| Index: components/update_client/client_update_protocol_ecdsa.cc
|
| diff --git a/components/update_client/client_update_protocol_ecdsa.cc b/components/update_client/client_update_protocol_ecdsa.cc
|
| deleted file mode 100644
|
| index cc67b71d385c2b8fc81ec06dfe9315e74a72ddf4..0000000000000000000000000000000000000000
|
| --- a/components/update_client/client_update_protocol_ecdsa.cc
|
| +++ /dev/null
|
| @@ -1,193 +0,0 @@
|
| -// Copyright 2016 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "components/update_client/client_update_protocol_ecdsa.h"
|
| -
|
| -#include "base/logging.h"
|
| -#include "base/macros.h"
|
| -#include "base/memory/scoped_ptr.h"
|
| -#include "base/strings/string_number_conversions.h"
|
| -#include "base/strings/string_piece.h"
|
| -#include "base/strings/string_util.h"
|
| -#include "base/strings/stringprintf.h"
|
| -#include "crypto/random.h"
|
| -#include "crypto/sha2.h"
|
| -#include "crypto/signature_verifier.h"
|
| -
|
| -namespace update_client {
|
| -
|
| -namespace {
|
| -
|
| -std::vector<uint8_t> SHA256HashStr(const base::StringPiece& str) {
|
| - std::vector<uint8_t> result(crypto::kSHA256Length);
|
| - crypto::SHA256HashString(str, &result.front(), result.size());
|
| - return result;
|
| -}
|
| -
|
| -std::vector<uint8_t> SHA256HashVec(const std::vector<uint8_t>& vec) {
|
| - if (vec.empty())
|
| - return SHA256HashStr(base::StringPiece());
|
| -
|
| - return SHA256HashStr(base::StringPiece(
|
| - reinterpret_cast<const char*>(&vec.front()), vec.size()));
|
| -}
|
| -
|
| -bool ParseETagHeader(const base::StringPiece& etag_header_value_in,
|
| - std::vector<uint8_t>* ecdsa_signature_out,
|
| - std::vector<uint8_t>* request_hash_out) {
|
| - DCHECK(ecdsa_signature_out);
|
| - DCHECK(request_hash_out);
|
| -
|
| - // The ETag value is a UTF-8 string, formatted as "S:H", where:
|
| - // * S is the ECDSA signature in DER-encoded ASN.1 form, converted to hex.
|
| - // * H is the SHA-256 hash of the observed request body, standard hex format.
|
| - // A Weak ETag is formatted as W/"S:H". This function treats it the same as a
|
| - // strong ETag.
|
| - base::StringPiece etag_header_value(etag_header_value_in);
|
| -
|
| - // Remove the weak prefix, then remove the begin and the end quotes.
|
| - const char kWeakETagPrefix[] = "W/";
|
| - if (etag_header_value.starts_with(kWeakETagPrefix))
|
| - etag_header_value.remove_prefix(arraysize(kWeakETagPrefix) - 1);
|
| - if (etag_header_value.size() >= 2 && etag_header_value.starts_with("\"") &&
|
| - etag_header_value.ends_with("\"")) {
|
| - etag_header_value.remove_prefix(1);
|
| - etag_header_value.remove_suffix(1);
|
| - }
|
| -
|
| - const base::StringPiece::size_type delim_pos = etag_header_value.find(':');
|
| - if (delim_pos == base::StringPiece::npos || delim_pos == 0 ||
|
| - delim_pos == etag_header_value.size() - 1)
|
| - return false;
|
| -
|
| - const base::StringPiece sig_hex = etag_header_value.substr(0, delim_pos);
|
| - const base::StringPiece hash_hex = etag_header_value.substr(delim_pos + 1);
|
| -
|
| - // Decode the ECDSA signature. Don't bother validating the contents of it;
|
| - // the SignatureValidator class will handle the actual DER decoding and
|
| - // ASN.1 parsing. Check for an expected size range only -- valid ECDSA
|
| - // signatures are between 8 and 72 bytes.
|
| - if (!base::HexStringToBytes(sig_hex.as_string(), ecdsa_signature_out))
|
| - return false;
|
| - if (ecdsa_signature_out->size() < 8 || ecdsa_signature_out->size() > 72)
|
| - return false;
|
| -
|
| - // Decode the SHA-256 hash; it should be exactly 32 bytes, no more or less.
|
| - if (!base::HexStringToBytes(hash_hex.as_string(), request_hash_out))
|
| - return false;
|
| - if (request_hash_out->size() != crypto::kSHA256Length)
|
| - return false;
|
| -
|
| - return true;
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -ClientUpdateProtocolEcdsa::ClientUpdateProtocolEcdsa(
|
| - int key_version,
|
| - const base::StringPiece& public_key)
|
| - : pub_key_version_(key_version),
|
| - public_key_(public_key.begin(), public_key.end()) {}
|
| -
|
| -ClientUpdateProtocolEcdsa::~ClientUpdateProtocolEcdsa() {}
|
| -
|
| -scoped_ptr<ClientUpdateProtocolEcdsa> ClientUpdateProtocolEcdsa::Create(
|
| - int key_version,
|
| - const base::StringPiece& public_key) {
|
| - DCHECK_GT(key_version, 0);
|
| - DCHECK(!public_key.empty());
|
| -
|
| - return make_scoped_ptr(
|
| - new ClientUpdateProtocolEcdsa(key_version, public_key));
|
| -}
|
| -
|
| -void ClientUpdateProtocolEcdsa::SignRequest(
|
| - const base::StringPiece& request_body,
|
| - std::string* query_params) {
|
| - DCHECK(!request_body.empty());
|
| - DCHECK(query_params);
|
| -
|
| - // Generate a random nonce to use for freshness, build the cup2key query
|
| - // string, and compute the SHA-256 hash of the request body. Set these
|
| - // two pieces of data aside to use during ValidateResponse().
|
| - uint32_t nonce = 0;
|
| - crypto::RandBytes(&nonce, sizeof(nonce));
|
| - request_query_cup2key_ = base::StringPrintf("%d:%u", pub_key_version_, nonce);
|
| - request_hash_ = SHA256HashStr(request_body);
|
| -
|
| - // Return the query string for the user to send with the request.
|
| - std::string request_hash_hex =
|
| - base::HexEncode(&request_hash_.front(), request_hash_.size());
|
| - request_hash_hex = base::ToLowerASCII(request_hash_hex);
|
| -
|
| - *query_params = base::StringPrintf("cup2key=%s&cup2hreq=%s",
|
| - request_query_cup2key_.c_str(),
|
| - request_hash_hex.c_str());
|
| -}
|
| -
|
| -bool ClientUpdateProtocolEcdsa::ValidateResponse(
|
| - const base::StringPiece& response_body,
|
| - const base::StringPiece& server_etag) {
|
| - DCHECK(!request_hash_.empty());
|
| - DCHECK(!request_query_cup2key_.empty());
|
| -
|
| - if (response_body.empty() || server_etag.empty())
|
| - return false;
|
| -
|
| - // Break the ETag into its two components (the ECDSA signature, and the
|
| - // hash of the request that the server observed) and decode to byte buffers.
|
| - std::vector<uint8_t> signature;
|
| - std::vector<uint8_t> observed_request_hash;
|
| - if (!ParseETagHeader(server_etag, &signature, &observed_request_hash))
|
| - return false;
|
| -
|
| - // Check that the server's observed request hash is equal to the original
|
| - // request hash. (This is a quick rejection test; the signature test is
|
| - // authoritative, but slower.)
|
| - DCHECK_EQ(request_hash_.size(), crypto::kSHA256Length);
|
| - if (observed_request_hash.size() != crypto::kSHA256Length)
|
| - return false;
|
| - if (!std::equal(observed_request_hash.begin(), observed_request_hash.end(),
|
| - request_hash_.begin()))
|
| - return false;
|
| -
|
| - // Next, build the buffer that the server will have signed on its end:
|
| - // hash( hash(request) | hash(response) | cup2key_query_string )
|
| - // When building the client's version of the buffer, it's important to use
|
| - // the original request hash that it attempted to send, and not the observed
|
| - // request hash that the server sent back to us.
|
| - const std::vector<uint8_t> response_hash = SHA256HashStr(response_body);
|
| -
|
| - std::vector<uint8_t> signed_message;
|
| - signed_message.insert(signed_message.end(), request_hash_.begin(),
|
| - request_hash_.end());
|
| - signed_message.insert(signed_message.end(), response_hash.begin(),
|
| - response_hash.end());
|
| - signed_message.insert(signed_message.end(), request_query_cup2key_.begin(),
|
| - request_query_cup2key_.end());
|
| -
|
| - const std::vector<uint8_t> signed_message_hash =
|
| - SHA256HashVec(signed_message);
|
| -
|
| - // Initialize the signature verifier.
|
| - crypto::SignatureVerifier verifier;
|
| - if (!verifier.VerifyInit(
|
| - crypto::SignatureVerifier::ECDSA_SHA256, &signature.front(),
|
| - static_cast<int>(signature.size()), &public_key_.front(),
|
| - static_cast<int>(public_key_.size()))) {
|
| - DVLOG(1) << "Couldn't init SignatureVerifier.";
|
| - return false;
|
| - }
|
| -
|
| - // If the verification fails, that implies one of two outcomes:
|
| - // * The signature was modified
|
| - // * The buffer that the server signed does not match the buffer that the
|
| - // client assembled -- implying that either request body or response body
|
| - // was modified, or a different nonce value was used.
|
| - verifier.VerifyUpdate(&signed_message_hash.front(),
|
| - static_cast<int>(signed_message_hash.size()));
|
| - return verifier.VerifyFinal();
|
| -}
|
| -
|
| -} // namespace update_client
|
|
|
Chromium Code Reviews
Issue 1805263002:
Move CUP to new component client_update_protocol (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master