| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/proximity_auth/device_to_device_authenticator.h" | 5 #include "components/proximity_auth/device_to_device_authenticator.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/memory/ptr_util.h" | 9 #include "base/memory/ptr_util.h" |
| 10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
| 11 #include "base/timer/timer.h" | 11 #include "base/timer/timer.h" |
| 12 #include "components/cryptauth/connection.h" |
| 12 #include "components/cryptauth/secure_message_delegate.h" | 13 #include "components/cryptauth/secure_message_delegate.h" |
| 13 #include "components/proximity_auth/connection.h" | 14 #include "components/cryptauth/wire_message.h" |
| 14 #include "components/proximity_auth/device_to_device_initiator_operations.h" | 15 #include "components/proximity_auth/device_to_device_initiator_operations.h" |
| 15 #include "components/proximity_auth/device_to_device_secure_context.h" | 16 #include "components/proximity_auth/device_to_device_secure_context.h" |
| 16 #include "components/proximity_auth/logging/logging.h" | 17 #include "components/proximity_auth/logging/logging.h" |
| 17 #include "components/proximity_auth/secure_context.h" | 18 #include "components/proximity_auth/secure_context.h" |
| 18 #include "components/proximity_auth/wire_message.h" | |
| 19 | 19 |
| 20 namespace proximity_auth { | 20 namespace proximity_auth { |
| 21 | 21 |
| 22 namespace { | 22 namespace { |
| 23 | 23 |
| 24 // The time to wait in seconds for the remote device to send its | 24 // The time to wait in seconds for the remote device to send its |
| 25 // [Responder Auth] message. If we do not get the message in this time, then | 25 // [Responder Auth] message. If we do not get the message in this time, then |
| 26 // authentication will fail. | 26 // authentication will fail. |
| 27 const int kResponderAuthTimeoutSeconds = 5; | 27 const int kResponderAuthTimeoutSeconds = 5; |
| 28 | 28 |
| 29 // The prefix of the permit id sent to the remote device. The permit id | 29 // The prefix of the permit id sent to the remote device. The permit id |
| 30 // is used by the remote device to find the credentials of the local device. | 30 // is used by the remote device to find the credentials of the local device. |
| 31 const char kPermitIdPrefix[] = "permit://google.com/easyunlock/v1/"; | 31 const char kPermitIdPrefix[] = "permit://google.com/easyunlock/v1/"; |
| 32 | 32 |
| 33 } // namespace | 33 } // namespace |
| 34 | 34 |
| 35 DeviceToDeviceAuthenticator::DeviceToDeviceAuthenticator( | 35 DeviceToDeviceAuthenticator::DeviceToDeviceAuthenticator( |
| 36 Connection* connection, | 36 cryptauth::Connection* connection, |
| 37 const std::string& account_id, | 37 const std::string& account_id, |
| 38 std::unique_ptr<cryptauth::SecureMessageDelegate> secure_message_delegate) | 38 std::unique_ptr<cryptauth::SecureMessageDelegate> secure_message_delegate) |
| 39 : connection_(connection), | 39 : connection_(connection), |
| 40 account_id_(account_id), | 40 account_id_(account_id), |
| 41 secure_message_delegate_(std::move(secure_message_delegate)), | 41 secure_message_delegate_(std::move(secure_message_delegate)), |
| 42 state_(State::NOT_STARTED), | 42 state_(State::NOT_STARTED), |
| 43 weak_ptr_factory_(this) { | 43 weak_ptr_factory_(this) { |
| 44 DCHECK(connection_); | 44 DCHECK(connection_); |
| 45 } | 45 } |
| 46 | 46 |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 108 timer_->Start( | 108 timer_->Start( |
| 109 FROM_HERE, base::TimeDelta::FromSeconds(kResponderAuthTimeoutSeconds), | 109 FROM_HERE, base::TimeDelta::FromSeconds(kResponderAuthTimeoutSeconds), |
| 110 base::Bind(&DeviceToDeviceAuthenticator::OnResponderAuthTimedOut, | 110 base::Bind(&DeviceToDeviceAuthenticator::OnResponderAuthTimedOut, |
| 111 weak_ptr_factory_.GetWeakPtr())); | 111 weak_ptr_factory_.GetWeakPtr())); |
| 112 | 112 |
| 113 // Send the [Hello] message to the remote device. | 113 // Send the [Hello] message to the remote device. |
| 114 state_ = State::SENT_HELLO; | 114 state_ = State::SENT_HELLO; |
| 115 hello_message_ = message; | 115 hello_message_ = message; |
| 116 std::string permit_id = kPermitIdPrefix + account_id_; | 116 std::string permit_id = kPermitIdPrefix + account_id_; |
| 117 connection_->SendMessage( | 117 connection_->SendMessage( |
| 118 base::MakeUnique<WireMessage>(hello_message_, permit_id)); | 118 base::MakeUnique<cryptauth::WireMessage>(hello_message_, permit_id)); |
| 119 } | 119 } |
| 120 | 120 |
| 121 void DeviceToDeviceAuthenticator::OnResponderAuthTimedOut() { | 121 void DeviceToDeviceAuthenticator::OnResponderAuthTimedOut() { |
| 122 DCHECK(state_ == State::SENT_HELLO); | 122 DCHECK(state_ == State::SENT_HELLO); |
| 123 Fail("Timed out waiting for [Responder Auth]"); | 123 Fail("Timed out waiting for [Responder Auth]"); |
| 124 } | 124 } |
| 125 | 125 |
| 126 void DeviceToDeviceAuthenticator::OnResponderAuthValidated( | 126 void DeviceToDeviceAuthenticator::OnResponderAuthValidated( |
| 127 bool validated, | 127 bool validated, |
| 128 const std::string& session_symmetric_key) { | 128 const std::string& session_symmetric_key) { |
| (...skipping 18 matching lines...) Expand all Loading... |
| 147 | 147 |
| 148 void DeviceToDeviceAuthenticator::OnInitiatorAuthCreated( | 148 void DeviceToDeviceAuthenticator::OnInitiatorAuthCreated( |
| 149 const std::string& message) { | 149 const std::string& message) { |
| 150 DCHECK(state_ == State::VALIDATED_RESPONDER_AUTH); | 150 DCHECK(state_ == State::VALIDATED_RESPONDER_AUTH); |
| 151 if (message.empty()) { | 151 if (message.empty()) { |
| 152 Fail("Failed to create [Initiator Auth]"); | 152 Fail("Failed to create [Initiator Auth]"); |
| 153 return; | 153 return; |
| 154 } | 154 } |
| 155 | 155 |
| 156 state_ = State::SENT_INITIATOR_AUTH; | 156 state_ = State::SENT_INITIATOR_AUTH; |
| 157 connection_->SendMessage(base::MakeUnique<WireMessage>(message)); | 157 connection_->SendMessage(base::MakeUnique<cryptauth::WireMessage>(message)); |
| 158 } | 158 } |
| 159 | 159 |
| 160 void DeviceToDeviceAuthenticator::Fail(const std::string& error_message) { | 160 void DeviceToDeviceAuthenticator::Fail(const std::string& error_message) { |
| 161 Fail(error_message, Result::FAILURE); | 161 Fail(error_message, Result::FAILURE); |
| 162 } | 162 } |
| 163 | 163 |
| 164 void DeviceToDeviceAuthenticator::Fail(const std::string& error_message, | 164 void DeviceToDeviceAuthenticator::Fail(const std::string& error_message, |
| 165 Result result) { | 165 Result result) { |
| 166 DCHECK(result != Result::SUCCESS); | 166 DCHECK(result != Result::SUCCESS); |
| 167 PA_LOG(WARNING) << "Authentication failed: " << error_message; | 167 PA_LOG(WARNING) << "Authentication failed: " << error_message; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 180 state_ = State::AUTHENTICATION_SUCCESS; | 180 state_ = State::AUTHENTICATION_SUCCESS; |
| 181 connection_->RemoveObserver(this); | 181 connection_->RemoveObserver(this); |
| 182 callback_.Run( | 182 callback_.Run( |
| 183 Result::SUCCESS, | 183 Result::SUCCESS, |
| 184 base::MakeUnique<DeviceToDeviceSecureContext>( | 184 base::MakeUnique<DeviceToDeviceSecureContext>( |
| 185 std::move(secure_message_delegate_), session_symmetric_key_, | 185 std::move(secure_message_delegate_), session_symmetric_key_, |
| 186 responder_auth_message_, SecureContext::PROTOCOL_VERSION_THREE_ONE)); | 186 responder_auth_message_, SecureContext::PROTOCOL_VERSION_THREE_ONE)); |
| 187 } | 187 } |
| 188 | 188 |
| 189 void DeviceToDeviceAuthenticator::OnConnectionStatusChanged( | 189 void DeviceToDeviceAuthenticator::OnConnectionStatusChanged( |
| 190 Connection* connection, | 190 cryptauth::Connection* connection, |
| 191 Connection::Status old_status, | 191 cryptauth::Connection::Status old_status, |
| 192 Connection::Status new_status) { | 192 cryptauth::Connection::Status new_status) { |
| 193 // We do not expect the connection to drop during authentication. | 193 // We do not expect the connection to drop during authentication. |
| 194 if (new_status == Connection::DISCONNECTED) { | 194 if (new_status == cryptauth::Connection::DISCONNECTED) { |
| 195 Fail("Disconnected while authentication is in progress", | 195 Fail("Disconnected while authentication is in progress", |
| 196 Result::DISCONNECTED); | 196 Result::DISCONNECTED); |
| 197 } | 197 } |
| 198 } | 198 } |
| 199 | 199 |
| 200 void DeviceToDeviceAuthenticator::OnMessageReceived( | 200 void DeviceToDeviceAuthenticator::OnMessageReceived( |
| 201 const Connection& connection, | 201 const cryptauth::Connection& connection, |
| 202 const WireMessage& message) { | 202 const cryptauth::WireMessage& message) { |
| 203 if (state_ == State::SENT_HELLO) { | 203 if (state_ == State::SENT_HELLO) { |
| 204 PA_LOG(INFO) << "Received [Responder Auth] message, payload_size=" | 204 PA_LOG(INFO) << "Received [Responder Auth] message, payload_size=" |
| 205 << message.payload().size(); | 205 << message.payload().size(); |
| 206 state_ = State::RECEIVED_RESPONDER_AUTH; | 206 state_ = State::RECEIVED_RESPONDER_AUTH; |
| 207 timer_.reset(); | 207 timer_.reset(); |
| 208 responder_auth_message_ = message.payload(); | 208 responder_auth_message_ = message.payload(); |
| 209 | 209 |
| 210 // Attempt to validate the [Responder Auth] message received from the remote | 210 // Attempt to validate the [Responder Auth] message received from the remote |
| 211 // device. | 211 // device. |
| 212 std::string responder_public_key = connection.remote_device().public_key; | 212 std::string responder_public_key = connection.remote_device().public_key; |
| 213 DeviceToDeviceInitiatorOperations::ValidateResponderAuthMessage( | 213 DeviceToDeviceInitiatorOperations::ValidateResponderAuthMessage( |
| 214 responder_auth_message_, responder_public_key, | 214 responder_auth_message_, responder_public_key, |
| 215 connection_->remote_device().persistent_symmetric_key, | 215 connection_->remote_device().persistent_symmetric_key, |
| 216 local_session_private_key_, hello_message_, | 216 local_session_private_key_, hello_message_, |
| 217 secure_message_delegate_.get(), | 217 secure_message_delegate_.get(), |
| 218 base::Bind(&DeviceToDeviceAuthenticator::OnResponderAuthValidated, | 218 base::Bind(&DeviceToDeviceAuthenticator::OnResponderAuthValidated, |
| 219 weak_ptr_factory_.GetWeakPtr())); | 219 weak_ptr_factory_.GetWeakPtr())); |
| 220 } else { | 220 } else { |
| 221 Fail("Unexpected message received"); | 221 Fail("Unexpected message received"); |
| 222 } | 222 } |
| 223 } | 223 } |
| 224 | 224 |
| 225 void DeviceToDeviceAuthenticator::OnSendCompleted(const Connection& connection, | 225 void DeviceToDeviceAuthenticator::OnSendCompleted( |
| 226 const WireMessage& message, | 226 const cryptauth::Connection& connection, |
| 227 bool success) { | 227 const cryptauth::WireMessage& message, |
| 228 bool success) { |
| 228 if (state_ == State::SENT_INITIATOR_AUTH) { | 229 if (state_ == State::SENT_INITIATOR_AUTH) { |
| 229 if (success) | 230 if (success) |
| 230 Succeed(); | 231 Succeed(); |
| 231 else | 232 else |
| 232 Fail("Failed to send [Initiator Auth]"); | 233 Fail("Failed to send [Initiator Auth]"); |
| 233 } else if (!success && state_ == State::SENT_HELLO) { | 234 } else if (!success && state_ == State::SENT_HELLO) { |
| 234 DCHECK(message.payload() == hello_message_); | 235 DCHECK(message.payload() == hello_message_); |
| 235 Fail("Failed to send [Hello]"); | 236 Fail("Failed to send [Hello]"); |
| 236 } | 237 } |
| 237 } | 238 } |
| 238 | 239 |
| 239 } // namespace proximity_auth | 240 } // namespace proximity_auth |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2561203002:
Migrate weave-related classes from proximity_auth/ble to cryptauth/ble. (Closed)
