| // Copyright 2016 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
| #define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
| |
| #include <stdint.h> |
| |
| #include <memory> |
| #include <string> |
| #include <vector> |
| |
| #include "base/strings/string_piece.h" |
| |
| namespace client_update_protocol { |
| |
| // Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha) |
| // servers to ensure freshness and authenticity of server responses over HTTP, |
| // without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, and |
| // no request replay protection. |
| // |
| // CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256, |
| // instead of the original CUP which used HMAC-SHA1 with a random signing key |
| // encrypted using RSA. |
| // |
| // Each |Ecdsa| object represents a single network ping in flight -- a call to |
| // SignRequest() generates internal state that will be used by |
| // ValidateResponse(). |
| class Ecdsa { |
| public: |
| ~Ecdsa(); |
| |
| // Initializes this instance of CUP-ECDSA with a versioned public key. |
| // |key_version| must be non-negative. |public_key| is expected to be a |
| // DER-encoded ASN.1 SubjectPublicKeyInfo containing an ECDSA public key. |
| // Returns a NULL pointer on failure. |
| static std::unique_ptr<Ecdsa> Create(int key_version, |
| const base::StringPiece& public_key); |
| |
| // Generates freshness/authentication data for an outgoing ping. |
| // |request_body| contains the body of the ping in UTF-8. On return, |
| // |query_params| contains a set of query parameters (in UTF-8) to be appended |
| // to the URL. |
| // |
| // This method will store internal state in this instance used by calls to |
| // ValidateResponse(); if you need to have multiple pings in flight, |
| // initialize a separate CUP-ECDSA instance for each one. |
| void SignRequest(const base::StringPiece& request_body, |
| std::string* query_params); |
| |
| // Validates a response given to a ping previously signed with |
| // SignRequest(). |response_body| contains the body of the response in |
| // UTF-8. |signature| contains the ECDSA signature and observed request |
| // hash. Returns true if the response is valid and the observed request hash |
| // matches the sent hash. This method uses internal state that is set by a |
| // prior SignRequest() call. |
| bool ValidateResponse(const base::StringPiece& response_body, |
| const base::StringPiece& signature); |
| |
| // Sets the key and nonce that were used to generate a signature that is baked |
| // into a unit test. |
| void OverrideNonceForTesting(int key_version, uint32_t nonce); |
| |
| private: |
| Ecdsa(int key_version, const base::StringPiece& public_key); |
| |
| // The server keeps multiple signing keys; a version must be sent so that |
| // the correct signing key is used to sign the assembled message. |
| const int pub_key_version_; |
| |
| // The ECDSA public key to use for verifying response signatures. |
| const std::vector<uint8_t> public_key_; |
| |
| // The SHA-256 hash of the XML request. This is modified on each call to |
| // SignRequest(), and checked by ValidateResponse(). |
| std::vector<uint8_t> request_hash_; |
| |
| // The query string containing key version and nonce in UTF-8 form. This is |
| // modified on each call to SignRequest(), and checked by ValidateResponse(). |
| std::string request_query_cup2key_; |
| |
| DISALLOW_IMPLICIT_CONSTRUCTORS(Ecdsa); |
| }; |
| |
| } // namespace client_update_protocol |
| |
| #endif // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
