Pairing authenticators design doesn't allow to change SPAKE2 implementations |
||
Issue descriptionThe current design of the pairing authenticators doesn't allow to change the underlying SPAKE2 authenticator implementation easily. When a client is paired it attempts to use spake2_pair authentication method from the start and it assumes that pairing was rejected if the host chooses a different method. In other words it doesn't allow to support multiple pairing-based authentication methods. Essentially the problem is that PairingAuthenticator and NegotiatingAuthenticator layers are not separated properly (both in the code and design of the protocol). This needs to be changed so that we could have two SPAKE2 implementations and let the host to choose the one to use.
,
Mar 17 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/843ef124414456330cd297383d171bd3c8ee4c91 commit 843ef124414456330cd297383d171bd3c8ee4c91 Author: sergeyu <sergeyu@chromium.org> Date: Thu Mar 17 01:44:17 2016 Handle pairing client ID in the negotiating authenticators. Previously PairingAuthenticator classes were responsible for handling client ID. This meant that in case there are multiple pairing authentication methods the client would have to resend the client_id if the host chooses different authentication method. Now the client ID is handled by the negotiating layer, so client_id needs to be sent only once. Also now NegotiatingAuthenticators create PairingAuthenticators even when falling back to PIN. This ensures that <pairing-failed> tag is always present when falling back to PIN. BUG= 593123 Review URL: https://codereview.chromium.org/1781173005 Cr-Commit-Position: refs/heads/master@{#381633} [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/authenticator.h [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/authenticator_test_base.cc [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/negotiating_authenticator_base.cc [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/negotiating_authenticator_base.h [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/negotiating_client_authenticator.cc [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/negotiating_client_authenticator.h [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/negotiating_host_authenticator.cc [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/negotiating_host_authenticator.h [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/pairing_authenticator_base.cc [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/pairing_authenticator_base.h [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/pairing_client_authenticator.cc [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/pairing_client_authenticator.h [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/pairing_host_authenticator.cc [modify] https://crrev.com/843ef124414456330cd297383d171bd3c8ee4c91/remoting/protocol/pairing_host_authenticator.h
,
Mar 17 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by bugdroid1@chromium.org
, Mar 12 2016