diff options
author | sergeyu <sergeyu@chromium.org> | 2016-03-16 23:15:00 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2016-03-17 06:16:30 +0000 |
commit | 410cd1122f6275664edc4daf7bed5aa855216bca (patch) | |
tree | 9222d3e3b7e175aa03f9c29b3eb551b571a6635b /remoting/protocol | |
parent | 79a6ade947f495b510efc6280ba91e58b37c3e26 (diff) | |
download | chromium_src-410cd1122f6275664edc4daf7bed5aa855216bca.zip chromium_src-410cd1122f6275664edc4daf7bed5aa855216bca.tar.gz chromium_src-410cd1122f6275664edc4daf7bed5aa855216bca.tar.bz2 |
Add Curve25519 version of pairing authenticators
BUG=589698
Review URL: https://codereview.chromium.org/1800823002
Cr-Commit-Position: refs/heads/master@{#381664}
Diffstat (limited to 'remoting/protocol')
6 files changed, 255 insertions, 107 deletions
diff --git a/remoting/protocol/negotiating_authenticator_base.cc b/remoting/protocol/negotiating_authenticator_base.cc index 7bc192e..1049a4b 100644 --- a/remoting/protocol/negotiating_authenticator_base.cc +++ b/remoting/protocol/negotiating_authenticator_base.cc @@ -34,6 +34,8 @@ const NameMapElement<NegotiatingAuthenticatorBase::Method> {NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224, "spake2_pair"}, + {NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519, + "pair_spake2_curve25519"}, {NegotiatingAuthenticatorBase::Method::THIRD_PARTY_SPAKE2_P224, "third_party"}, diff --git a/remoting/protocol/negotiating_authenticator_base.h b/remoting/protocol/negotiating_authenticator_base.h index 9e5576a..37b83b0 100644 --- a/remoting/protocol/negotiating_authenticator_base.h +++ b/remoting/protocol/negotiating_authenticator_base.h @@ -77,8 +77,8 @@ class NegotiatingAuthenticatorBase : public Authenticator { // SPAKE2 using shared pairing secret. Falls back to PIN-based // authentication when pairing fails. - // TODO(sergeyu): Add CURVE25519 variant. crbug.com/593123 PAIRED_SPAKE2_P224, + PAIRED_SPAKE2_CURVE25519, // Authentication using third-party authentication server. // SPAKE2 with P224 using shared pairing secret. Falls back to PIN-based @@ -103,7 +103,6 @@ class NegotiatingAuthenticatorBase : public Authenticator { protected: friend class NegotiatingAuthenticatorTest; - FRIEND_TEST_ALL_PREFIXES(NegotiatingAuthenticatorTest, IncompatibleMethods); static const buzz::StaticQName kMethodAttributeQName; static const buzz::StaticQName kSupportedMethodsAttributeQName; diff --git a/remoting/protocol/negotiating_authenticator_unittest.cc b/remoting/protocol/negotiating_authenticator_unittest.cc index f07be70..889e287 100644 --- a/remoting/protocol/negotiating_authenticator_unittest.cc +++ b/remoting/protocol/negotiating_authenticator_unittest.cc @@ -53,26 +53,29 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { ~NegotiatingAuthenticatorTest() override {} protected: - void InitAuthenticators(const std::string& client_id, - const std::string& client_paired_secret, - const std::string& client_interactive_pin, - const std::string& host_secret, - bool it2me) { + virtual void InitAuthenticators(const std::string& client_id, + const std::string& client_paired_secret, + const std::string& client_interactive_pin, + const std::string& host_secret, + bool it2me) { if (it2me) { host_ = NegotiatingHostAuthenticator::CreateForIt2Me( kHostJid, kClientJid, host_cert_, key_pair_, host_secret); } else { std::string host_secret_hash = GetSharedSecretHash(kTestHostId, host_secret); - host_ = NegotiatingHostAuthenticator::CreateWithPin( - kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash, - pairing_registry_); + scoped_ptr<NegotiatingHostAuthenticator> host = + NegotiatingHostAuthenticator::CreateWithPin( + kHostJid, kClientJid, host_cert_, key_pair_, host_secret_hash, + pairing_registry_); + host_as_negotiating_authenticator_ = host.get(); + host_ = std::move(host); } protocol::ClientAuthenticationConfig client_auth_config; client_auth_config.host_id = kTestHostId; client_auth_config.pairing_client_id = client_id; - client_auth_config.pairing_secret= client_paired_secret; + client_auth_config.pairing_secret = client_paired_secret; bool pairing_expected = pairing_registry_.get() != nullptr; client_auth_config.fetch_secret_callback = base::Bind(&NegotiatingAuthenticatorTest::FetchSecret, @@ -82,6 +85,20 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { client_.reset(client_as_negotiating_authenticator_); } + void DisableMethodOnClient(NegotiatingAuthenticatorBase::Method method) { + auto* methods = &(client_as_negotiating_authenticator_->methods_); + auto iter = std::find(methods->begin(), methods->end(), method); + ASSERT_TRUE(iter != methods->end()); + methods->erase(iter); + } + + void DisableMethodOnHost(NegotiatingAuthenticatorBase::Method method) { + auto* methods = &(host_as_negotiating_authenticator_->methods_); + auto iter = std::find(methods->begin(), methods->end(), method); + ASSERT_TRUE(iter != methods->end()); + methods->erase(iter); + } + void CreatePairingRegistry(bool with_paired_client) { pairing_registry_ = new SynchronousPairingRegistry( make_scoped_ptr(new MockPairingRegistryDelegate())); @@ -112,7 +129,7 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { } } - void VerifyAccepted(NegotiatingAuthenticatorBase::Method expected_method) { + virtual void VerifyAccepted() { ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); ASSERT_EQ(Authenticator::ACCEPTED, host_->state()); @@ -131,11 +148,14 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { tester.Start(); message_loop_.Run(); tester.CheckResults(); - EXPECT_EQ(expected_method, - client_as_negotiating_authenticator_->current_method_); + } + + NegotiatingAuthenticatorBase::Method current_method() { + return client_as_negotiating_authenticator_->current_method_; } // Use a bare pointer because the storage is managed by the base class. + NegotiatingHostAuthenticator* host_as_negotiating_authenticator_; NegotiatingClientAuthenticator* client_as_negotiating_authenticator_; private: @@ -144,18 +164,90 @@ class NegotiatingAuthenticatorTest : public AuthenticatorTestBase { DISALLOW_COPY_AND_ASSIGN(NegotiatingAuthenticatorTest); }; +struct PairingTestParameters { + bool p224_on_client; + bool curve25519_on_client; + bool p224_on_host; + bool curve25519_on_host; + + bool expect_curve25519_used; +}; + +class NegotiatingPairingAuthenticatorTest + : public NegotiatingAuthenticatorTest, + public testing::WithParamInterface<PairingTestParameters> { +public: + void InitAuthenticators(const std::string& client_id, + const std::string& client_paired_secret, + const std::string& client_interactive_pin, + const std::string& host_secret, + bool it2me) override { + NegotiatingAuthenticatorTest::InitAuthenticators( + client_id, client_paired_secret, client_interactive_pin, host_secret, + it2me); + if (!GetParam().p224_on_client) { + DisableMethodOnClient( + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); + } + if (!GetParam().curve25519_on_client) { + DisableMethodOnClient( + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519); + } + if (!GetParam().p224_on_host) { + DisableMethodOnHost( + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); + } + if (!GetParam().curve25519_on_host) { + DisableMethodOnHost( + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519); + } + } + + void VerifyAccepted() override { + NegotiatingAuthenticatorTest::VerifyAccepted(); + EXPECT_TRUE( + current_method() == + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224 || + current_method() == + NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519); + } +}; + +INSTANTIATE_TEST_CASE_P( + PairingParams, + NegotiatingPairingAuthenticatorTest, + testing::Values( + // Only P224. + PairingTestParameters{true, false, true, false}, + + // Only curve25519. + PairingTestParameters{false, true, false, true}, + + // Both P224 and curve25519. + PairingTestParameters{true, true, true, true}, + + // One end supports both, the other supports only P224 or curve25519. + PairingTestParameters{false, true, true, true}, + PairingTestParameters{true, false, true, true}, + PairingTestParameters{true, true, false, true}, + PairingTestParameters{true, true, true, false})); + TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthMe2MePin) { ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, kTestPin, kTestPin, false)); - VerifyAccepted( - NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519); + VerifyAccepted(); + EXPECT_EQ( + NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519, + current_method()); } TEST_F(NegotiatingAuthenticatorTest, SuccessfulAuthIt2me) { ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, kTestPin, kTestPin, true)); - VerifyAccepted( - NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224); + VerifyAccepted(); + EXPECT_EQ( + NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224, + current_method()); } TEST_F(NegotiatingAuthenticatorTest, InvalidMe2MePin) { @@ -177,11 +269,8 @@ TEST_F(NegotiatingAuthenticatorTest, InvalidIt2MeAccessCode) { TEST_F(NegotiatingAuthenticatorTest, IncompatibleMethods) { ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, kTestPin, kTestPinBad, true)); - std::vector<NegotiatingAuthenticatorBase::Method>* methods = - &(client_as_negotiating_authenticator_->methods_); - methods->erase(std::find( - methods->begin(), methods->end(), - NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224)); + DisableMethodOnClient( + NegotiatingAuthenticatorBase::Method::SHARED_SECRET_PLAIN_SPAKE2_P224); ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); @@ -192,27 +281,29 @@ TEST_F(NegotiatingAuthenticatorTest, PairingNotSupported) { ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, kTestPin, kTestPin, false)); ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); - VerifyAccepted( - NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519); + VerifyAccepted(); + EXPECT_EQ( + NegotiatingAuthenticatorBase::Method::SHARED_SECRET_SPAKE2_CURVE25519, + current_method()); } -TEST_F(NegotiatingAuthenticatorTest, PairingSupportedButNotPaired) { +TEST_P(NegotiatingPairingAuthenticatorTest, PairingSupportedButNotPaired) { CreatePairingRegistry(false); ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kNoClientId, kNoPairedSecret, kTestPin, kTestPin, false)); ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); - VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); + VerifyAccepted(); } -TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinOkay) { +TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinOkay) { CreatePairingRegistry(false); ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, kTestPin, kTestPin, false)); ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); - VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); + VerifyAccepted(); } -TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { +TEST_P(NegotiatingPairingAuthenticatorTest, PairingRevokedPinBad) { CreatePairingRegistry(false); ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false)); @@ -220,24 +311,24 @@ TEST_F(NegotiatingAuthenticatorTest, PairingRevokedPinBad) { VerifyRejected(Authenticator::INVALID_CREDENTIALS); } -TEST_F(NegotiatingAuthenticatorTest, PairingSucceeded) { +TEST_P(NegotiatingPairingAuthenticatorTest, PairingSucceeded) { CreatePairingRegistry(true); ASSERT_NO_FATAL_FAILURE(InitAuthenticators(kTestClientId, kTestPairedSecret, kTestPinBad, kTestPin, false)); ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); - VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); + VerifyAccepted(); } -TEST_F(NegotiatingAuthenticatorTest, +TEST_P(NegotiatingPairingAuthenticatorTest, PairingSucceededInvalidSecretButPinOkay) { CreatePairingRegistry(true); ASSERT_NO_FATAL_FAILURE(InitAuthenticators( kTestClientId, kTestPairedSecretBad, kTestPin, kTestPin, false)); ASSERT_NO_FATAL_FAILURE(RunAuthExchange()); - VerifyAccepted(NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224); + VerifyAccepted(); } -TEST_F(NegotiatingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { +TEST_P(NegotiatingPairingAuthenticatorTest, PairingFailedInvalidSecretAndPin) { CreatePairingRegistry(true); ASSERT_NO_FATAL_FAILURE(InitAuthenticators( kTestClientId, kTestPairedSecretBad, kTestPinBad, kTestPin, false)); diff --git a/remoting/protocol/negotiating_client_authenticator.cc b/remoting/protocol/negotiating_client_authenticator.cc index 0d67517..d82312e 100644 --- a/remoting/protocol/negotiating_client_authenticator.cc +++ b/remoting/protocol/negotiating_client_authenticator.cc @@ -36,6 +36,7 @@ NegotiatingClientAuthenticator::NegotiatingClientAuthenticator( AddMethod(Method::THIRD_PARTY_SPAKE2_P224); } + AddMethod(Method::PAIRED_SPAKE2_CURVE25519); AddMethod(Method::PAIRED_SPAKE2_P224); AddMethod(Method::SHARED_SECRET_SPAKE2_CURVE25519); @@ -124,33 +125,55 @@ void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod( const base::Closure& resume_callback) { DCHECK_EQ(state(), PROCESSING_MESSAGE); DCHECK(current_method_ != Method::INVALID); - if (current_method_ == Method::THIRD_PARTY_SPAKE2_P224) { - current_authenticator_.reset(new ThirdPartyClientAuthenticator( - base::Bind(&V2Authenticator::CreateForClient), - config_.fetch_third_party_token_callback)); - resume_callback.Run(); - } else if (current_method_ == Method::THIRD_PARTY_SPAKE2_CURVE25519) { - current_authenticator_.reset(new ThirdPartyClientAuthenticator( - base::Bind(&Spake2Authenticator::CreateForClient, local_id_, - remote_id_), - config_.fetch_third_party_token_callback)); - resume_callback.Run(); - } else if (current_method_ == Method::PAIRED_SPAKE2_P224) { - PairingClientAuthenticator* pairing_authenticator = - new PairingClientAuthenticator( - config_, base::Bind(&V2Authenticator::CreateForClient)); - current_authenticator_ = make_scoped_ptr(pairing_authenticator); - pairing_authenticator->Start(preferred_initial_state, resume_callback); - } else { - DCHECK(current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224 || - current_method_ == Method::SHARED_SECRET_SPAKE2_P224 || - current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519); - config_.fetch_secret_callback.Run( - false, - base::Bind( - &NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator, - weak_factory_.GetWeakPtr(), preferred_initial_state, - resume_callback)); + switch (current_method_) { + case Method::INVALID: + NOTREACHED(); + break; + + case Method::THIRD_PARTY_SPAKE2_P224: + current_authenticator_.reset(new ThirdPartyClientAuthenticator( + base::Bind(&V2Authenticator::CreateForClient), + config_.fetch_third_party_token_callback)); + resume_callback.Run(); + break; + + case Method::THIRD_PARTY_SPAKE2_CURVE25519: + current_authenticator_.reset(new ThirdPartyClientAuthenticator( + base::Bind(&Spake2Authenticator::CreateForClient, local_id_, + remote_id_), + config_.fetch_third_party_token_callback)); + resume_callback.Run(); + break; + + case Method::PAIRED_SPAKE2_P224: { + PairingClientAuthenticator* pairing_authenticator = + new PairingClientAuthenticator( + config_, base::Bind(&V2Authenticator::CreateForClient)); + current_authenticator_ = make_scoped_ptr(pairing_authenticator); + pairing_authenticator->Start(preferred_initial_state, resume_callback); + break; + } + + case Method::PAIRED_SPAKE2_CURVE25519: { + PairingClientAuthenticator* pairing_authenticator = + new PairingClientAuthenticator( + config_, base::Bind(&Spake2Authenticator::CreateForClient, + local_id_, remote_id_)); + current_authenticator_ = make_scoped_ptr(pairing_authenticator); + pairing_authenticator->Start(preferred_initial_state, resume_callback); + break; + } + + case Method::SHARED_SECRET_PLAIN_SPAKE2_P224: + case Method::SHARED_SECRET_SPAKE2_P224: + case Method::SHARED_SECRET_SPAKE2_CURVE25519: + config_.fetch_secret_callback.Run( + false, + base::Bind( + &NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator, + weak_factory_.GetWeakPtr(), preferred_initial_state, + resume_callback)); + break; } } diff --git a/remoting/protocol/negotiating_host_authenticator.cc b/remoting/protocol/negotiating_host_authenticator.cc index 59b200d..c0b9cbd6 100644 --- a/remoting/protocol/negotiating_host_authenticator.cc +++ b/remoting/protocol/negotiating_host_authenticator.cc @@ -36,22 +36,23 @@ NegotiatingHostAuthenticator::NegotiatingHostAuthenticator( local_key_pair_(key_pair) {} // static -scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateForIt2Me( - const std::string& local_id, - const std::string& remote_id, - const std::string& local_cert, - scoped_refptr<RsaKeyPair> key_pair, - const std::string& access_code) { +scoped_ptr<NegotiatingHostAuthenticator> +NegotiatingHostAuthenticator::CreateForIt2Me(const std::string& local_id, + const std::string& remote_id, + const std::string& local_cert, + scoped_refptr<RsaKeyPair> key_pair, + const std::string& access_code) { scoped_ptr<NegotiatingHostAuthenticator> result( new NegotiatingHostAuthenticator(local_id, remote_id, local_cert, key_pair)); result->shared_secret_hash_ = access_code; result->AddMethod(Method::SHARED_SECRET_PLAIN_SPAKE2_P224); - return std::move(result); + return result; } // static -scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithPin( +scoped_ptr<NegotiatingHostAuthenticator> +NegotiatingHostAuthenticator::CreateWithPin( const std::string& local_id, const std::string& remote_id, const std::string& local_cert, @@ -66,13 +67,14 @@ scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithPin( result->AddMethod(Method::SHARED_SECRET_SPAKE2_CURVE25519); result->AddMethod(Method::SHARED_SECRET_SPAKE2_P224); if (pairing_registry.get()) { + result->AddMethod(Method::PAIRED_SPAKE2_CURVE25519); result->AddMethod(Method::PAIRED_SPAKE2_P224); } - return std::move(result); + return result; } // static -scoped_ptr<Authenticator> +scoped_ptr<NegotiatingHostAuthenticator> NegotiatingHostAuthenticator::CreateWithThirdPartyAuth( const std::string& local_id, const std::string& remote_id, @@ -85,7 +87,7 @@ NegotiatingHostAuthenticator::CreateWithThirdPartyAuth( result->token_validator_factory_ = token_validator_factory; result->AddMethod(Method::THIRD_PARTY_SPAKE2_CURVE25519); result->AddMethod(Method::THIRD_PARTY_SPAKE2_P224); - return std::move(result); + return result; } NegotiatingHostAuthenticator::~NegotiatingHostAuthenticator() {} @@ -188,38 +190,69 @@ void NegotiatingHostAuthenticator::CreateAuthenticator( const base::Closure& resume_callback) { DCHECK(current_method_ != Method::INVALID); - if (current_method_ == Method::THIRD_PARTY_SPAKE2_P224) { - current_authenticator_.reset(new ThirdPartyHostAuthenticator( - base::Bind(&V2Authenticator::CreateForHost, local_cert_, - local_key_pair_), - token_validator_factory_->CreateTokenValidator(local_id_, remote_id_))); - } else if (current_method_ == Method::THIRD_PARTY_SPAKE2_CURVE25519) { - current_authenticator_.reset(new ThirdPartyHostAuthenticator( - base::Bind(&Spake2Authenticator::CreateForHost, local_id_, remote_id_, - local_cert_, local_key_pair_), - token_validator_factory_->CreateTokenValidator(local_id_, remote_id_))); - } else if (current_method_ == Method::PAIRED_SPAKE2_P224) { - PairingHostAuthenticator* pairing_authenticator = - new PairingHostAuthenticator(pairing_registry_, - base::Bind(&V2Authenticator::CreateForHost, - local_cert_, local_key_pair_), - shared_secret_hash_); - current_authenticator_.reset(pairing_authenticator); - pairing_authenticator->Initialize(client_id_, preferred_initial_state, - resume_callback); - return; - } else if (current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519) { - current_authenticator_ = Spake2Authenticator::CreateForHost( - local_id_, remote_id_, local_cert_, local_key_pair_, - shared_secret_hash_, preferred_initial_state); - } else { - DCHECK(current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224 || - current_method_ == Method::SHARED_SECRET_SPAKE2_P224); - current_authenticator_ = V2Authenticator::CreateForHost( - local_cert_, local_key_pair_, shared_secret_hash_, - preferred_initial_state); + switch(current_method_) { + case Method::INVALID: + NOTREACHED(); + break; + + case Method::THIRD_PARTY_SPAKE2_P224: + current_authenticator_.reset(new ThirdPartyHostAuthenticator( + base::Bind(&V2Authenticator::CreateForHost, local_cert_, + local_key_pair_), + token_validator_factory_->CreateTokenValidator(local_id_, + remote_id_))); + resume_callback.Run(); + break; + + case Method::THIRD_PARTY_SPAKE2_CURVE25519: + current_authenticator_.reset(new ThirdPartyHostAuthenticator( + base::Bind(&Spake2Authenticator::CreateForHost, local_id_, remote_id_, + local_cert_, local_key_pair_), + token_validator_factory_->CreateTokenValidator(local_id_, + remote_id_))); + resume_callback.Run(); + break; + + case Method::PAIRED_SPAKE2_P224: { + PairingHostAuthenticator* pairing_authenticator = + new PairingHostAuthenticator( + pairing_registry_, base::Bind(&V2Authenticator::CreateForHost, + local_cert_, local_key_pair_), + shared_secret_hash_); + current_authenticator_.reset(pairing_authenticator); + pairing_authenticator->Initialize(client_id_, preferred_initial_state, + resume_callback); + break; + } + + case Method::PAIRED_SPAKE2_CURVE25519: { + PairingHostAuthenticator* pairing_authenticator = + new PairingHostAuthenticator( + pairing_registry_, + base::Bind(&Spake2Authenticator::CreateForHost, local_id_, + remote_id_, local_cert_, local_key_pair_), + shared_secret_hash_); + current_authenticator_.reset(pairing_authenticator); + pairing_authenticator->Initialize(client_id_, preferred_initial_state, + resume_callback); + break; + } + + case Method::SHARED_SECRET_SPAKE2_CURVE25519: + current_authenticator_ = Spake2Authenticator::CreateForHost( + local_id_, remote_id_, local_cert_, local_key_pair_, + shared_secret_hash_, preferred_initial_state); + resume_callback.Run(); + break; + + case Method::SHARED_SECRET_PLAIN_SPAKE2_P224: + case Method::SHARED_SECRET_SPAKE2_P224: + current_authenticator_ = V2Authenticator::CreateForHost( + local_cert_, local_key_pair_, shared_secret_hash_, + preferred_initial_state); + resume_callback.Run(); + break; } - resume_callback.Run(); } } // namespace protocol diff --git a/remoting/protocol/negotiating_host_authenticator.h b/remoting/protocol/negotiating_host_authenticator.h index 25a761e..10d3780 100644 --- a/remoting/protocol/negotiating_host_authenticator.h +++ b/remoting/protocol/negotiating_host_authenticator.h @@ -31,7 +31,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase { ~NegotiatingHostAuthenticator() override; // Creates a host authenticator for It2Me host. - static scoped_ptr<Authenticator> CreateForIt2Me( + static scoped_ptr<NegotiatingHostAuthenticator> CreateForIt2Me( const std::string& local_id, const std::string& remote_id, const std::string& local_cert, @@ -41,7 +41,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase { // Creates a host authenticator, using a fixed PIN. If |pairing_registry| is // non-nullptr then the paired methods will be offered, supporting // PIN-less authentication. - static scoped_ptr<Authenticator> CreateWithPin( + static scoped_ptr<NegotiatingHostAuthenticator> CreateWithPin( const std::string& local_id, const std::string& remote_id, const std::string& local_cert, @@ -50,7 +50,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase { scoped_refptr<PairingRegistry> pairing_registry); // Creates a host authenticator, using third party authentication. - static scoped_ptr<Authenticator> CreateWithThirdPartyAuth( + static scoped_ptr<NegotiatingHostAuthenticator> CreateWithThirdPartyAuth( const std::string& local_id, const std::string& remote_id, const std::string& local_cert, |