OLD | NEW |
| (Empty) |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ | |
6 #define REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ | |
7 | |
8 #include <queue> | |
9 #include <string> | |
10 | |
11 #include "base/compiler_specific.h" | |
12 #include "base/gtest_prod_util.h" | |
13 #include "base/macros.h" | |
14 #include "base/memory/scoped_ptr.h" | |
15 #include "remoting/protocol/authenticator.h" | |
16 | |
17 typedef struct spake2_ctx_st SPAKE2_CTX; | |
18 | |
19 namespace remoting { | |
20 | |
21 class RsaKeyPair; | |
22 | |
23 namespace protocol { | |
24 | |
25 // Authenticator that uses SPAKE2 implementation from BoringSSL. It | |
26 // implements SPAKE2 over Curve25519. | |
27 class Spake2Authenticator : public Authenticator { | |
28 public: | |
29 static scoped_ptr<Authenticator> CreateForClient( | |
30 const std::string& local_id, | |
31 const std::string& remote_id, | |
32 const std::string& shared_secret, | |
33 State initial_state); | |
34 | |
35 static scoped_ptr<Authenticator> CreateForHost( | |
36 const std::string& local_id, | |
37 const std::string& remote_id, | |
38 const std::string& shared_secret, | |
39 const std::string& local_cert, | |
40 scoped_refptr<RsaKeyPair> key_pair, | |
41 State initial_state); | |
42 | |
43 ~Spake2Authenticator() override; | |
44 | |
45 // Authenticator interface. | |
46 State state() const override; | |
47 bool started() const override; | |
48 RejectionReason rejection_reason() const override; | |
49 void ProcessMessage(const buzz::XmlElement* message, | |
50 const base::Closure& resume_callback) override; | |
51 scoped_ptr<buzz::XmlElement> GetNextMessage() override; | |
52 const std::string& GetAuthKey() const override; | |
53 scoped_ptr<ChannelAuthenticator> CreateChannelAuthenticator() const override; | |
54 | |
55 private: | |
56 FRIEND_TEST_ALL_PREFIXES(Spake2AuthenticatorTest, InvalidSecret); | |
57 | |
58 Spake2Authenticator(const std::string& local_id, | |
59 const std::string& remote_id, | |
60 const std::string& shared_secret, | |
61 bool is_host, | |
62 State initial_state); | |
63 | |
64 virtual void ProcessMessageInternal(const buzz::XmlElement* message); | |
65 | |
66 std::string CalculateVerificationHash(bool from_host, | |
67 const std::string& local_id, | |
68 const std::string& remote_id); | |
69 | |
70 const std::string local_id_; | |
71 const std::string remote_id_; | |
72 const std::string shared_secret_; | |
73 const bool is_host_; | |
74 | |
75 // Used only for host authenticators. | |
76 std::string local_cert_; | |
77 scoped_refptr<RsaKeyPair> local_key_pair_; | |
78 | |
79 // Used only for client authenticators. | |
80 std::string remote_cert_; | |
81 | |
82 // Used for both host and client authenticators. | |
83 SPAKE2_CTX* spake2_context_; | |
84 State state_; | |
85 bool started_ = false; | |
86 RejectionReason rejection_reason_ = INVALID_CREDENTIALS; | |
87 std::string local_spake_message_; | |
88 bool spake_message_sent_ = false; | |
89 std::string outgoing_verification_hash_; | |
90 std::string auth_key_; | |
91 std::string expected_verification_hash_; | |
92 | |
93 DISALLOW_COPY_AND_ASSIGN(Spake2Authenticator); | |
94 }; | |
95 | |
96 } // namespace protocol | |
97 } // namespace remoting | |
98 | |
99 #endif // REMOTING_PROTOCOL_SPAKE2_AUTHENTICATOR_H_ | |
OLD | NEW |