// Copyright 2013 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_BASE_H_ #define REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_BASE_H_ #include "base/memory/weak_ptr.h" #include "remoting/protocol/authenticator.h" #include "third_party/libjingle_xmpp/xmllite/xmlelement.h" namespace remoting::protocol { // The pairing authenticator builds on top of V2Authenticator to add // support for PIN-less authentication via device pairing: // // * If a client device is already paired, it includes in the initial // authentication message a Client Id and the first SPAKE message // using the Paired Secret and HMAC_SHA256. // * If the host recognizes the Client Id, it looks up the corresponding // Paired Secret and continue the SPAKE exchange. // * If it does not recognize the Client Id, it initiates a SPAKE exchange // with HMAC_SHA256 using the PIN as the shared secret. The initial // message of this exchange includes an an error message, which // informs the client that the PIN-less connection failed and causes // it to prompt the user for a PIN to use for authentication // instead. // * If, at any point, the SPAKE exchange fails with the Paired Secret, // the endpoint that detects the failure initiates a new SPAKE exchange // using the PIN, and includes an error message to instruct the peer // to do likewise. // // If a client device is not already paired, but supports pairing, then // the V2Authenticator is used instead of this class. Only the method name // differs, which the client uses to determine that pairing should be offered // to the user (see NegotiatingHostAuthenticator::CreateAuthenticator and // NegotiatingClientAuthenticator::CreateAuthenticatorForCurrentMethod). class PairingAuthenticatorBase : public Authenticator { … }; } // namespace remoting::protocol #endif // REMOTING_PROTOCOL_PAIRING_AUTHENTICATOR_BASE_H_