OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 5 #ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
6 #define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 6 #define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <memory> | 10 #include <memory> |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
44 // to the URL. | 44 // to the URL. |
45 // | 45 // |
46 // This method will store internal state in this instance used by calls to | 46 // This method will store internal state in this instance used by calls to |
47 // ValidateResponse(); if you need to have multiple pings in flight, | 47 // ValidateResponse(); if you need to have multiple pings in flight, |
48 // initialize a separate CUP-ECDSA instance for each one. | 48 // initialize a separate CUP-ECDSA instance for each one. |
49 void SignRequest(const base::StringPiece& request_body, | 49 void SignRequest(const base::StringPiece& request_body, |
50 std::string* query_params); | 50 std::string* query_params); |
51 | 51 |
52 // Validates a response given to a ping previously signed with | 52 // Validates a response given to a ping previously signed with |
53 // SignRequest(). |response_body| contains the body of the response in | 53 // SignRequest(). |response_body| contains the body of the response in |
54 // UTF-8. |server_proof| contains the ECDSA signature and observed request | 54 // UTF-8. |signature| contains the ECDSA signature and observed request |
55 // hash, which is passed in the ETag HTTP header. Returns true if the response | 55 // hash. Returns true if the response is valid and the observed request hash |
56 // is valid and the observed request hash matches the sent hash. This method | 56 // matches the sent hash. This method uses internal state that is set by a |
57 // uses internal state that is set by a prior SignRequest() call. | 57 // prior SignRequest() call. |
58 bool ValidateResponse(const base::StringPiece& response_body, | 58 bool ValidateResponse(const base::StringPiece& response_body, |
59 const base::StringPiece& server_etag); | 59 const base::StringPiece& signature); |
| 60 |
| 61 // Sets the key and nonce that were used to generate a signature that is baked |
| 62 // into a unit test. |
| 63 void OverrideNonceForTesting(int key_version, uint32_t nonce); |
60 | 64 |
61 private: | 65 private: |
62 friend class CupEcdsaTest; | |
63 | |
64 Ecdsa(int key_version, const base::StringPiece& public_key); | 66 Ecdsa(int key_version, const base::StringPiece& public_key); |
65 | 67 |
66 // The server keeps multiple signing keys; a version must be sent so that | 68 // The server keeps multiple signing keys; a version must be sent so that |
67 // the correct signing key is used to sign the assembled message. | 69 // the correct signing key is used to sign the assembled message. |
68 const int pub_key_version_; | 70 const int pub_key_version_; |
69 | 71 |
70 // The ECDSA public key to use for verifying response signatures. | 72 // The ECDSA public key to use for verifying response signatures. |
71 const std::vector<uint8_t> public_key_; | 73 const std::vector<uint8_t> public_key_; |
72 | 74 |
73 // The SHA-256 hash of the XML request. This is modified on each call to | 75 // The SHA-256 hash of the XML request. This is modified on each call to |
74 // SignRequest(), and checked by ValidateResponse(). | 76 // SignRequest(), and checked by ValidateResponse(). |
75 std::vector<uint8_t> request_hash_; | 77 std::vector<uint8_t> request_hash_; |
76 | 78 |
77 // The query string containing key version and nonce in UTF-8 form. This is | 79 // The query string containing key version and nonce in UTF-8 form. This is |
78 // modified on each call to SignRequest(), and checked by ValidateResponse(). | 80 // modified on each call to SignRequest(), and checked by ValidateResponse(). |
79 std::string request_query_cup2key_; | 81 std::string request_query_cup2key_; |
80 | 82 |
81 DISALLOW_IMPLICIT_CONSTRUCTORS(Ecdsa); | 83 DISALLOW_IMPLICIT_CONSTRUCTORS(Ecdsa); |
82 }; | 84 }; |
83 | 85 |
84 } // namespace client_update_protocol | 86 } // namespace client_update_protocol |
85 | 87 |
86 #endif // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 88 #endif // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
OLD | NEW |