| Index: components/client_update_protocol/ecdsa.h
|
| diff --git a/components/update_client/client_update_protocol_ecdsa.h b/components/client_update_protocol/ecdsa.h
|
| similarity index 56%
|
| rename from components/update_client/client_update_protocol_ecdsa.h
|
| rename to components/client_update_protocol/ecdsa.h
|
| index 2459c8c8bee5a6cfe01ebb6a90c3ebb9ccd65084..3164315ed053323d4ced00c2d0f1eb25fbf57f03 100644
|
| --- a/components/update_client/client_update_protocol_ecdsa.h
|
| +++ b/components/client_update_protocol/ecdsa.h
|
| @@ -2,8 +2,8 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#ifndef COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_
|
| -#define COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_
|
| +#ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_
|
| +#define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_
|
|
|
| #include <stdint.h>
|
|
|
| @@ -13,57 +13,55 @@
|
| #include "base/memory/scoped_ptr.h"
|
| #include "base/strings/string_piece.h"
|
|
|
| -namespace update_client {
|
| +namespace client_update_protocol {
|
|
|
| // Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha)
|
| -// servers to ensure freshness and authenticity of update checks over HTTP,
|
| -// without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy,
|
| -// and no request replay protection (since update checks are idempotent).
|
| +// servers to ensure freshness and authenticity of server responses over HTTP,
|
| +// without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, and
|
| +// no request replay protection.
|
| //
|
| // CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256,
|
| // instead of the original CUP which used HMAC-SHA1 with a random signing key
|
| // encrypted using RSA.
|
| //
|
| -// Each ClientUpdateProtocolEcdsa object represents a single update check in
|
| -// flight -- a call to SignRequest() generates internal state that will be used
|
| -// by ValidateResponse().
|
| -class ClientUpdateProtocolEcdsa {
|
| +// Each |Ecdsa| object represents a single network ping in flight -- a call to
|
| +// SignRequest() generates internal state that will be used by
|
| +// ValidateResponse().
|
| +class Ecdsa {
|
| public:
|
| - ~ClientUpdateProtocolEcdsa();
|
| + ~Ecdsa();
|
|
|
| // Initializes this instance of CUP-ECDSA with a versioned public key.
|
| // |key_version| must be non-negative. |public_key| is expected to be a
|
| // DER-encoded ASN.1 SubjectPublicKeyInfo containing an ECDSA public key.
|
| // Returns a NULL pointer on failure.
|
| - static scoped_ptr<ClientUpdateProtocolEcdsa> Create(
|
| - int key_version,
|
| - const base::StringPiece& public_key);
|
| -
|
| - // Generates freshness/authentication data for an outgoing update check.
|
| - // |request_body| contains the body of the update check request in UTF-8.
|
| - // On return, |query_params| contains a set of query parameters (in UTF-8)
|
| - // to be appended to the URL.
|
| + static scoped_ptr<Ecdsa> Create(int key_version,
|
| + const base::StringPiece& public_key);
|
| +
|
| + // Generates freshness/authentication data for an outgoing ping.
|
| + // |request_body| contains the body of the ping in UTF-8. On return,
|
| + // |query_params| contains a set of query parameters (in UTF-8) to be appended
|
| + // to the URL.
|
| //
|
| // This method will store internal state in this instance used by calls to
|
| - // ValidateResponse(); if you need to have multiple update checks in flight,
|
| + // ValidateResponse(); if you need to have multiple pings in flight,
|
| // initialize a separate CUP-ECDSA instance for each one.
|
| void SignRequest(const base::StringPiece& request_body,
|
| std::string* query_params);
|
|
|
| - // Validates a response given to a update check request previously signed
|
| - // with SignRequest(). |response_body| contains the body of the response in
|
| + // Validates a response given to a ping previously signed with
|
| + // SignRequest(). |response_body| contains the body of the response in
|
| // UTF-8. |server_proof| contains the ECDSA signature and observed request
|
| - // hash, which is passed in the ETag HTTP header. Returns true if the
|
| - // response is valid and the observed request hash matches the sent hash.
|
| - // This method uses internal state that is set by a prior SignRequest() call.
|
| + // hash, which is passed in the ETag HTTP header. Returns true if the response
|
| + // is valid and the observed request hash matches the sent hash. This method
|
| + // uses internal state that is set by a prior SignRequest() call.
|
| bool ValidateResponse(const base::StringPiece& response_body,
|
| const base::StringPiece& server_etag);
|
|
|
| private:
|
| friend class CupEcdsaTest;
|
|
|
| - ClientUpdateProtocolEcdsa(int key_version,
|
| - const base::StringPiece& public_key);
|
| + Ecdsa(int key_version, const base::StringPiece& public_key);
|
|
|
| // The server keeps multiple signing keys; a version must be sent so that
|
| // the correct signing key is used to sign the assembled message.
|
| @@ -80,9 +78,9 @@ class ClientUpdateProtocolEcdsa {
|
| // modified on each call to SignRequest(), and checked by ValidateResponse().
|
| std::string request_query_cup2key_;
|
|
|
| - DISALLOW_IMPLICIT_CONSTRUCTORS(ClientUpdateProtocolEcdsa);
|
| + DISALLOW_IMPLICIT_CONSTRUCTORS(Ecdsa);
|
| };
|
|
|
| -} // namespace update_client
|
| +} // namespace client_update_protocol
|
|
|
| -#endif // COMPONENTS_UPDATE_CLIENT_CLIENT_UPDATE_PROTOCOL_ECDSA_H_
|
| +#endif // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_
|
|
|
Chromium Code Reviews
Issue 1805263002:
Move CUP to new component client_update_protocol (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master