OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/negotiating_client_authenticator.h" | 5 #include "remoting/protocol/negotiating_client_authenticator.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <sstream> | 8 #include <sstream> |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/callback.h" | 12 #include "base/callback.h" |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/strings/string_split.h" | 14 #include "base/strings/string_split.h" |
15 #include "remoting/protocol/auth_util.h" | 15 #include "remoting/protocol/auth_util.h" |
16 #include "remoting/protocol/channel_authenticator.h" | 16 #include "remoting/protocol/channel_authenticator.h" |
17 #include "remoting/protocol/pairing_client_authenticator.h" | 17 #include "remoting/protocol/pairing_client_authenticator.h" |
| 18 #include "remoting/protocol/spake2_authenticator.h" |
18 #include "remoting/protocol/v2_authenticator.h" | 19 #include "remoting/protocol/v2_authenticator.h" |
19 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" | 20 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" |
20 | 21 |
21 namespace remoting { | 22 namespace remoting { |
22 namespace protocol { | 23 namespace protocol { |
23 | 24 |
24 ClientAuthenticationConfig::ClientAuthenticationConfig() {} | 25 ClientAuthenticationConfig::ClientAuthenticationConfig() {} |
25 ClientAuthenticationConfig::~ClientAuthenticationConfig() {} | 26 ClientAuthenticationConfig::~ClientAuthenticationConfig() {} |
26 | 27 |
27 NegotiatingClientAuthenticator::NegotiatingClientAuthenticator( | 28 NegotiatingClientAuthenticator::NegotiatingClientAuthenticator( |
| 29 const std::string& local_id, |
| 30 const std::string& remote_id, |
28 const ClientAuthenticationConfig& config) | 31 const ClientAuthenticationConfig& config) |
29 : NegotiatingAuthenticatorBase(MESSAGE_READY), | 32 : NegotiatingAuthenticatorBase(MESSAGE_READY), |
| 33 local_id_(local_id), |
| 34 remote_id_(remote_id), |
30 config_(config), | 35 config_(config), |
31 weak_factory_(this) { | 36 weak_factory_(this) { |
32 if (!config_.fetch_third_party_token_callback.is_null()) | 37 if (!config_.fetch_third_party_token_callback.is_null()) { |
33 AddMethod(Method::THIRD_PARTY); | 38 AddMethod(Method::THIRD_PARTY_SPAKE2_CURVE25519); |
34 AddMethod(Method::SPAKE2_PAIR); | 39 AddMethod(Method::THIRD_PARTY_SPAKE2_P224); |
35 AddMethod(Method::SPAKE2_SHARED_SECRET_HMAC); | 40 } |
36 AddMethod(Method::SPAKE2_SHARED_SECRET_PLAIN); | 41 |
| 42 AddMethod(Method::PAIRED_SPAKE2_P224); |
| 43 |
| 44 AddMethod(Method::SHARED_SECRET_SPAKE2_CURVE25519); |
| 45 AddMethod(Method::SHARED_SECRET_SPAKE2_P224); |
| 46 |
| 47 AddMethod(Method::SHARED_SECRET_PLAIN_SPAKE2_P224); |
37 } | 48 } |
38 | 49 |
39 NegotiatingClientAuthenticator::~NegotiatingClientAuthenticator() {} | 50 NegotiatingClientAuthenticator::~NegotiatingClientAuthenticator() {} |
40 | 51 |
41 void NegotiatingClientAuthenticator::ProcessMessage( | 52 void NegotiatingClientAuthenticator::ProcessMessage( |
42 const buzz::XmlElement* message, | 53 const buzz::XmlElement* message, |
43 const base::Closure& resume_callback) { | 54 const base::Closure& resume_callback) { |
44 DCHECK_EQ(state(), WAITING_MESSAGE); | 55 DCHECK_EQ(state(), WAITING_MESSAGE); |
45 | 56 |
46 std::string method_attr = message->Attr(kMethodAttributeQName); | 57 std::string method_attr = message->Attr(kMethodAttributeQName); |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
100 state_ = WAITING_MESSAGE; | 111 state_ = WAITING_MESSAGE; |
101 return result; | 112 return result; |
102 } | 113 } |
103 return GetNextMessageInternal(); | 114 return GetNextMessageInternal(); |
104 } | 115 } |
105 | 116 |
106 void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod( | 117 void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod( |
107 Authenticator::State preferred_initial_state, | 118 Authenticator::State preferred_initial_state, |
108 const base::Closure& resume_callback) { | 119 const base::Closure& resume_callback) { |
109 DCHECK(current_method_ != Method::INVALID); | 120 DCHECK(current_method_ != Method::INVALID); |
110 if (current_method_ == Method::THIRD_PARTY) { | 121 if (current_method_ == Method::THIRD_PARTY_SPAKE2_P224) { |
111 current_authenticator_.reset(new ThirdPartyClientAuthenticator( | 122 current_authenticator_.reset(new ThirdPartyClientAuthenticator( |
112 base::Bind(&V2Authenticator::CreateForClient), | 123 base::Bind(&V2Authenticator::CreateForClient), |
113 config_.fetch_third_party_token_callback)); | 124 config_.fetch_third_party_token_callback)); |
114 resume_callback.Run(); | 125 resume_callback.Run(); |
| 126 } else if (current_method_ == Method::THIRD_PARTY_SPAKE2_CURVE25519) { |
| 127 current_authenticator_.reset(new ThirdPartyClientAuthenticator( |
| 128 base::Bind(&Spake2Authenticator::CreateForClient, local_id_, |
| 129 remote_id_), |
| 130 config_.fetch_third_party_token_callback)); |
| 131 resume_callback.Run(); |
115 } else { | 132 } else { |
116 DCHECK(current_method_ == Method::SPAKE2_SHARED_SECRET_PLAIN || | 133 DCHECK(current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224 || |
117 current_method_ == Method::SPAKE2_PAIR || | 134 current_method_ == Method::PAIRED_SPAKE2_P224 || |
118 current_method_ == Method::SPAKE2_SHARED_SECRET_HMAC); | 135 current_method_ == Method::SHARED_SECRET_SPAKE2_P224 || |
119 bool pairing_supported = (current_method_ == Method::SPAKE2_PAIR); | 136 current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519); |
120 SecretFetchedCallback callback = base::Bind( | 137 bool pairing_supported = (current_method_ == Method::PAIRED_SPAKE2_P224); |
121 &NegotiatingClientAuthenticator::CreateV2AuthenticatorWithSecret, | 138 config_.fetch_secret_callback.Run( |
122 weak_factory_.GetWeakPtr(), preferred_initial_state, resume_callback); | 139 pairing_supported, |
123 config_.fetch_secret_callback.Run(pairing_supported, callback); | 140 base::Bind( |
| 141 &NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator, |
| 142 weak_factory_.GetWeakPtr(), preferred_initial_state, |
| 143 resume_callback)); |
124 } | 144 } |
125 } | 145 } |
126 | 146 |
127 void NegotiatingClientAuthenticator::CreatePreferredAuthenticator() { | 147 void NegotiatingClientAuthenticator::CreatePreferredAuthenticator() { |
128 if (!config_.pairing_client_id.empty() && !config_.pairing_secret.empty() && | 148 if (!config_.pairing_client_id.empty() && !config_.pairing_secret.empty() && |
129 std::find(methods_.begin(), methods_.end(), Method::SPAKE2_PAIR) != | 149 std::find(methods_.begin(), methods_.end(), Method::PAIRED_SPAKE2_P224) != |
130 methods_.end()) { | 150 methods_.end()) { |
131 // If the client specified a pairing id and shared secret, then create a | 151 // If the client specified a pairing id and shared secret, then create a |
132 // PairingAuthenticator. | 152 // PairingAuthenticator. |
133 current_authenticator_.reset(new PairingClientAuthenticator( | 153 current_authenticator_.reset(new PairingClientAuthenticator( |
134 config_.pairing_client_id, config_.pairing_secret, | 154 config_.pairing_client_id, config_.pairing_secret, |
135 base::Bind(&V2Authenticator::CreateForClient), | 155 base::Bind(&V2Authenticator::CreateForClient), |
136 config_.fetch_secret_callback, config_.host_id)); | 156 config_.fetch_secret_callback, config_.host_id)); |
137 current_method_ = Method::SPAKE2_PAIR; | 157 current_method_ = Method::PAIRED_SPAKE2_P224; |
138 } | 158 } |
139 } | 159 } |
140 | 160 |
141 void NegotiatingClientAuthenticator::CreateV2AuthenticatorWithSecret( | 161 void NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator( |
142 Authenticator::State initial_state, | 162 Authenticator::State initial_state, |
143 const base::Closure& resume_callback, | 163 const base::Closure& resume_callback, |
144 const std::string& shared_secret) { | 164 const std::string& shared_secret) { |
145 current_authenticator_ = V2Authenticator::CreateForClient( | 165 std::string shared_secret_hash = |
146 (current_method_ == Method::SPAKE2_SHARED_SECRET_PLAIN) | 166 (current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224) |
147 ? shared_secret | 167 ? shared_secret |
148 : GetSharedSecretHash(config_.host_id, shared_secret), | 168 : GetSharedSecretHash(config_.host_id, shared_secret); |
149 initial_state); | 169 |
| 170 if (current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519) { |
| 171 current_authenticator_ = Spake2Authenticator::CreateForClient( |
| 172 local_id_, remote_id_, shared_secret_hash, initial_state); |
| 173 } else { |
| 174 current_authenticator_ = |
| 175 V2Authenticator::CreateForClient(shared_secret_hash, initial_state); |
| 176 } |
150 resume_callback.Run(); | 177 resume_callback.Run(); |
151 } | 178 } |
152 | 179 |
153 } // namespace protocol | 180 } // namespace protocol |
154 } // namespace remoting | 181 } // namespace remoting |
OLD | NEW |