Add Curve25519 version of pairing authenticators

BUG=589698 Review URL: https://codereview.chromium.org/1800823002 Cr-Commit-Position: refs/heads/master@{#381664}

Add Curve25519 version of pairing authenticators
BUG=589698 Review URL: https://codereview.chromium.org/1800823002 Cr-Commit-Position: refs/heads/master@{#381664}
410cd112 · sergeyu · Commit bot · 79a6ade9 · 410cd112 · 410cd112
Commit 410cd112 authored Mar 16, 2016 by sergeyu Committed by Commit bot Mar 17, 2016
6 changed files
--- a/remoting/protocol/negotiating_authenticator_base.cc
+++ b/remoting/protocol/negotiating_authenticator_base.cc
@@ -34,6 +34,8 @@ const NameMapElement<NegotiatingAuthenticatorBase::Method>
        {NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224,
         "spake2_pair"},
+        {NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519,
+         "pair_spake2_curve25519"},
        {NegotiatingAuthenticatorBase::Method::THIRD_PARTY_SPAKE2_P224,
         "third_party"},

--- a/remoting/protocol/negotiating_authenticator_base.h
+++ b/remoting/protocol/negotiating_authenticator_base.h
@@ -77,8 +77,8 @@ class NegotiatingAuthenticatorBase : public Authenticator {
    // SPAKE2 using shared pairing secret. Falls back to PIN-based
    // authentication when pairing fails.
-    // TODO(sergeyu): Add CURVE25519 variant. crbug.com/593123
    PAIRED_SPAKE2_P224,
+    PAIRED_SPAKE2_CURVE25519,
    // Authentication using third-party authentication server.
    // SPAKE2 with P224 using shared pairing secret. Falls back to PIN-based
@@ -103,7 +103,6 @@ class NegotiatingAuthenticatorBase : public Authenticator {
 protected:
  friend class NegotiatingAuthenticatorTest;
-  FRIEND_TEST_ALL_PREFIXES(NegotiatingAuthenticatorTest, IncompatibleMethods);
  static const buzz::StaticQName kMethodAttributeQName;
  static const buzz::StaticQName kSupportedMethodsAttributeQName;

--- a/remoting/protocol/negotiating_authenticator_unittest.cc
+++ b/remoting/protocol/negotiating_authenticator_unittest.cc
--- a/remoting/protocol/negotiating_client_authenticator.cc
+++ b/remoting/protocol/negotiating_client_authenticator.cc
@@ -36,6 +36,7 @@ NegotiatingClientAuthenticator::NegotiatingClientAuthenticator(
    AddMethod(Method::THIRD_PARTY_SPAKE2_P224);
  }
+  AddMethod(Method::PAIRED_SPAKE2_CURVE25519);
  AddMethod(Method::PAIRED_SPAKE2_P224);
  AddMethod(Method::SHARED_SECRET_SPAKE2_CURVE25519);
@@ -124,33 +125,55 @@ void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod(
    const base::Closure& resume_callback) {
  DCHECK_EQ(state(), PROCESSING_MESSAGE);
  DCHECK(current_method_ != Method::INVALID);
-  if (current_method_ == Method::THIRD_PARTY_SPAKE2_P224) {
+  switch (current_method_) {
-    current_authenticator_.reset(new ThirdPartyClientAuthenticator(
+    case Method::INVALID:
-        base::Bind(&V2Authenticator::CreateForClient),
+      NOTREACHED();
-        config_.fetch_third_party_token_callback));
+      break;
-    resume_callback.Run();
-  } else if (current_method_ == Method::THIRD_PARTY_SPAKE2_CURVE25519) {
+    case Method::THIRD_PARTY_SPAKE2_P224:
-    current_authenticator_.reset(new ThirdPartyClientAuthenticator(
+      current_authenticator_.reset(new ThirdPartyClientAuthenticator(
-        base::Bind(&Spake2Authenticator::CreateForClient, local_id_,
+          base::Bind(&V2Authenticator::CreateForClient),
-                   remote_id_),
+          config_.fetch_third_party_token_callback));
-        config_.fetch_third_party_token_callback));
+      resume_callback.Run();
-    resume_callback.Run();
+      break;
-  } else if (current_method_ == Method::PAIRED_SPAKE2_P224) {
-    PairingClientAuthenticator* pairing_authenticator =
+    case Method::THIRD_PARTY_SPAKE2_CURVE25519:
-        new PairingClientAuthenticator(
+      current_authenticator_.reset(new ThirdPartyClientAuthenticator(
-            config_, base::Bind(&V2Authenticator::CreateForClient));
+          base::Bind(&Spake2Authenticator::CreateForClient, local_id_,
-    current_authenticator_ = make_scoped_ptr(pairing_authenticator);
+                     remote_id_),
-    pairing_authenticator->Start(preferred_initial_state, resume_callback);
+          config_.fetch_third_party_token_callback));
-  } else {
+      resume_callback.Run();
-    DCHECK(current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224 ||
+      break;
-           current_method_ == Method::SHARED_SECRET_SPAKE2_P224 ||
-           current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519);
+    case Method::PAIRED_SPAKE2_P224: {
-    config_.fetch_secret_callback.Run(
+      PairingClientAuthenticator* pairing_authenticator =
-        false,
+          new PairingClientAuthenticator(
-        base::Bind(
+              config_, base::Bind(&V2Authenticator::CreateForClient));
-            &NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator,
+      current_authenticator_ = make_scoped_ptr(pairing_authenticator);
-            weak_factory_.GetWeakPtr(), preferred_initial_state,
+      pairing_authenticator->Start(preferred_initial_state, resume_callback);
-            resume_callback));
+      break;
+    }
+    case Method::PAIRED_SPAKE2_CURVE25519: {
+      PairingClientAuthenticator* pairing_authenticator =
+          new PairingClientAuthenticator(
+              config_, base::Bind(&Spake2Authenticator::CreateForClient,
+                                  local_id_, remote_id_));
+      current_authenticator_ = make_scoped_ptr(pairing_authenticator);
+      pairing_authenticator->Start(preferred_initial_state, resume_callback);
+      break;
+    }
+    case Method::SHARED_SECRET_PLAIN_SPAKE2_P224:
+    case Method::SHARED_SECRET_SPAKE2_P224:
+    case Method::SHARED_SECRET_SPAKE2_CURVE25519:
+      config_.fetch_secret_callback.Run(
+          false,
+          base::Bind(
+              &NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator,
+              weak_factory_.GetWeakPtr(), preferred_initial_state,
+              resume_callback));
+      break;
  }
 }

--- a/remoting/protocol/negotiating_host_authenticator.cc
+++ b/remoting/protocol/negotiating_host_authenticator.cc
@@ -36,22 +36,23 @@ NegotiatingHostAuthenticator::NegotiatingHostAuthenticator(
      local_key_pair_(key_pair) {}
 // static
-scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateForIt2Me(
+scoped_ptr<NegotiatingHostAuthenticator>
-    const std::string& local_id,
+NegotiatingHostAuthenticator::CreateForIt2Me(const std::string& local_id,
-    const std::string& remote_id,
+                                             const std::string& remote_id,
-    const std::string& local_cert,
+                                             const std::string& local_cert,
-    scoped_refptr<RsaKeyPair> key_pair,
+                                             scoped_refptr<RsaKeyPair> key_pair,
-    const std::string& access_code) {
+                                             const std::string& access_code) {
  scoped_ptr<NegotiatingHostAuthenticator> result(
      new NegotiatingHostAuthenticator(local_id, remote_id, local_cert,
                                       key_pair));
  result->shared_secret_hash_ = access_code;
  result->AddMethod(Method::SHARED_SECRET_PLAIN_SPAKE2_P224);
-  return std::move(result);
+  return result;
 }
 // static
-scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithPin(
+scoped_ptr<NegotiatingHostAuthenticator>
+NegotiatingHostAuthenticator::CreateWithPin(
    const std::string& local_id,
    const std::string& remote_id,
    const std::string& local_cert,
@@ -66,13 +67,14 @@ scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithPin(
  result->AddMethod(Method::SHARED_SECRET_SPAKE2_CURVE25519);
  result->AddMethod(Method::SHARED_SECRET_SPAKE2_P224);
  if (pairing_registry.get()) {
+    result->AddMethod(Method::PAIRED_SPAKE2_CURVE25519);
    result->AddMethod(Method::PAIRED_SPAKE2_P224);
  }
-  return std::move(result);
+  return result;
 }
 // static
-scoped_ptr<Authenticator>
+scoped_ptr<NegotiatingHostAuthenticator>
 NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
    const std::string& local_id,
    const std::string& remote_id,
@@ -85,7 +87,7 @@ NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
  result->token_validator_factory_ = token_validator_factory;
  result->AddMethod(Method::THIRD_PARTY_SPAKE2_CURVE25519);
  result->AddMethod(Method::THIRD_PARTY_SPAKE2_P224);
-  return std::move(result);
+  return result;
 }
 NegotiatingHostAuthenticator::~NegotiatingHostAuthenticator() {}
@@ -188,38 +190,69 @@ void NegotiatingHostAuthenticator::CreateAuthenticator(
    const base::Closure& resume_callback) {
  DCHECK(current_method_ != Method::INVALID);
-  if (current_method_ == Method::THIRD_PARTY_SPAKE2_P224) {
+  switch(current_method_) {
-    current_authenticator_.reset(new ThirdPartyHostAuthenticator(
+    case Method::INVALID:
-        base::Bind(&V2Authenticator::CreateForHost, local_cert_,
+      NOTREACHED();
-                   local_key_pair_),
+      break;
-        token_validator_factory_->CreateTokenValidator(local_id_, remote_id_)));
-  } else if (current_method_ == Method::THIRD_PARTY_SPAKE2_CURVE25519) {
+    case Method::THIRD_PARTY_SPAKE2_P224:
-    current_authenticator_.reset(new ThirdPartyHostAuthenticator(
+      current_authenticator_.reset(new ThirdPartyHostAuthenticator(
-        base::Bind(&Spake2Authenticator::CreateForHost, local_id_, remote_id_,
+          base::Bind(&V2Authenticator::CreateForHost, local_cert_,
-                   local_cert_, local_key_pair_),
+                     local_key_pair_),
-        token_validator_factory_->CreateTokenValidator(local_id_, remote_id_)));
+          token_validator_factory_->CreateTokenValidator(local_id_,
-  } else if (current_method_ == Method::PAIRED_SPAKE2_P224) {
+                                                         remote_id_)));
-    PairingHostAuthenticator* pairing_authenticator =
+      resume_callback.Run();
-        new PairingHostAuthenticator(pairing_registry_,
+      break;
-                                     base::Bind(&V2Authenticator::CreateForHost,
-                                                local_cert_, local_key_pair_),
+    case Method::THIRD_PARTY_SPAKE2_CURVE25519:
-                                     shared_secret_hash_);
+      current_authenticator_.reset(new ThirdPartyHostAuthenticator(
-    current_authenticator_.reset(pairing_authenticator);
+          base::Bind(&Spake2Authenticator::CreateForHost, local_id_, remote_id_,
-    pairing_authenticator->Initialize(client_id_, preferred_initial_state,
+                     local_cert_, local_key_pair_),
-                                      resume_callback);
+          token_validator_factory_->CreateTokenValidator(local_id_,
-    return;
+                                                         remote_id_)));
-  } else if (current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519) {
+      resume_callback.Run();
-    current_authenticator_ = Spake2Authenticator::CreateForHost(
+      break;
-        local_id_, remote_id_, local_cert_, local_key_pair_,
-        shared_secret_hash_, preferred_initial_state);
+    case Method::PAIRED_SPAKE2_P224: {
-  } else {
+      PairingHostAuthenticator* pairing_authenticator =
-    DCHECK(current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224 ||
+          new PairingHostAuthenticator(
-           current_method_ == Method::SHARED_SECRET_SPAKE2_P224);
+              pairing_registry_, base::Bind(&V2Authenticator::CreateForHost,
-    current_authenticator_ = V2Authenticator::CreateForHost(
+                                            local_cert_, local_key_pair_),
-        local_cert_, local_key_pair_, shared_secret_hash_,
+              shared_secret_hash_);
-        preferred_initial_state);
+      current_authenticator_.reset(pairing_authenticator);
+      pairing_authenticator->Initialize(client_id_, preferred_initial_state,
+                                        resume_callback);
+      break;
+    }
+    case Method::PAIRED_SPAKE2_CURVE25519: {
+      PairingHostAuthenticator* pairing_authenticator =
+          new PairingHostAuthenticator(
+              pairing_registry_,
+              base::Bind(&Spake2Authenticator::CreateForHost, local_id_,
+                         remote_id_, local_cert_, local_key_pair_),
+              shared_secret_hash_);
+      current_authenticator_.reset(pairing_authenticator);
+      pairing_authenticator->Initialize(client_id_, preferred_initial_state,
+                                        resume_callback);
+      break;
+    }
+    case Method::SHARED_SECRET_SPAKE2_CURVE25519:
+      current_authenticator_ = Spake2Authenticator::CreateForHost(
+          local_id_, remote_id_, local_cert_, local_key_pair_,
+          shared_secret_hash_, preferred_initial_state);
+      resume_callback.Run();
+      break;
+    case Method::SHARED_SECRET_PLAIN_SPAKE2_P224:
+    case Method::SHARED_SECRET_SPAKE2_P224:
+      current_authenticator_ = V2Authenticator::CreateForHost(
+          local_cert_, local_key_pair_, shared_secret_hash_,
+          preferred_initial_state);
+      resume_callback.Run();
+      break;
  }
-  resume_callback.Run();
 }
 }  // namespace protocol

--- a/remoting/protocol/negotiating_host_authenticator.h
+++ b/remoting/protocol/negotiating_host_authenticator.h
@@ -31,7 +31,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase {
  ~NegotiatingHostAuthenticator() override;
  // Creates a host authenticator for It2Me host.
-  static scoped_ptr<Authenticator> CreateForIt2Me(
+  static scoped_ptr<NegotiatingHostAuthenticator> CreateForIt2Me(
      const std::string& local_id,
      const std::string& remote_id,
      const std::string& local_cert,
@@ -41,7 +41,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase {
  // Creates a host authenticator, using a fixed PIN. If |pairing_registry| is
  // non-nullptr then the paired methods will be offered, supporting
  // PIN-less authentication.
-  static scoped_ptr<Authenticator> CreateWithPin(
+  static scoped_ptr<NegotiatingHostAuthenticator> CreateWithPin(
      const std::string& local_id,
      const std::string& remote_id,
      const std::string& local_cert,
@@ -50,7 +50,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase {
      scoped_refptr<PairingRegistry> pairing_registry);
  // Creates a host authenticator, using third party authentication.
-  static scoped_ptr<Authenticator> CreateWithThirdPartyAuth(
+  static scoped_ptr<NegotiatingHostAuthenticator> CreateWithThirdPartyAuth(
      const std::string& local_id,
      const std::string& remote_id,
      const std::string& local_cert,