components/client_update_protocol/ecdsa.h - Issue 1835823002: network_time_tracker: add temporary time protocol.

Side by Side Diff: components/client_update_protocol/ecdsa.h

Issue 1835823002: network_time_tracker: add temporary time protocol. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: scoped_refptr Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2016 The Chromium Authors. All rights reserved.	1 // Copyright 2016 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_	5 #ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_

6 #define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_	6 #define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_

7	7

8 #include <stdint.h>	8 #include <stdint.h>

9	9

10 #include <memory>	10 #include <memory>

11 #include <string>	11 #include <string>

12 #include <vector>	12 #include <vector>

13	13

14 #include "base/strings/string_piece.h"	14 #include "base/strings/string_piece.h"

15	15

	16 // Testing peers. There's a better way to do this, but it probably makes sense

	17 // to wait til there are one or two more.

	18 namespace network_time {

	19 class NetworkTimeTrackerTest;

	20 } // namespace network_time

	21

16 namespace client_update_protocol {	22 namespace client_update_protocol {

17	23

18 // Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha)	24 // Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha)

19 // servers to ensure freshness and authenticity of server responses over HTTP,	25 // servers to ensure freshness and authenticity of server responses over HTTP,

20 // without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, and	26 // without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, and

21 // no request replay protection.	27 // no request replay protection.

22 //	28 //

23 // CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256,	29 // CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256,

24 // instead of the original CUP which used HMAC-SHA1 with a random signing key	30 // instead of the original CUP which used HMAC-SHA1 with a random signing key

25 // encrypted using RSA.	31 // encrypted using RSA.

(...skipping 18 matching lines...) Expand all Loading...
44 // to the URL.	50 // to the URL.

45 //	51 //

46 // This method will store internal state in this instance used by calls to	52 // This method will store internal state in this instance used by calls to

47 // ValidateResponse(); if you need to have multiple pings in flight,	53 // ValidateResponse(); if you need to have multiple pings in flight,

48 // initialize a separate CUP-ECDSA instance for each one.	54 // initialize a separate CUP-ECDSA instance for each one.

49 void SignRequest(const base::StringPiece& request_body,	55 void SignRequest(const base::StringPiece& request_body,

50 std::string* query_params);	56 std::string* query_params);

51	57

52 // Validates a response given to a ping previously signed with	58 // Validates a response given to a ping previously signed with

53 // SignRequest(). \|response_body\| contains the body of the response in	59 // SignRequest(). \|response_body\| contains the body of the response in

54 // UTF-8. \|server_proof\| contains the ECDSA signature and observed request	60 // UTF-8. \|signature\| contains the ECDSA signature and observed request

55 // hash, which is passed in the ETag HTTP header. Returns true if the response	61 // hash. Returns true if the response is valid and the observed request hash

56 // is valid and the observed request hash matches the sent hash. This method	62 // matches the sent hash. This method uses internal state that is set by a

57 // uses internal state that is set by a prior SignRequest() call.	63 // prior SignRequest() call.

58 bool ValidateResponse(const base::StringPiece& response_body,	64 bool ValidateResponse(const base::StringPiece& response_body,

59 const base::StringPiece& server_etag);	65 const base::StringPiece& signature);

60	66

61 private:	67 private:

62 friend class CupEcdsaTest;	68 friend class CupEcdsaTest;

	69 friend class network_time::NetworkTimeTrackerTest;
	Ryan Sleevi 2016/04/29 22:54:15 FWIW, this feels like a layering violation (//comp FWIW, this feels like a layering violation (//components/client_update_protocol sets below //components/network_time/, so CUP shouldn't know about network_time, nor should network_time be reaching in to the implementation rather than the interface). The alternative way to do this would be something like OverrideKeyForTesting() or something (as a public method), which our presubmit code would enforce is only used in _unittest files. Whether that's strictly better is subjective - it leaks more of the interface out, such that anyone can use it, but keeps the dependencies better aligned. Just $.02 mab 2016/04/29 23:30:08 I didn't know the \|ForTesting\| suffix was enforced I didn't know the \|ForTesting\| suffix was enforced. That does change the balance. Done. waffles, you OK with this? waffles 2016/04/30 00:03:36 I'm OK with it. I'll admit it seems a little bit w Show quoted text On 2016/04/29 23:30:08, mab wrote: > I didn't know the \|ForTesting\| suffix was enforced. That does change the > balance. Done. > > waffles, you OK with this? I'm OK with it. I'll admit it seems a little bit weird to me.
63	70

64 Ecdsa(int key_version, const base::StringPiece& public_key);	71 Ecdsa(int key_version, const base::StringPiece& public_key);

65	72

66 // The server keeps multiple signing keys; a version must be sent so that	73 // The server keeps multiple signing keys; a version must be sent so that

67 // the correct signing key is used to sign the assembled message.	74 // the correct signing key is used to sign the assembled message.

68 const int pub_key_version_;	75 const int pub_key_version_;

69	76

70 // The ECDSA public key to use for verifying response signatures.	77 // The ECDSA public key to use for verifying response signatures.

71 const std::vector<uint8_t> public_key_;	78 const std::vector<uint8_t> public_key_;

72	79

73 // The SHA-256 hash of the XML request. This is modified on each call to	80 // The SHA-256 hash of the XML request. This is modified on each call to

74 // SignRequest(), and checked by ValidateResponse().	81 // SignRequest(), and checked by ValidateResponse().

75 std::vector<uint8_t> request_hash_;	82 std::vector<uint8_t> request_hash_;

76	83

77 // The query string containing key version and nonce in UTF-8 form. This is	84 // The query string containing key version and nonce in UTF-8 form. This is

78 // modified on each call to SignRequest(), and checked by ValidateResponse().	85 // modified on each call to SignRequest(), and checked by ValidateResponse().

79 std::string request_query_cup2key_;	86 std::string request_query_cup2key_;

80	87

81 DISALLOW_IMPLICIT_CONSTRUCTORS(Ecdsa);	88 DISALLOW_IMPLICIT_CONSTRUCTORS(Ecdsa);

82 };	89 };

83	90

84 } // namespace client_update_protocol	91 } // namespace client_update_protocol

85	92

86 #endif // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_	93 #endif // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_

OLD	NEW