Add Curve25519 version of pairing authenticators

BUG=589698 Review URL: https://codereview.chromium.org/1800823002 Cr-Commit-Position: refs/heads/master@{#381664}

Add Curve25519 version of pairing authenticators
BUG=589698 Review URL: https://codereview.chromium.org/1800823002 Cr-Commit-Position: refs/heads/master@{#381664}
410cd112 · sergeyu · Commit bot · 79a6ade9 · 410cd112 · 410cd112
Commit 410cd112 authored Mar 16, 2016 by sergeyu Committed by Commit bot Mar 17, 2016
6 changed files
--- a/remoting/protocol/negotiating_authenticator_base.cc
+++ b/remoting/protocol/negotiating_authenticator_base.cc
@@ -34,6 +34,8 @@ const NameMapElement<NegotiatingAuthenticatorBase::Method>

        {NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_P224,
         "spake2_pair"},
+        {NegotiatingAuthenticatorBase::Method::PAIRED_SPAKE2_CURVE25519,
+         "pair_spake2_curve25519"},

        {NegotiatingAuthenticatorBase::Method::THIRD_PARTY_SPAKE2_P224,
         "third_party"},

--- a/remoting/protocol/negotiating_authenticator_base.h
+++ b/remoting/protocol/negotiating_authenticator_base.h
@@ -77,8 +77,8 @@ class NegotiatingAuthenticatorBase : public Authenticator {

    // SPAKE2 using shared pairing secret. Falls back to PIN-based
    // authentication when pairing fails.
-    // TODO(sergeyu): Add CURVE25519 variant. crbug.com/593123
    PAIRED_SPAKE2_P224,
+    PAIRED_SPAKE2_CURVE25519,

    // Authentication using third-party authentication server.
    // SPAKE2 with P224 using shared pairing secret. Falls back to PIN-based
@@ -103,7 +103,6 @@ class NegotiatingAuthenticatorBase : public Authenticator {

 protected:
  friend class NegotiatingAuthenticatorTest;
-  FRIEND_TEST_ALL_PREFIXES(NegotiatingAuthenticatorTest, IncompatibleMethods);

  static const buzz::StaticQName kMethodAttributeQName;
  static const buzz::StaticQName kSupportedMethodsAttributeQName;

--- a/remoting/protocol/negotiating_authenticator_unittest.cc
+++ b/remoting/protocol/negotiating_authenticator_unittest.cc
--- a/remoting/protocol/negotiating_client_authenticator.cc
+++ b/remoting/protocol/negotiating_client_authenticator.cc
@@ -36,6 +36,7 @@ NegotiatingClientAuthenticator::NegotiatingClientAuthenticator(
    AddMethod(Method::THIRD_PARTY_SPAKE2_P224);
  }

+  AddMethod(Method::PAIRED_SPAKE2_CURVE25519);
  AddMethod(Method::PAIRED_SPAKE2_P224);

  AddMethod(Method::SHARED_SECRET_SPAKE2_CURVE25519);
@@ -124,33 +125,55 @@ void NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod(
    const base::Closure& resume_callback) {
  DCHECK_EQ(state(), PROCESSING_MESSAGE);
  DCHECK(current_method_ != Method::INVALID);
-  if (current_method_ == Method::THIRD_PARTY_SPAKE2_P224) {
+  switch (current_method_) {
+    case Method::INVALID:
+      NOTREACHED();
+      break;
+
+    case Method::THIRD_PARTY_SPAKE2_P224:
      current_authenticator_.reset(new ThirdPartyClientAuthenticator(
          base::Bind(&V2Authenticator::CreateForClient),
          config_.fetch_third_party_token_callback));
      resume_callback.Run();
-  } else if (current_method_ == Method::THIRD_PARTY_SPAKE2_CURVE25519) {
+      break;
+
+    case Method::THIRD_PARTY_SPAKE2_CURVE25519:
      current_authenticator_.reset(new ThirdPartyClientAuthenticator(
          base::Bind(&Spake2Authenticator::CreateForClient, local_id_,
                     remote_id_),
          config_.fetch_third_party_token_callback));
      resume_callback.Run();
-  } else if (current_method_ == Method::PAIRED_SPAKE2_P224) {
+      break;
+
+    case Method::PAIRED_SPAKE2_P224: {
      PairingClientAuthenticator* pairing_authenticator =
          new PairingClientAuthenticator(
              config_, base::Bind(&V2Authenticator::CreateForClient));
      current_authenticator_ = make_scoped_ptr(pairing_authenticator);
      pairing_authenticator->Start(preferred_initial_state, resume_callback);
-  } else {
-    DCHECK(current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224 ||
-           current_method_ == Method::SHARED_SECRET_SPAKE2_P224 ||
-           current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519);
+      break;
+    }
+
+    case Method::PAIRED_SPAKE2_CURVE25519: {
+      PairingClientAuthenticator* pairing_authenticator =
+          new PairingClientAuthenticator(
+              config_, base::Bind(&Spake2Authenticator::CreateForClient,
+                                  local_id_, remote_id_));
+      current_authenticator_ = make_scoped_ptr(pairing_authenticator);
+      pairing_authenticator->Start(preferred_initial_state, resume_callback);
+      break;
+    }
+
+    case Method::SHARED_SECRET_PLAIN_SPAKE2_P224:
+    case Method::SHARED_SECRET_SPAKE2_P224:
+    case Method::SHARED_SECRET_SPAKE2_CURVE25519:
      config_.fetch_secret_callback.Run(
          false,
          base::Bind(
              &NegotiatingClientAuthenticator::CreateSharedSecretAuthenticator,
              weak_factory_.GetWeakPtr(), preferred_initial_state,
              resume_callback));
+      break;
  }
 }


--- a/remoting/protocol/negotiating_host_authenticator.cc
+++ b/remoting/protocol/negotiating_host_authenticator.cc
@@ -36,8 +36,8 @@ NegotiatingHostAuthenticator::NegotiatingHostAuthenticator(
      local_key_pair_(key_pair) {}

 // static
-scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateForIt2Me(
-    const std::string& local_id,
+scoped_ptr<NegotiatingHostAuthenticator>
+NegotiatingHostAuthenticator::CreateForIt2Me(const std::string& local_id,
                                             const std::string& remote_id,
                                             const std::string& local_cert,
                                             scoped_refptr<RsaKeyPair> key_pair,
@@ -47,11 +47,12 @@ scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateForIt2Me(
                                       key_pair));
  result->shared_secret_hash_ = access_code;
  result->AddMethod(Method::SHARED_SECRET_PLAIN_SPAKE2_P224);
-  return std::move(result);
+  return result;
 }

 // static
-scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithPin(
+scoped_ptr<NegotiatingHostAuthenticator>
+NegotiatingHostAuthenticator::CreateWithPin(
    const std::string& local_id,
    const std::string& remote_id,
    const std::string& local_cert,
@@ -66,13 +67,14 @@ scoped_ptr<Authenticator> NegotiatingHostAuthenticator::CreateWithPin(
  result->AddMethod(Method::SHARED_SECRET_SPAKE2_CURVE25519);
  result->AddMethod(Method::SHARED_SECRET_SPAKE2_P224);
  if (pairing_registry.get()) {
+    result->AddMethod(Method::PAIRED_SPAKE2_CURVE25519);
    result->AddMethod(Method::PAIRED_SPAKE2_P224);
  }
-  return std::move(result);
+  return result;
 }

 // static
-scoped_ptr<Authenticator>
+scoped_ptr<NegotiatingHostAuthenticator>
 NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
    const std::string& local_id,
    const std::string& remote_id,
@@ -85,7 +87,7 @@ NegotiatingHostAuthenticator::CreateWithThirdPartyAuth(
  result->token_validator_factory_ = token_validator_factory;
  result->AddMethod(Method::THIRD_PARTY_SPAKE2_CURVE25519);
  result->AddMethod(Method::THIRD_PARTY_SPAKE2_P224);
-  return std::move(result);
+  return result;
 }

 NegotiatingHostAuthenticator::~NegotiatingHostAuthenticator() {}
@@ -188,38 +190,69 @@ void NegotiatingHostAuthenticator::CreateAuthenticator(
    const base::Closure& resume_callback) {
  DCHECK(current_method_ != Method::INVALID);

-  if (current_method_ == Method::THIRD_PARTY_SPAKE2_P224) {
+  switch(current_method_) {
+    case Method::INVALID:
+      NOTREACHED();
+      break;
+
+    case Method::THIRD_PARTY_SPAKE2_P224:
      current_authenticator_.reset(new ThirdPartyHostAuthenticator(
          base::Bind(&V2Authenticator::CreateForHost, local_cert_,
                     local_key_pair_),
-        token_validator_factory_->CreateTokenValidator(local_id_, remote_id_)));
-  } else if (current_method_ == Method::THIRD_PARTY_SPAKE2_CURVE25519) {
+          token_validator_factory_->CreateTokenValidator(local_id_,
+                                                         remote_id_)));
+      resume_callback.Run();
+      break;
+
+    case Method::THIRD_PARTY_SPAKE2_CURVE25519:
      current_authenticator_.reset(new ThirdPartyHostAuthenticator(
          base::Bind(&Spake2Authenticator::CreateForHost, local_id_, remote_id_,
                     local_cert_, local_key_pair_),
-        token_validator_factory_->CreateTokenValidator(local_id_, remote_id_)));
-  } else if (current_method_ == Method::PAIRED_SPAKE2_P224) {
+          token_validator_factory_->CreateTokenValidator(local_id_,
+                                                         remote_id_)));
+      resume_callback.Run();
+      break;
+
+    case Method::PAIRED_SPAKE2_P224: {
      PairingHostAuthenticator* pairing_authenticator =
-        new PairingHostAuthenticator(pairing_registry_,
-                                     base::Bind(&V2Authenticator::CreateForHost,
+          new PairingHostAuthenticator(
+              pairing_registry_, base::Bind(&V2Authenticator::CreateForHost,
                                            local_cert_, local_key_pair_),
              shared_secret_hash_);
      current_authenticator_.reset(pairing_authenticator);
      pairing_authenticator->Initialize(client_id_, preferred_initial_state,
                                        resume_callback);
-    return;
-  } else if (current_method_ == Method::SHARED_SECRET_SPAKE2_CURVE25519) {
+      break;
+    }
+
+    case Method::PAIRED_SPAKE2_CURVE25519: {
+      PairingHostAuthenticator* pairing_authenticator =
+          new PairingHostAuthenticator(
+              pairing_registry_,
+              base::Bind(&Spake2Authenticator::CreateForHost, local_id_,
+                         remote_id_, local_cert_, local_key_pair_),
+              shared_secret_hash_);
+      current_authenticator_.reset(pairing_authenticator);
+      pairing_authenticator->Initialize(client_id_, preferred_initial_state,
+                                        resume_callback);
+      break;
+    }
+
+    case Method::SHARED_SECRET_SPAKE2_CURVE25519:
      current_authenticator_ = Spake2Authenticator::CreateForHost(
          local_id_, remote_id_, local_cert_, local_key_pair_,
          shared_secret_hash_, preferred_initial_state);
-  } else {
-    DCHECK(current_method_ == Method::SHARED_SECRET_PLAIN_SPAKE2_P224 ||
-           current_method_ == Method::SHARED_SECRET_SPAKE2_P224);
+      resume_callback.Run();
+      break;
+
+    case Method::SHARED_SECRET_PLAIN_SPAKE2_P224:
+    case Method::SHARED_SECRET_SPAKE2_P224:
      current_authenticator_ = V2Authenticator::CreateForHost(
          local_cert_, local_key_pair_, shared_secret_hash_,
          preferred_initial_state);
-  }
      resume_callback.Run();
+      break;
+  }
 }

 }  // namespace protocol

--- a/remoting/protocol/negotiating_host_authenticator.h
+++ b/remoting/protocol/negotiating_host_authenticator.h
@@ -31,7 +31,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase {
  ~NegotiatingHostAuthenticator() override;

  // Creates a host authenticator for It2Me host.
-  static scoped_ptr<Authenticator> CreateForIt2Me(
+  static scoped_ptr<NegotiatingHostAuthenticator> CreateForIt2Me(
      const std::string& local_id,
      const std::string& remote_id,
      const std::string& local_cert,
@@ -41,7 +41,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase {
  // Creates a host authenticator, using a fixed PIN. If |pairing_registry| is
  // non-nullptr then the paired methods will be offered, supporting
  // PIN-less authentication.
-  static scoped_ptr<Authenticator> CreateWithPin(
+  static scoped_ptr<NegotiatingHostAuthenticator> CreateWithPin(
      const std::string& local_id,
      const std::string& remote_id,
      const std::string& local_cert,
@@ -50,7 +50,7 @@ class NegotiatingHostAuthenticator : public NegotiatingAuthenticatorBase {
      scoped_refptr<PairingRegistry> pairing_registry);

  // Creates a host authenticator, using third party authentication.
-  static scoped_ptr<Authenticator> CreateWithThirdPartyAuth(
+  static scoped_ptr<NegotiatingHostAuthenticator> CreateWithThirdPartyAuth(
      const std::string& local_id,
      const std::string& remote_id,
      const std::string& local_cert,