File: ecdsa.h

package info (click to toggle)
chromium 138.0.7204.157-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,864 kB
  • sloc: cpp: 34,936,859; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,967; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (103 lines) | stat: -rw-r--r-- 4,190 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_
#define COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_

#include <array>
#include <cstdint>
#include <memory>
#include <string>
#include <string_view>
#include <vector>

#include "crypto/hash.h"
#include "crypto/keypair.h"

namespace client_update_protocol {

// Client Update Protocol v2, or CUP-ECDSA, is used by Google Update (Omaha)
// servers to ensure freshness and authenticity of server responses over HTTP,
// without the overhead of HTTPS -- namely, no PKI, no guarantee of privacy, and
// no request replay protection.
//
// CUP-ECDSA relies on a single signing operation using ECDSA with SHA-256,
// instead of the original CUP which used HMAC-SHA1 with a random signing key
// encrypted using RSA.
//
// Each |Ecdsa| object represents a single network ping in flight -- a call to
// SignRequest() generates internal state that will be used by
// ValidateResponse().
class Ecdsa {
 public:
  Ecdsa() = delete;
  Ecdsa(const Ecdsa&) = delete;
  Ecdsa& operator=(const Ecdsa&) = delete;

  ~Ecdsa();

  struct RequestParameters {
    std::string query_cup2key;
    std::string hash_hex;
  };

  // Initializes this instance of CUP-ECDSA with a versioned public key.
  // |key_version| must be non-negative. |public_key| is expected to be a
  // DER-encoded ASN.1 SubjectPublicKeyInfo containing an ECDSA public key.
  Ecdsa(int key_version, base::span<const uint8_t> public_key);

  // Generates freshness/authentication data for an outgoing ping.
  // |request_body| contains the body of the ping in UTF-8.  On return,
  // |query_params| contains a set of query parameters (in UTF-8) to be appended
  // to the URL.
  //
  // This method will store internal state in this instance used by calls to
  // ValidateResponse(); if you need to have multiple pings in flight,
  // initialize a separate CUP-ECDSA instance for each one.
  void SignRequest(std::string_view request_body, std::string* query_params);

  // Generates freshness/authentication data for an outgoing ping.
  // |request_body| contains the body of the ping in UTF-8. Returns the
  // parameters that must be sent to the server for ECDSA authentication.
  //
  // This method will store internal state in this instance used by calls to
  // ValidateResponse(); if you need to have multiple pings in flight,
  // initialize a separate CUP-ECDSA instance for each one.
  RequestParameters SignRequest(std::string_view request_body);

  // Validates a response given to a ping previously signed with
  // SignRequest(). |response_body| contains the body of the response in
  // UTF-8. |signature| contains the ECDSA signature and observed request
  // hash. Returns true if the response is valid and the observed request hash
  // matches the sent hash.  This method uses internal state that is set by a
  // prior SignRequest() call.
  bool ValidateResponse(std::string_view response_body,
                        std::string_view signature);

  // Sets the key and nonce that were used to generate a signature that is baked
  // into a unit test. Note this function encodes |nonce| in decimal, while
  // non-test paths use a base64url-encoded, 256-bit string.
  void OverrideNonceForTesting(int key_version, uint32_t nonce);

 private:

  // The server keeps multiple signing keys; a version must be sent so that
  // the correct signing key is used to sign the assembled message.
  const int pub_key_version_;

  // The ECDSA public key to use for verifying response signatures.
  const crypto::keypair::PublicKey public_key_;

  // The SHA-256 hash of the XML request.  This is modified on each call to
  // SignRequest(), and checked by ValidateResponse().
  std::array<uint8_t, crypto::hash::kSha256Size> request_hash_;

  // The query string containing key version and nonce in UTF-8 form.  This is
  // modified on each call to SignRequest(), and checked by ValidateResponse().
  std::string request_query_cup2key_;
};

}  // namespace client_update_protocol

#endif  // COMPONENTS_CLIENT_UPDATE_PROTOCOL_ECDSA_H_