| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/negotiating_client_authenticator.h" | 5 #include "remoting/protocol/negotiating_client_authenticator.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <sstream> | 8 #include <sstream> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| 11 #include "base/bind.h" | 11 #include "base/bind.h" |
| 12 #include "base/callback.h" | 12 #include "base/callback.h" |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/strings/string_split.h" | 14 #include "base/strings/string_split.h" |
| 15 #include "remoting/protocol/auth_util.h" | 15 #include "remoting/protocol/auth_util.h" |
| 16 #include "remoting/protocol/channel_authenticator.h" | 16 #include "remoting/protocol/channel_authenticator.h" |
| 17 #include "remoting/protocol/pairing_client_authenticator.h" | 17 #include "remoting/protocol/pairing_client_authenticator.h" |
| 18 #include "remoting/protocol/spake2_authenticator.h" |
| 18 #include "remoting/protocol/v2_authenticator.h" | 19 #include "remoting/protocol/v2_authenticator.h" |
| 19 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" | 20 #include "third_party/webrtc/libjingle/xmllite/xmlelement.h" |
| 20 | 21 |
| 21 namespace remoting { | 22 namespace remoting { |
| 22 namespace protocol { | 23 namespace protocol { |
| 23 | 24 |
| 24 ClientAuthenticationConfig::ClientAuthenticationConfig() {} | 25 ClientAuthenticationConfig::ClientAuthenticationConfig() {} |
| 25 ClientAuthenticationConfig::~ClientAuthenticationConfig() {} | 26 ClientAuthenticationConfig::~ClientAuthenticationConfig() {} |
| 26 | 27 |
| 27 NegotiatingClientAuthenticator::NegotiatingClientAuthenticator( | 28 NegotiatingClientAuthenticator::NegotiatingClientAuthenticator( |
| 29 const std::string& local_id, |
| 30 const std::string& remote_id, |
| 28 const ClientAuthenticationConfig& config) | 31 const ClientAuthenticationConfig& config) |
| 29 : NegotiatingAuthenticatorBase(MESSAGE_READY), | 32 : NegotiatingAuthenticatorBase(MESSAGE_READY), |
| 33 local_id_(local_id), |
| 34 remote_id_(remote_id), |
| 30 config_(config), | 35 config_(config), |
| 31 weak_factory_(this) { | 36 weak_factory_(this) { |
| 32 if (!config_.fetch_third_party_token_callback.is_null()) | 37 if (!config_.fetch_third_party_token_callback.is_null()) { |
| 33 AddMethod(Method::THIRD_PARTY); | 38 AddMethod(Method::THIRD_PARTY_SPAKE2_CURVE25519); |
| 34 AddMethod(Method::SPAKE2_PAIR); | 39 AddMethod(Method::THIRD_PARTY_SPAKE2_P224); |
| 35 AddMethod(Method::SPAKE2_SHARED_SECRET_HMAC); | 40 } |
| 36 AddMethod(Method::SPAKE2_SHARED_SECRET_PLAIN); | 41 |
| 42 AddMethod(Method::PAIRED_SPAKE2_P224); |
| 43 |
| 44 AddMethod(Method::SHARED_SECRET_SPAKE2_CURVE25519); |
| 45 AddMethod(Method::SHARED_SECRET_SPAKE2_P224); |
| 46 |
| 47 AddMethod(Method::SHARED_SECRET_PLAIN_SPAKE2_P224); |
| 37 } | 48 } |
| 38 | 49 |
| 39 NegotiatingClientAuthenticator::~NegotiatingClientAuthenticator() {} | 50 NegotiatingClientAuthenticator::~NegotiatingClientAuthenticator() {} |
| 40 | 51 |
| 41 void NegotiatingClientAuthenticator::ProcessMessage( | 52 void NegotiatingClientAuthenticator::ProcessMessage( |
| 42 const buzz::XmlElement* message, | 53 const buzz::XmlElement* message, |
| 43 const base::Closure& resume_callback) { | 54 const base::Closure& resume_callback) { |
| 44 DCHECK_EQ(state(), WAITING_MESSAGE); | 55 DCHECK_EQ(state(), WAITING_MESSAGE); |
| 45 | 56 |
| 46 std::string method_attr = message->Attr(kMethodAttributeQName); | 57 std::string method_attr = message->Attr(kMethodAttributeQName); |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 100 state_ = WAITING_MESSAGE; | 111 state_ = WAITING_MESSAGE; |
| 101 return result; | 112 return result; |
| 102 } | 113 } |
| 103 return GetNextMessageInternal(); | 114 return GetNextMessageInternal(); |
| 104 } | 115 } |
| 105 | 116 |
| 106 void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod( | 117 void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod( |
| 107 Authenticator::State preferred_initial_state, | 118 Authenticator::State preferred_initial_state, |
| 108 const base::Closure& resume_callback) { | 119 const base::Closure& resume_callback) { |
| 109 DCHECK(current_method_ != Method::INVALID); | 120 DCHECK(current_method_ != Method::INVALID); |
| 110 if (current_method_ == Method::THIRD_PARTY) { | 121 if (current_method_ == Method::THIRD_PARTY_SPAKE2_P224) { |
| 111 current_authenticator_.reset(new ThirdPartyClientAuthenticator( | 122 current_authenticator_.reset(new ThirdPartyClientAuthenticator( |
| 112 base::Bind(&V2Authenticator::CreateForClient), | 123 base::Bind(&V2Authenticator::CreateForClient), |
| 113 config_.fetch_third_party_token_callback)); | 124 config_.fetch_third_party_token_callback)); |
| 114 resume_callback.Run(); | 125 resume_callback.Run(); |
| 126 } else if (current_method_ == Method::THIRD_PARTY_SPAKE2_CURVE25519) { |
| 127 current_authenticator_.reset(new ThirdPartyClientAuthenticator( |
| 128 base::Bind(&Spake2Authenticator::CreateForClient, local_id_, |
| 129 remote_id_), |
| 130 config_.fetch_third_party_token_callback)); |
| 131 resume_callback.Run(); |
| 115 } else { | 132 } else { |
| 116 DCHECK(current_method_ == Method::SPAKE2_SHARED_SECRET_PLAIN || | 133 DCHECK(current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224 || |
| 117 current_method_ == Method::SPAKE2_PAIR || | 134 current_method_ == Method::PAIRED_SPAKE2_P224 || |
| 118 current_method_ == Method::SPAKE2_SHARED_SECRET_HMAC); | 135 current_method_ == Method::SHARED_SECRET_SPAKE2_P224 || |
| 119 bool pairing_supported = (current_method_ == Method::SPAKE2_PAIR); | 136 current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519); |
| 120 SecretFetchedCallback callback = base::Bind( | 137 bool pairing_supported = (current_method_ == Method::PAIRED_SPAKE2_P224); |
| 121 &NegotiatingClientAuthenticator::CreateV2AuthenticatorWithSecret, | 138 config_.fetch_secret_callback.Run( |
| 122 weak_factory_.GetWeakPtr(), preferred_initial_state, resume_callback); | 139 pairing_supported, |
| 123 config_.fetch_secret_callback.Run(pairing_supported, callback); | 140 base::Bind( |
| 141 &NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator, |
| 142 weak_factory_.GetWeakPtr(), preferred_initial_state, |
| 143 resume_callback)); |
| 124 } | 144 } |
| 125 } | 145 } |
| 126 | 146 |
| 127 void NegotiatingClientAuthenticator::CreatePreferredAuthenticator() { | 147 void NegotiatingClientAuthenticator::CreatePreferredAuthenticator() { |
| 128 if (!config_.pairing_client_id.empty() && !config_.pairing_secret.empty() && | 148 if (!config_.pairing_client_id.empty() && !config_.pairing_secret.empty() && |
| 129 std::find(methods_.begin(), methods_.end(), Method::SPAKE2_PAIR) != | 149 std::find(methods_.begin(), methods_.end(), Method::PAIRED_SPAKE2_P224) != |
| 130 methods_.end()) { | 150 methods_.end()) { |
| 131 // If the client specified a pairing id and shared secret, then create a | 151 // If the client specified a pairing id and shared secret, then create a |
| 132 // PairingAuthenticator. | 152 // PairingAuthenticator. |
| 133 current_authenticator_.reset(new PairingClientAuthenticator( | 153 current_authenticator_.reset(new PairingClientAuthenticator( |
| 134 config_.pairing_client_id, config_.pairing_secret, | 154 config_.pairing_client_id, config_.pairing_secret, |
| 135 base::Bind(&V2Authenticator::CreateForClient), | 155 base::Bind(&V2Authenticator::CreateForClient), |
| 136 config_.fetch_secret_callback, config_.host_id)); | 156 config_.fetch_secret_callback, config_.host_id)); |
| 137 current_method_ = Method::SPAKE2_PAIR; | 157 current_method_ = Method::PAIRED_SPAKE2_P224; |
| 138 } | 158 } |
| 139 } | 159 } |
| 140 | 160 |
| 141 void NegotiatingClientAuthenticator::CreateV2AuthenticatorWithSecret( | 161 void NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator( |
| 142 Authenticator::State initial_state, | 162 Authenticator::State initial_state, |
| 143 const base::Closure& resume_callback, | 163 const base::Closure& resume_callback, |
| 144 const std::string& shared_secret) { | 164 const std::string& shared_secret) { |
| 145 current_authenticator_ = V2Authenticator::CreateForClient( | 165 std::string shared_secret_hash = |
| 146 (current_method_ == Method::SPAKE2_SHARED_SECRET_PLAIN) | 166 (current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224) |
| 147 ? shared_secret | 167 ? shared_secret |
| 148 : GetSharedSecretHash(config_.host_id, shared_secret), | 168 : GetSharedSecretHash(config_.host_id, shared_secret); |
| 149 initial_state); | 169 |
| 170 if (current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519) { |
| 171 current_authenticator_ = Spake2Authenticator::CreateForClient( |
| 172 local_id_, remote_id_, shared_secret_hash, initial_state); |
| 173 } else { |
| 174 current_authenticator_ = |
| 175 V2Authenticator::CreateForClient(shared_secret_hash, initial_state); |
| 176 } |
| 150 resume_callback.Run(); | 177 resume_callback.Run(); |
| 151 } | 178 } |
| 152 | 179 |
| 153 } // namespace protocol | 180 } // namespace protocol |
| 154 } // namespace remoting | 181 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1780403002:
Enable Curve25519 in host and client for PIN-based and third-party auth. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master