Move CUP to new component client_update_protocol

components/update_client/client_update_protocol_ecdsa.cc

-// Copyright 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "components/update_client/client_update_protocol_ecdsa.h"
-
-#include "base/logging.h"
-#include "base/macros.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/strings/string_number_conversions.h"
-#include "base/strings/string_piece.h"
-#include "base/strings/string_util.h"
-#include "base/strings/stringprintf.h"
-#include "crypto/random.h"
-#include "crypto/sha2.h"
-#include "crypto/signature_verifier.h"
-
-namespace update_client {
-
-namespace {
-
-std::vector<uint8_t> SHA256HashStr(const base::StringPiece& str) {
-  std::vector<uint8_t> result(crypto::kSHA256Length);
-  crypto::SHA256HashString(str, &result.front(), result.size());
-  return result;
-}
-
-std::vector<uint8_t> SHA256HashVec(const std::vector<uint8_t>& vec) {
-  if (vec.empty())
-    return SHA256HashStr(base::StringPiece());
-
-  return SHA256HashStr(base::StringPiece(
-      reinterpret_cast<const char*>(&vec.front()), vec.size()));
-}
-
-bool ParseETagHeader(const base::StringPiece& etag_header_value_in,
-                     std::vector<uint8_t>* ecdsa_signature_out,
-                     std::vector<uint8_t>* request_hash_out) {
-  DCHECK(ecdsa_signature_out);
-  DCHECK(request_hash_out);
-
-  // The ETag value is a UTF-8 string, formatted as "S:H", where:
-  // * S is the ECDSA signature in DER-encoded ASN.1 form, converted to hex.
-  // * H is the SHA-256 hash of the observed request body, standard hex format.
-  // A Weak ETag is formatted as W/"S:H". This function treats it the same as a
-  // strong ETag.
-  base::StringPiece etag_header_value(etag_header_value_in);
-
-  // Remove the weak prefix, then remove the begin and the end quotes.
-  const char kWeakETagPrefix[] = "W/";
-  if (etag_header_value.starts_with(kWeakETagPrefix))
-    etag_header_value.remove_prefix(arraysize(kWeakETagPrefix) - 1);
-  if (etag_header_value.size() >= 2 && etag_header_value.starts_with("\"") &&
-      etag_header_value.ends_with("\"")) {
-    etag_header_value.remove_prefix(1);
-    etag_header_value.remove_suffix(1);
-  }
-
-  const base::StringPiece::size_type delim_pos = etag_header_value.find(':');
-  if (delim_pos == base::StringPiece::npos || delim_pos == 0 ||
-      delim_pos == etag_header_value.size() - 1)
-    return false;
-
-  const base::StringPiece sig_hex = etag_header_value.substr(0, delim_pos);
-  const base::StringPiece hash_hex = etag_header_value.substr(delim_pos + 1);
-
-  // Decode the ECDSA signature. Don't bother validating the contents of it;
-  // the SignatureValidator class will handle the actual DER decoding and
-  // ASN.1 parsing. Check for an expected size range only -- valid ECDSA
-  // signatures are between 8 and 72 bytes.
-  if (!base::HexStringToBytes(sig_hex.as_string(), ecdsa_signature_out))
-    return false;
-  if (ecdsa_signature_out->size() < 8 || ecdsa_signature_out->size() > 72)
-    return false;
-
-  // Decode the SHA-256 hash; it should be exactly 32 bytes, no more or less.
-  if (!base::HexStringToBytes(hash_hex.as_string(), request_hash_out))
-    return false;
-  if (request_hash_out->size() != crypto::kSHA256Length)
-    return false;
-
-  return true;
-}
-
-}  // namespace
-
-ClientUpdateProtocolEcdsa::ClientUpdateProtocolEcdsa(
-    int key_version,
-    const base::StringPiece& public_key)
-    : pub_key_version_(key_version),
-      public_key_(public_key.begin(), public_key.end()) {}
-
-ClientUpdateProtocolEcdsa::~ClientUpdateProtocolEcdsa() {}
-
-scoped_ptr<ClientUpdateProtocolEcdsa> ClientUpdateProtocolEcdsa::Create(
-    int key_version,
-    const base::StringPiece& public_key) {
-  DCHECK_GT(key_version, 0);
-  DCHECK(!public_key.empty());
-
-  return make_scoped_ptr(
-      new ClientUpdateProtocolEcdsa(key_version, public_key));
-}
-
-void ClientUpdateProtocolEcdsa::SignRequest(
-    const base::StringPiece& request_body,
-    std::string* query_params) {
-  DCHECK(!request_body.empty());
-  DCHECK(query_params);
-
-  // Generate a random nonce to use for freshness, build the cup2key query
-  // string, and compute the SHA-256 hash of the request body. Set these
-  // two pieces of data aside to use during ValidateResponse().
-  uint32_t nonce = 0;
-  crypto::RandBytes(&nonce, sizeof(nonce));
-  request_query_cup2key_ = base::StringPrintf("%d:%u", pub_key_version_, nonce);
-  request_hash_ = SHA256HashStr(request_body);
-
-  // Return the query string for the user to send with the request.
-  std::string request_hash_hex =
-      base::HexEncode(&request_hash_.front(), request_hash_.size());
-  request_hash_hex = base::ToLowerASCII(request_hash_hex);
-
-  *query_params = base::StringPrintf("cup2key=%s&cup2hreq=%s",
-                                     request_query_cup2key_.c_str(),
-                                     request_hash_hex.c_str());
-}
-
-bool ClientUpdateProtocolEcdsa::ValidateResponse(
-    const base::StringPiece& response_body,
-    const base::StringPiece& server_etag) {
-  DCHECK(!request_hash_.empty());
-  DCHECK(!request_query_cup2key_.empty());
-
-  if (response_body.empty() || server_etag.empty())
-    return false;
-
-  // Break the ETag into its two components (the ECDSA signature, and the
-  // hash of the request that the server observed) and decode to byte buffers.
-  std::vector<uint8_t> signature;
-  std::vector<uint8_t> observed_request_hash;
-  if (!ParseETagHeader(server_etag, &signature, &observed_request_hash))
-    return false;
-
-  // Check that the server's observed request hash is equal to the original
-  // request hash. (This is a quick rejection test; the signature test is
-  // authoritative, but slower.)
-  DCHECK_EQ(request_hash_.size(), crypto::kSHA256Length);
-  if (observed_request_hash.size() != crypto::kSHA256Length)
-    return false;
-  if (!std::equal(observed_request_hash.begin(), observed_request_hash.end(),
-                  request_hash_.begin()))
-    return false;
-
-  // Next, build the buffer that the server will have signed on its end:
-  //   hash( hash(request) | hash(response) | cup2key_query_string )
-  // When building the client's version of the buffer, it's important to use
-  // the original request hash that it attempted to send, and not the observed
-  // request hash that the server sent back to us.
-  const std::vector<uint8_t> response_hash = SHA256HashStr(response_body);
-
-  std::vector<uint8_t> signed_message;
-  signed_message.insert(signed_message.end(), request_hash_.begin(),
-                        request_hash_.end());
-  signed_message.insert(signed_message.end(), response_hash.begin(),
-                        response_hash.end());
-  signed_message.insert(signed_message.end(), request_query_cup2key_.begin(),
-                        request_query_cup2key_.end());
-
-  const std::vector<uint8_t> signed_message_hash =
-      SHA256HashVec(signed_message);
-
-  // Initialize the signature verifier.
-  crypto::SignatureVerifier verifier;
-  if (!verifier.VerifyInit(
-          crypto::SignatureVerifier::ECDSA_SHA256, &signature.front(),
-          static_cast<int>(signature.size()), &public_key_.front(),
-          static_cast<int>(public_key_.size()))) {
-    DVLOG(1) << "Couldn't init SignatureVerifier.";
-    return false;
-  }
-
-  // If the verification fails, that implies one of two outcomes:
-  // * The signature was modified
-  // * The buffer that the server signed does not match the buffer that the
-  //   client assembled -- implying that either request body or response body
-  //   was modified, or a different nonce value was used.
-  verifier.VerifyUpdate(&signed_message_hash.front(),
-                        static_cast<int>(signed_message_hash.size()));
-  return verifier.VerifyFinal();
-}
-
-}  // namespace update_client