Updating D2D protocol to v1 to support separate sequence numbers.

components/cryptauth/device_to_device_responder_operations.cc

Index: components/cryptauth/device_to_device_responder_operations.cc
diff --git a/components/cryptauth/device_to_device_responder_operations.cc b/components/cryptauth/device_to_device_responder_operations.cc
index 3eb2a7cfe3bd099185d99387f2a6ffbaef919564..5e9fe4157f9885adb16b3b9a814642175bc8eb42 100644
--- a/components/cryptauth/device_to_device_responder_operations.cc
+++ b/components/cryptauth/device_to_device_responder_operations.cc
@@ -9,6 +9,7 @@
 #include "components/cryptauth/proto/cryptauth_api.pb.h"
 #include "components/cryptauth/proto/securemessage.pb.h"
 #include "components/cryptauth/secure_message_delegate.h"
+#include "components/cryptauth/session_keys.h"
 #include "components/proximity_auth/logging/logging.h"
 
 namespace cryptauth {
@@ -24,6 +25,9 @@ const char kPayloadFiller[] = "\xae";
 // The version to put in the GcmMetadata field.
 const int kGcmMetadataVersion = 1;
 
+// The D2D protocol version.
+const int kD2DProtocolVersion = 1;
+
 // Callback for DeviceToDeviceResponderOperations::ValidateHelloMessage(),
 // after the [Hello] message is unwrapped.
 void OnHelloMessageUnwrapped(
@@ -32,7 +36,8 @@ void OnHelloMessageUnwrapped(
     const std::string& payload,
     const securemessage::Header& header) {
   securemessage::InitiatorHello initiator_hello;
-  if (!verified || !initiator_hello.ParseFromString(header.public_metadata())) {
+  if (!verified || !initiator_hello.ParseFromString(header.public_metadata()) ||
+      initiator_hello.protocol_version() != kD2DProtocolVersion) {
     callback.Run(false, std::string());
     return;
   }
@@ -161,6 +166,7 @@ void OnSessionSymmetricKeyDerivedForResponderAuth(
     context.callback.Run(std::string());
     return;
   }
+  responder_hello.set_protocol_version(kD2DProtocolVersion);
 
   // Create the outer most message, wrapping the other messages created
   // previously.
@@ -175,8 +181,9 @@ void OnSessionSymmetricKeyDerivedForResponderAuth(
   responder_hello.SerializeToString(&create_options.decryption_key_id);
 
   context.secure_message_delegate->CreateSecureMessage(
-      device_to_device_message.SerializeAsString(), session_symmetric_key,
-      create_options, context.callback);
+      device_to_device_message.SerializeAsString(),
+      SessionKeys(session_symmetric_key).responder_encode_key(), create_options,
+      context.callback);
 }
 
 // Helper struct containing all the context needed to validate the [Initiator
@@ -214,7 +221,7 @@ void OnOuterMessageUnwrappedForInitiatorAuth(
   // Parse the decrypted payload.
   securemessage::DeviceToDeviceMessage device_to_device_message;
   if (!device_to_device_message.ParseFromString(payload) ||
-      device_to_device_message.sequence_number() != 2) {
+      device_to_device_message.sequence_number() != 1) {
     PA_LOG(INFO) << "Failed to validate DeviceToDeviceMessage payload.";
     context.callback.Run(false);
     return;
@@ -297,7 +304,7 @@ void DeviceToDeviceResponderOperations::CreateResponderAuthMessage(
 // static
 void DeviceToDeviceResponderOperations::ValidateInitiatorAuthMessage(
     const std::string& initiator_auth_message,
-    const std::string& session_symmetric_key,
+    SessionKeys* session_keys,

[Tim Song, 2017/05/22 23:18:24]

You should be able to use "const SessionKey&" instead.

[sacomoto, 2017/05/23 09:50:14]

Done.

     const std::string& persistent_symmetric_key,
     const std::string& responder_auth_message,
     SecureMessageDelegate* secure_message_delegate,
@@ -322,7 +329,8 @@ void DeviceToDeviceResponderOperations::ValidateInitiatorAuthMessage(
   unwrap_options.encryption_scheme = securemessage::AES_256_CBC;
   unwrap_options.signature_scheme = securemessage::HMAC_SHA256;
   secure_message_delegate->UnwrapSecureMessage(
-      initiator_auth_message, session_symmetric_key, unwrap_options,
+      initiator_auth_message, session_keys->initiator_encode_key(),
+      unwrap_options,
       base::Bind(&OnOuterMessageUnwrappedForInitiatorAuth, context));
 }