| Index: google_apis/cup/client_update_protocol.cc
|
| diff --git a/google_apis/cup/client_update_protocol.cc b/google_apis/cup/client_update_protocol.cc
|
| deleted file mode 100644
|
| index afde3ab46b5b0d3cb693d64d2358aea904da2370..0000000000000000000000000000000000000000
|
| --- a/google_apis/cup/client_update_protocol.cc
|
| +++ /dev/null
|
| @@ -1,303 +0,0 @@
|
| -// Copyright 2013 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "google_apis/cup/client_update_protocol.h"
|
| -
|
| -#include "base/base64.h"
|
| -#include "base/logging.h"
|
| -#include "base/memory/scoped_ptr.h"
|
| -#include "base/sha1.h"
|
| -#include "base/strings/string_util.h"
|
| -#include "base/strings/stringprintf.h"
|
| -#include "crypto/hmac.h"
|
| -#include "crypto/random.h"
|
| -
|
| -namespace {
|
| -
|
| -base::StringPiece ByteVectorToSP(const std::vector<uint8>& vec) {
|
| - if (vec.empty())
|
| - return base::StringPiece();
|
| -
|
| - return base::StringPiece(reinterpret_cast<const char*>(&vec[0]), vec.size());
|
| -}
|
| -
|
| -// This class needs to implement the same hashing and signing functions as the
|
| -// Google Update server; for now, this is SHA-1 and HMAC-SHA1, but this may
|
| -// change to SHA-256 in the near future. For this reason, all primitives are
|
| -// wrapped. The name "SymSign" is used to mirror the CUP specification.
|
| -size_t HashDigestSize() {
|
| - return base::kSHA1Length;
|
| -}
|
| -
|
| -std::vector<uint8> Hash(const std::vector<uint8>& data) {
|
| - std::vector<uint8> result(HashDigestSize());
|
| - base::SHA1HashBytes(data.empty() ? NULL : &data[0],
|
| - data.size(),
|
| - &result[0]);
|
| - return result;
|
| -}
|
| -
|
| -std::vector<uint8> Hash(const base::StringPiece& sdata) {
|
| - std::vector<uint8> result(HashDigestSize());
|
| - base::SHA1HashBytes(sdata.empty() ?
|
| - NULL :
|
| - reinterpret_cast<const unsigned char*>(sdata.data()),
|
| - sdata.length(),
|
| - &result[0]);
|
| - return result;
|
| -}
|
| -
|
| -std::vector<uint8> SymConcat(uint8 id,
|
| - const std::vector<uint8>* h1,
|
| - const std::vector<uint8>* h2,
|
| - const std::vector<uint8>* h3) {
|
| - std::vector<uint8> result;
|
| - result.push_back(id);
|
| - const std::vector<uint8>* args[] = { h1, h2, h3 };
|
| - for (size_t i = 0; i != arraysize(args); ++i) {
|
| - if (args[i]) {
|
| - DCHECK_EQ(args[i]->size(), HashDigestSize());
|
| - result.insert(result.end(), args[i]->begin(), args[i]->end());
|
| - }
|
| - }
|
| -
|
| - return result;
|
| -}
|
| -
|
| -std::vector<uint8> SymSign(const std::vector<uint8>& key,
|
| - const std::vector<uint8>& hashes) {
|
| - DCHECK(!key.empty());
|
| - DCHECK(!hashes.empty());
|
| -
|
| - crypto::HMAC hmac(crypto::HMAC::SHA1);
|
| - if (!hmac.Init(&key[0], key.size()))
|
| - return std::vector<uint8>();
|
| -
|
| - std::vector<uint8> result(hmac.DigestLength());
|
| - if (!hmac.Sign(ByteVectorToSP(hashes), &result[0], result.size()))
|
| - return std::vector<uint8>();
|
| -
|
| - return result;
|
| -}
|
| -
|
| -bool SymSignVerify(const std::vector<uint8>& key,
|
| - const std::vector<uint8>& hashes,
|
| - const std::vector<uint8>& server_proof) {
|
| - DCHECK(!key.empty());
|
| - DCHECK(!hashes.empty());
|
| - DCHECK(!server_proof.empty());
|
| -
|
| - crypto::HMAC hmac(crypto::HMAC::SHA1);
|
| - if (!hmac.Init(&key[0], key.size()))
|
| - return false;
|
| -
|
| - return hmac.Verify(ByteVectorToSP(hashes), ByteVectorToSP(server_proof));
|
| -}
|
| -
|
| -// RsaPad() is implemented as described in the CUP spec. It is NOT a general
|
| -// purpose padding algorithm.
|
| -std::vector<uint8> RsaPad(size_t rsa_key_size,
|
| - const std::vector<uint8>& entropy) {
|
| - DCHECK_GE(rsa_key_size, HashDigestSize());
|
| -
|
| - // The result gets padded with zeros if the result size is greater than
|
| - // the size of the buffer provided by the caller.
|
| - std::vector<uint8> result(entropy);
|
| - result.resize(rsa_key_size - HashDigestSize());
|
| -
|
| - // For use with RSA, the input needs to be smaller than the RSA modulus,
|
| - // which has always the msb set.
|
| - result[0] &= 127; // Reset msb
|
| - result[0] |= 64; // Set second highest bit.
|
| -
|
| - std::vector<uint8> digest = Hash(result);
|
| - result.insert(result.end(), digest.begin(), digest.end());
|
| - DCHECK_EQ(result.size(), rsa_key_size);
|
| - return result;
|
| -}
|
| -
|
| -// CUP passes the versioned secret in the query portion of the URL for the
|
| -// update check service -- and that means that a URL-safe variant of Base64 is
|
| -// needed. Call the standard Base64 encoder/decoder and then apply fixups.
|
| -std::string UrlSafeB64Encode(const std::vector<uint8>& data) {
|
| - std::string result;
|
| - base::Base64Encode(ByteVectorToSP(data), &result);
|
| -
|
| - // Do an tr|+/|-_| on the output, and strip any '=' padding.
|
| - for (std::string::iterator it = result.begin(); it != result.end(); ++it) {
|
| - switch (*it) {
|
| - case '+':
|
| - *it = '-';
|
| - break;
|
| - case '/':
|
| - *it = '_';
|
| - break;
|
| - default:
|
| - break;
|
| - }
|
| - }
|
| - base::TrimString(result, "=", &result);
|
| -
|
| - return result;
|
| -}
|
| -
|
| -std::vector<uint8> UrlSafeB64Decode(const base::StringPiece& input) {
|
| - std::string unsafe(input.begin(), input.end());
|
| - for (std::string::iterator it = unsafe.begin(); it != unsafe.end(); ++it) {
|
| - switch (*it) {
|
| - case '-':
|
| - *it = '+';
|
| - break;
|
| - case '_':
|
| - *it = '/';
|
| - break;
|
| - default:
|
| - break;
|
| - }
|
| - }
|
| - if (unsafe.length() % 4)
|
| - unsafe.append(4 - (unsafe.length() % 4), '=');
|
| -
|
| - std::string decoded;
|
| - if (!base::Base64Decode(unsafe, &decoded))
|
| - return std::vector<uint8>();
|
| -
|
| - return std::vector<uint8>(decoded.begin(), decoded.end());
|
| -}
|
| -
|
| -} // end namespace
|
| -
|
| -ClientUpdateProtocol::ClientUpdateProtocol(int key_version)
|
| - : pub_key_version_(key_version) {
|
| -}
|
| -
|
| -scoped_ptr<ClientUpdateProtocol> ClientUpdateProtocol::Create(
|
| - int key_version,
|
| - const base::StringPiece& public_key) {
|
| - DCHECK_GT(key_version, 0);
|
| - DCHECK(!public_key.empty());
|
| -
|
| - scoped_ptr<ClientUpdateProtocol> result(
|
| - new ClientUpdateProtocol(key_version));
|
| - if (!result)
|
| - return scoped_ptr<ClientUpdateProtocol>();
|
| -
|
| - if (!result->LoadPublicKey(public_key))
|
| - return scoped_ptr<ClientUpdateProtocol>();
|
| -
|
| - if (!result->BuildRandomSharedKey())
|
| - return scoped_ptr<ClientUpdateProtocol>();
|
| -
|
| - return result.Pass();
|
| -}
|
| -
|
| -std::string ClientUpdateProtocol::GetVersionedSecret() const {
|
| - return base::StringPrintf("%d:%s",
|
| - pub_key_version_,
|
| - UrlSafeB64Encode(encrypted_key_source_).c_str());
|
| -}
|
| -
|
| -bool ClientUpdateProtocol::SignRequest(const base::StringPiece& url,
|
| - const base::StringPiece& request_body,
|
| - std::string* client_proof) {
|
| - DCHECK(!encrypted_key_source_.empty());
|
| - DCHECK(!url.empty());
|
| - DCHECK(!request_body.empty());
|
| - DCHECK(client_proof);
|
| -
|
| - // Compute the challenge hash:
|
| - // hw = HASH(HASH(v|w)|HASH(request_url)|HASH(body)).
|
| - // Keep the challenge hash for later to validate the server's response.
|
| - std::vector<uint8> internal_hashes;
|
| -
|
| - std::vector<uint8> h;
|
| - h = Hash(GetVersionedSecret());
|
| - internal_hashes.insert(internal_hashes.end(), h.begin(), h.end());
|
| - h = Hash(url);
|
| - internal_hashes.insert(internal_hashes.end(), h.begin(), h.end());
|
| - h = Hash(request_body);
|
| - internal_hashes.insert(internal_hashes.end(), h.begin(), h.end());
|
| - DCHECK_EQ(internal_hashes.size(), 3 * HashDigestSize());
|
| -
|
| - client_challenge_hash_ = Hash(internal_hashes);
|
| -
|
| - // Sign the challenge hash (hw) using the shared key (sk) to produce the
|
| - // client proof (cp).
|
| - std::vector<uint8> raw_client_proof =
|
| - SymSign(shared_key_, SymConcat(3, &client_challenge_hash_, NULL, NULL));
|
| - if (raw_client_proof.empty()) {
|
| - client_challenge_hash_.clear();
|
| - return false;
|
| - }
|
| -
|
| - *client_proof = UrlSafeB64Encode(raw_client_proof);
|
| - return true;
|
| -}
|
| -
|
| -bool ClientUpdateProtocol::ValidateResponse(
|
| - const base::StringPiece& response_body,
|
| - const base::StringPiece& server_cookie,
|
| - const base::StringPiece& server_proof) {
|
| - DCHECK(!client_challenge_hash_.empty());
|
| -
|
| - if (response_body.empty() || server_cookie.empty() || server_proof.empty())
|
| - return false;
|
| -
|
| - // Decode the server proof from URL-safe Base64 to a binary HMAC for the
|
| - // response.
|
| - std::vector<uint8> sp_decoded = UrlSafeB64Decode(server_proof);
|
| - if (sp_decoded.empty())
|
| - return false;
|
| -
|
| - // If the request was received by the server, the server will use its
|
| - // private key to decrypt |w_|, yielding the original contents of |r_|.
|
| - // The server can then recreate |sk_|, compute |hw_|, and SymSign(3|hw)
|
| - // to ensure that the cp matches the contents. It will then use |sk_|
|
| - // to sign its response, producing the server proof |sp|.
|
| - std::vector<uint8> hm = Hash(response_body);
|
| - std::vector<uint8> hc = Hash(server_cookie);
|
| - return SymSignVerify(shared_key_,
|
| - SymConcat(1, &client_challenge_hash_, &hm, &hc),
|
| - sp_decoded);
|
| -}
|
| -
|
| -bool ClientUpdateProtocol::BuildRandomSharedKey() {
|
| - DCHECK_GE(PublicKeyLength(), HashDigestSize());
|
| -
|
| - // Start by generating some random bytes that are suitable to be encrypted;
|
| - // this will be the source of the shared HMAC key that client and server use.
|
| - // (CUP specification calls this "r".)
|
| - std::vector<uint8> key_source;
|
| - std::vector<uint8> entropy(PublicKeyLength() - HashDigestSize());
|
| - crypto::RandBytes(&entropy[0], entropy.size());
|
| - key_source = RsaPad(PublicKeyLength(), entropy);
|
| -
|
| - return DeriveSharedKey(key_source);
|
| -}
|
| -
|
| -bool ClientUpdateProtocol::SetSharedKeyForTesting(
|
| - const base::StringPiece& key_source) {
|
| - DCHECK_EQ(key_source.length(), PublicKeyLength());
|
| -
|
| - return DeriveSharedKey(std::vector<uint8>(key_source.begin(),
|
| - key_source.end()));
|
| -}
|
| -
|
| -bool ClientUpdateProtocol::DeriveSharedKey(const std::vector<uint8>& source) {
|
| - DCHECK(!source.empty());
|
| - DCHECK_GE(source.size(), HashDigestSize());
|
| - DCHECK_EQ(source.size(), PublicKeyLength());
|
| -
|
| - // Hash the key source (r) to generate a new shared HMAC key (sk').
|
| - shared_key_ = Hash(source);
|
| -
|
| - // Encrypt the key source (r) using the public key (pk[v]) to generate the
|
| - // encrypted key source (w).
|
| - if (!EncryptKeySource(source))
|
| - return false;
|
| - if (encrypted_key_source_.size() != PublicKeyLength())
|
| - return false;
|
| -
|
| - return true;
|
| -}
|
|
|
Chromium Code Reviews
Issue 432953002:
Remove CUP from google_apis (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master