| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef COMPONENTS_PROXIMITY_DEVICE_TO_DEVICE_AUTHENTICATOR_H | 5 #ifndef COMPONENTS_PROXIMITY_DEVICE_TO_DEVICE_AUTHENTICATOR_H |
| 6 #define COMPONENTS_PROXIMITY_DEVICE_TO_DEVICE_AUTHENTICATOR_H | 6 #define COMPONENTS_PROXIMITY_DEVICE_TO_DEVICE_AUTHENTICATOR_H |
| 7 | 7 |
| 8 #include "base/callback.h" | 8 #include "base/callback.h" |
| 9 #include "base/macros.h" | 9 #include "base/macros.h" |
| 10 #include "base/memory/weak_ptr.h" | 10 #include "base/memory/weak_ptr.h" |
| 11 #include "components/proximity_auth/authenticator.h" | 11 #include "components/proximity_auth/authenticator.h" |
| 12 #include "components/proximity_auth/connection_observer.h" | 12 #include "components/proximity_auth/connection_observer.h" |
| 13 | 13 |
| 14 namespace base { | 14 namespace base { |
| 15 class Timer; | 15 class Timer; |
| 16 }; | 16 }; |
| 17 | 17 |
| 18 namespace cryptauth { |
| 19 class SecureMessageDelegate; |
| 20 } |
| 21 |
| 18 namespace proximity_auth { | 22 namespace proximity_auth { |
| 19 | 23 |
| 20 class Connection; | 24 class Connection; |
| 21 class SecureMessageDelegate; | |
| 22 | 25 |
| 23 // Authenticator implementation using the "device to device" protocol, which is | 26 // Authenticator implementation using the "device to device" protocol, which is |
| 24 // in turn built on top of the SecureMessage library. | 27 // in turn built on top of the SecureMessage library. |
| 25 // This protocol contains the following steps (local device is the initiator): | 28 // This protocol contains the following steps (local device is the initiator): |
| 26 // 1. Both initiator and responder devices generate a temporary key pair for | 29 // 1. Both initiator and responder devices generate a temporary key pair for |
| 27 // the session. | 30 // the session. |
| 28 // 2. Initiator sends [Hello] message to responder device, which contains the | 31 // 2. Initiator sends [Hello] message to responder device, which contains the |
| 29 // initiator's session public key. | 32 // initiator's session public key. |
| 30 // 3. Responder responds with a [Responder Auth] message, containing its | 33 // 3. Responder responds with a [Responder Auth] message, containing its |
| 31 // session public key and data that allows the initiator to assert the | 34 // session public key and data that allows the initiator to assert the |
| 32 // identity of the responder. | 35 // identity of the responder. |
| 33 // 4. Initiator sends [Initiator Auth] message, containing data allowing the | 36 // 4. Initiator sends [Initiator Auth] message, containing data allowing the |
| 34 // responder to assert the identity of the initiator. | 37 // responder to assert the identity of the initiator. |
| 35 // 5. Both devices derive a symmetric key by running a key agreement protocol | 38 // 5. Both devices derive a symmetric key by running a key agreement protocol |
| 36 // session public keys they obtain from from the messages above. This | 39 // session public keys they obtain from from the messages above. This |
| 37 // symmetric key is used in the subsequent SecureContext. | 40 // symmetric key is used in the subsequent SecureContext. |
| 38 // The authentication protocol fails if any of the steps above fail. | 41 // The authentication protocol fails if any of the steps above fail. |
| 39 // This protocol requires exclusive use of the connection. No other message | 42 // This protocol requires exclusive use of the connection. No other message |
| 40 // should be sent or received while authentication is in progress. | 43 // should be sent or received while authentication is in progress. |
| 41 class DeviceToDeviceAuthenticator : public Authenticator, | 44 class DeviceToDeviceAuthenticator : public Authenticator, |
| 42 public ConnectionObserver { | 45 public ConnectionObserver { |
| 43 public: | 46 public: |
| 44 // Creates the instance: | 47 // Creates the instance: |
| 45 // |connection|: The connection to the remote device, which must be in a | 48 // |connection|: The connection to the remote device, which must be in a |
| 46 // connected state. Not owned. | 49 // connected state. Not owned. |
| 47 // |account_id|: The canonical account id of the user who is the owner of both | 50 // |account_id|: The canonical account id of the user who is the owner of both |
| 48 // the local and remote devices. | 51 // the local and remote devices. |
| 49 // |secure_message_delegate|: Handles the SecureMessage crypto operations. | 52 // |secure_message_delegate|: Handles the SecureMessage crypto operations. |
| 50 DeviceToDeviceAuthenticator( | 53 DeviceToDeviceAuthenticator(Connection* connection, |
| 51 Connection* connection, | 54 const std::string& account_id, |
| 52 const std::string& account_id, | 55 std::unique_ptr<cryptauth::SecureMessageDelegate> |
| 53 std::unique_ptr<SecureMessageDelegate> secure_message_delegate); | 56 secure_message_delegate); |
| 54 | 57 |
| 55 ~DeviceToDeviceAuthenticator() override; | 58 ~DeviceToDeviceAuthenticator() override; |
| 56 | 59 |
| 57 // Authenticator: | 60 // Authenticator: |
| 58 void Authenticate(const AuthenticationCallback& callback) override; | 61 void Authenticate(const AuthenticationCallback& callback) override; |
| 59 | 62 |
| 60 protected: | 63 protected: |
| 61 // Creates a base::Timer instance. Exposed for testing. | 64 // Creates a base::Timer instance. Exposed for testing. |
| 62 virtual std::unique_ptr<base::Timer> CreateTimer(); | 65 virtual std::unique_ptr<base::Timer> CreateTimer(); |
| 63 | 66 |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 117 // The connection to the remote device. It is expected to be in the CONNECTED | 120 // The connection to the remote device. It is expected to be in the CONNECTED |
| 118 // state at all times during authentication. | 121 // state at all times during authentication. |
| 119 // Not owned, and must outlive this instance. | 122 // Not owned, and must outlive this instance. |
| 120 Connection* const connection_; | 123 Connection* const connection_; |
| 121 | 124 |
| 122 // The account id of the user who owns the local and remote devices. This is | 125 // The account id of the user who owns the local and remote devices. This is |
| 123 // normally an email address, and should be canonicalized. | 126 // normally an email address, and should be canonicalized. |
| 124 const std::string account_id_; | 127 const std::string account_id_; |
| 125 | 128 |
| 126 // Handles SecureMessage crypto operations. | 129 // Handles SecureMessage crypto operations. |
| 127 std::unique_ptr<SecureMessageDelegate> secure_message_delegate_; | 130 std::unique_ptr<cryptauth::SecureMessageDelegate> secure_message_delegate_; |
| 128 | 131 |
| 129 // The current state in the authentication flow. | 132 // The current state in the authentication flow. |
| 130 State state_; | 133 State state_; |
| 131 | 134 |
| 132 // Callback to invoke when authentication completes. | 135 // Callback to invoke when authentication completes. |
| 133 AuthenticationCallback callback_; | 136 AuthenticationCallback callback_; |
| 134 | 137 |
| 135 // Used for timing out when waiting for [Remote Auth] from the remote device. | 138 // Used for timing out when waiting for [Remote Auth] from the remote device. |
| 136 std::unique_ptr<base::Timer> timer_; | 139 std::unique_ptr<base::Timer> timer_; |
| 137 | 140 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 148 std::string session_symmetric_key_; | 151 std::string session_symmetric_key_; |
| 149 | 152 |
| 150 base::WeakPtrFactory<DeviceToDeviceAuthenticator> weak_ptr_factory_; | 153 base::WeakPtrFactory<DeviceToDeviceAuthenticator> weak_ptr_factory_; |
| 151 | 154 |
| 152 DISALLOW_COPY_AND_ASSIGN(DeviceToDeviceAuthenticator); | 155 DISALLOW_COPY_AND_ASSIGN(DeviceToDeviceAuthenticator); |
| 153 }; | 156 }; |
| 154 | 157 |
| 155 } // namespace proximity_auth | 158 } // namespace proximity_auth |
| 156 | 159 |
| 157 #endif // COMPONENTS_PROXIMITY_DEVICE_TO_DEVICE_AUTHENTICATOR_H | 160 #endif // COMPONENTS_PROXIMITY_DEVICE_TO_DEVICE_AUTHENTICATOR_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2502343003:
Moved //components/proximity_auth/cryptauth to //components/cryptauth. (Closed)
