| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 5 #ifndef COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
| 6 #define COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 6 #define COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <string> | 10 #include <string> |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
| 14 #include "base/strings/string_piece.h" | 14 #include "base/strings/string_piece.h" |
| 15 | 15 |
| 16 namespace update_client { |
| 17 |
| 16 // Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha) | 18 // Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha) |
| 17 // servers to ensure freshness and authenticity of update checks over HTTP, | 19 // servers to ensure freshness and authenticity of update checks over HTTP, |
| 18 // without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, | 20 // without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, |
| 19 // and no request replay protection (since update checks are idempotent). | 21 // and no request replay protection (since update checks are idempotent). |
| 20 // | 22 // |
| 21 // CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256, | 23 // CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256, |
| 22 // instead of the original CUP which used HMAC-SHA1 with a random signing key | 24 // instead of the original CUP which used HMAC-SHA1 with a random signing key |
| 23 // encrypted using RSA. | 25 // encrypted using RSA. |
| 24 // | 26 // |
| 25 // Each ClientUpdateProtocolEcdsa object represents a single update check in | 27 // Each ClientUpdateProtocolEcdsa object represents a single update check in |
| (...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 // SignRequest(), and checked by ValidateResponse(). | 76 // SignRequest(), and checked by ValidateResponse(). |
| 75 std::vector<uint8_t> request_hash_; | 77 std::vector<uint8_t> request_hash_; |
| 76 | 78 |
| 77 // The query string containing key version and nonce in UTF-8 form. This is | 79 // The query string containing key version and nonce in UTF-8 form. This is |
| 78 // modified on each call to SignRequest(), and checked by ValidateResponse(). | 80 // modified on each call to SignRequest(), and checked by ValidateResponse(). |
| 79 std::string request_query_cup2key_; | 81 std::string request_query_cup2key_; |
| 80 | 82 |
| 81 DISALLOW_IMPLICIT_CONSTRUCTORS(ClientUpdateProtocolEcdsa); | 83 DISALLOW_IMPLICIT_CONSTRUCTORS(ClientUpdateProtocolEcdsa); |
| 82 }; | 84 }; |
| 83 | 85 |
| 86 } // namespace update_client |
| 87 |
| 84 #endif // COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 88 #endif // COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1685323002:
Implement CUP signing in UpdateClient. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master