OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 5 #ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
6 #define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 6 #define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
| 10 #include <memory> |
10 #include <string> | 11 #include <string> |
11 #include <vector> | 12 #include <vector> |
12 | 13 |
13 #include "base/memory/scoped_ptr.h" | |
14 #include "base/strings/string_piece.h" | 14 #include "base/strings/string_piece.h" |
15 | 15 |
16 namespace client_update_protocol { | 16 namespace client_update_protocol { |
17 | 17 |
18 // Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha) | 18 // Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha) |
19 // servers to ensure freshness and authenticity of server responses over HTTP, | 19 // servers to ensure freshness and authenticity of server responses over HTTP, |
20 // without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, and | 20 // without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, and |
21 // no request replay protection. | 21 // no request replay protection. |
22 // | 22 // |
23 // CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256, | 23 // CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256, |
24 // instead of the original CUP which used HMAC-SHA1 with a random signing key | 24 // instead of the original CUP which used HMAC-SHA1 with a random signing key |
25 // encrypted using RSA. | 25 // encrypted using RSA. |
26 // | 26 // |
27 // Each |Ecdsa| object represents a single network ping in flight -- a call to | 27 // Each |Ecdsa| object represents a single network ping in flight -- a call to |
28 // SignRequest() generates internal state that will be used by | 28 // SignRequest() generates internal state that will be used by |
29 // ValidateResponse(). | 29 // ValidateResponse(). |
30 class Ecdsa { | 30 class Ecdsa { |
31 public: | 31 public: |
32 ~Ecdsa(); | 32 ~Ecdsa(); |
33 | 33 |
34 // Initializes this instance of CUP-ECDSA with a versioned public key. | 34 // Initializes this instance of CUP-ECDSA with a versioned public key. |
35 // |key_version| must be non-negative. |public_key| is expected to be a | 35 // |key_version| must be non-negative. |public_key| is expected to be a |
36 // DER-encoded ASN.1 SubjectPublicKeyInfo containing an ECDSA public key. | 36 // DER-encoded ASN.1 SubjectPublicKeyInfo containing an ECDSA public key. |
37 // Returns a NULL pointer on failure. | 37 // Returns a NULL pointer on failure. |
38 static scoped_ptr<Ecdsa> Create(int key_version, | 38 static std::unique_ptr<Ecdsa> Create(int key_version, |
39 const base::StringPiece& public_key); | 39 const base::StringPiece& public_key); |
40 | 40 |
41 // Generates freshness/authentication data for an outgoing ping. | 41 // Generates freshness/authentication data for an outgoing ping. |
42 // |request_body| contains the body of the ping in UTF-8. On return, | 42 // |request_body| contains the body of the ping in UTF-8. On return, |
43 // |query_params| contains a set of query parameters (in UTF-8) to be appended | 43 // |query_params| contains a set of query parameters (in UTF-8) to be appended |
44 // to the URL. | 44 // to the URL. |
45 // | 45 // |
46 // This method will store internal state in this instance used by calls to | 46 // This method will store internal state in this instance used by calls to |
47 // ValidateResponse(); if you need to have multiple pings in flight, | 47 // ValidateResponse(); if you need to have multiple pings in flight, |
48 // initialize a separate CUP-ECDSA instance for each one. | 48 // initialize a separate CUP-ECDSA instance for each one. |
49 void SignRequest(const base::StringPiece& request_body, | 49 void SignRequest(const base::StringPiece& request_body, |
(...skipping 27 matching lines...) Expand all Loading... |
77 // The query string containing key version and nonce in UTF-8 form. This is | 77 // The query string containing key version and nonce in UTF-8 form. This is |
78 // modified on each call to SignRequest(), and checked by ValidateResponse(). | 78 // modified on each call to SignRequest(), and checked by ValidateResponse(). |
79 std::string request_query_cup2key_; | 79 std::string request_query_cup2key_; |
80 | 80 |
81 DISALLOW_IMPLICIT_CONSTRUCTORS(Ecdsa); | 81 DISALLOW_IMPLICIT_CONSTRUCTORS(Ecdsa); |
82 }; | 82 }; |
83 | 83 |
84 } // namespace client_update_protocol | 84 } // namespace client_update_protocol |
85 | 85 |
86 #endif // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ | 86 #endif // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_ |
OLD | NEW |