  State initial_state);
+  Spake2Authenticator(const std::string& local_id,
+                      const std::string& remote_id,
+                      const std::string& shared_secret,
+                      bool is_host,
+                      State initial_state);
 
   virtual void ProcessMessageInternal(const buzz::XmlElement* message);
 
-  bool is_host_side() const;
+  std::string CalculateVerificationHash(bool from_host,
+                                        const std::string& local_id,
+                                        const std::string& remote_id);
+
+  const std::string local_id_;
+  const std::string remote_id_;
+  const std::string shared_secret_;
+  const bool is_host_;
 
   // Used only for host authenticators.
   std::string local_cert_;
   scoped_refptr<RsaKeyPair> local_key_pair_;
-  bool certificate_sent_;
 
   // Used only for client authenticators.
   std::string remote_cert_;
 
   // Used for both host and client authenticators.
-  crypto::P224EncryptedKeyExchange key_exchange_impl_;
+  SPAKE2_CTX* spake2_context_;
   State state_;
-  bool started_;
-  RejectionReason rejection_reason_;
-  std::queue<std::string> pending_messages_;
+  bool started_ = false;
+  RejectionReason rejection_reason_ = INVALID_CREDENTIALS;
+  std::string local_spake_message_;
+  bool spake_message_sent_ = false;
+  std::string outgoing_verification_hash_;
   std::string auth_key_;
+  std::string expected_verification_hash_;
 
-  DISALLOW_COPY_AND_ASSIGN(V2Authenticator);
+  DISALLOW_COPY_AND_ASSIGN(Spake2Authenticator);
 };
 
 }  // namespace protocol
 }  // namespace remoting
 
-#endif  // REMOTING_PROTOCOL_V2_AUTHENTICATOR_H_
+#endif  // REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_