Update CUP ECDSA Public Keys

These keys are pinned in the client and rotated annually.

Bug: 820479
Change-Id: I5d38e7ac182d6794d86354334a7a92ab6da67c8a
Reviewed-on: https://chromium-review.googlesource.com/956974
Commit-Queue: Joshua Pawlicki <waffles@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Reviewed-by: Sorin Jianu <sorin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#546088}

chrome/browser/ssl/ssl_browsertest.cc

@@ -4391,8 +4391,8 @@ class DelayableNetworkTimeURLRequestJob : public net::URLRequestJob {
   int ReadRawData(net::IOBuffer* buf, int buf_size) override {
     int bytes_read =
         std::min(static_cast<size_t>(buf_size),
-                 strlen(network_time::kGoodTimeResponseBody) - data_offset_);
-    memcpy(buf->data(), network_time::kGoodTimeResponseBody + data_offset_,
+                 strlen(network_time::kGoodTimeResponseBody[0]) - data_offset_);
+    memcpy(buf->data(), network_time::kGoodTimeResponseBody[0] + data_offset_,
            bytes_read);
     data_offset_ += bytes_read;
     return bytes_read;
@@ -4405,13 +4405,13 @@ class DelayableNetworkTimeURLRequestJob : public net::URLRequestJob {
         "Content-type: text/plain\n");
     headers.append(base::StringPrintf(
         "Content-Length: %1d\n",
-        static_cast<int>(strlen(network_time::kGoodTimeResponseBody))));
+        static_cast<int>(strlen(network_time::kGoodTimeResponseBody[0]))));
     info->headers =
         new net::HttpResponseHeaders(net::HttpUtil::AssembleRawHeaders(
             headers.c_str(), static_cast<int>(headers.length())));
     info->headers->AddHeader(
         "x-cup-server-proof: " +
-        std::string(network_time::kGoodTimeResponseServerProofHeader));
+        std::string(network_time::kGoodTimeResponseServerProofHeader[0]));
   }
 
   // Resumes a previously started request that was delayed. If no
@@ -4602,7 +4602,7 @@ IN_PROC_BROWSER_TEST_P(SSLNetworkTimeBrowserTest, OnDemandFetchClockOk) {
   base::SimpleTestClock testing_clock;
   SSLErrorHandler::SetClockForTesting(&testing_clock);
   testing_clock.SetNow(
-      base::Time::FromJsTime(network_time::kGoodTimeResponseHandlerJsTime));
+      base::Time::FromJsTime(network_time::kGoodTimeResponseHandlerJsTime[0]));
   // Set the build time to match the testing clock, to ensure that the
   // build time heuristic doesn't fire.
   ssl_errors::SetBuildTimeForTesting(testing_clock.Now());
@@ -4650,7 +4650,7 @@ IN_PROC_BROWSER_TEST_P(SSLNetworkTimeBrowserTest, OnDemandFetchClockWrong) {
   base::SimpleTestClock testing_clock;
   SSLErrorHandler::SetClockForTesting(&testing_clock);
   testing_clock.SetNow(
-      base::Time::FromJsTime(network_time::kGoodTimeResponseHandlerJsTime));
+      base::Time::FromJsTime(network_time::kGoodTimeResponseHandlerJsTime[0]));
   testing_clock.Advance(base::TimeDelta::FromDays(30));
   // Set the build time to match the testing clock, to ensure that the
   // build time heuristic doesn't fire.

components/network_time/network_time_test_utils.cc

@@ -20,33 +20,35 @@ namespace network_time {
 
 // Update as follows:
 //
-// curl http://clients2.google.com/time/1/current?cup2key=1:123123123
+// curl -i http://clients2.google.com/time/1/current?cup2key=2:123123123
 //
-// where 1 is the key version and 123123123 is the nonce.  Copy the
+// where 2 is the key version and 123123123 is the nonce.  Copy the
 // response and the x-cup-server-proof header into
 // |kGoodTimeResponseBody| and |kGoodTimeResponseServerProofHeader|
 // respectively, and the 'current_time_millis' value of the response
 // into |kGoodTimeResponseHandlerJsTime|.
-const char kGoodTimeResponseBody[] =
-    ")]}'\n"
-    "{\"current_time_millis\":1461621971825"
-    ",\"server_nonce\":-6."
-    "006853099049523E85}";
-const char kGoodTimeResponseServerProofHeader[] =
-    "304402202e0f24db1ea69f1bbe81da4108f381fcf7a2781c53cf7663cb47083cb5fe8e"
-    "fd"
-    "022009d2b67c0deceaaf849f7c529be96701ed5f15d5efcaf401a94e0801accc9832:"
-    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
-const double kGoodTimeResponseHandlerJsTime = 1461621971825;
+const char* kGoodTimeResponseBody[] = {
+    ")]}'\n{\"current_time_millis\":1522081016324,"
+    "\"server_nonce\":-1.475187036492045E154}",
+    ")]}'\n{\"current_time_millis\":1522096305984,"
+    "\"server_nonce\":-1.1926302260014708E-276}"};
+const char* kGoodTimeResponseServerProofHeader[] = {
+    "3046022100c0351a20558bac037253f3969547f82805b340f51de06461e83f33b41f8e85d3"
+    "022100d04162c448438e5462df4bf6171ef26c53ec7d3a0cb915409e8bec6c99c69c67:"
+    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+    "304402201758cc66f7be58692362dad351ee71ecce78bd8491c8bfe903da39ea048ff67d02"
+    "203aa51acfac9462b19ef3e6d6c885a60cb0858a274ae97506934737d8e66bc081:"
+    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"};
+const double kGoodTimeResponseHandlerJsTime[] = {1522081016324, 1522096305984};
 
 std::unique_ptr<net::test_server::HttpResponse> GoodTimeResponseHandler(
     const net::test_server::HttpRequest& request) {
   net::test_server::BasicHttpResponse* response =
       new net::test_server::BasicHttpResponse();
   response->set_code(net::HTTP_OK);
-  response->set_content(kGoodTimeResponseBody);
+  response->set_content(kGoodTimeResponseBody[0]);
   response->AddCustomHeader("x-cup-server-proof",
-                            kGoodTimeResponseServerProofHeader);
+                            kGoodTimeResponseServerProofHeader[0]);
   return std::unique_ptr<net::test_server::HttpResponse>(response);
 }
 

components/network_time/network_time_test_utils.h

@@ -28,22 +28,22 @@ class HttpResponse;
 
 namespace network_time {
 
-// The body of a valid time response. Can be returned, with
+// The bodies of sample valid time responses. Can be returned, with
 // |kGoodTimeResponseServerProofHeader|, in responses from test servers
-// to simulate a network time server. This response uses 1 as the key
+// to simulate a network time server. This response uses kKeyVersion as the key
 // version and 123123123 as the nonce. Use
 // NetworkTimeTracker::OverrideNonceForTesting() to set the nonce so
 // that this response validates.
-extern const char kGoodTimeResponseBody[];
+extern const char* kGoodTimeResponseBody[2];
 
-// The x-cup-server-proof header value that should be served along with
+// The x-cup-server-proof header values that should be served along with
 // |kGoodTimeResponseBody| to make a test server response be accepted by
 // NetworkTimeTracker as a valid response.
-extern const char kGoodTimeResponseServerProofHeader[];
+extern const char* kGoodTimeResponseServerProofHeader[2];
 
-// The time that |kGoodTimeResponseBody| uses. Can be converted to a
+// The times that |kGoodTimeResponseBody| uses. Can be converted to a
 // base::Time with base::Time::FromJsTime.
-extern const double kGoodTimeResponseHandlerJsTime;
+extern const double kGoodTimeResponseHandlerJsTime[2];
 
 // Returns a valid network time response using the constants above. See
 // comments in the .cc for how to update the time returned in the response.

components/network_time/network_time_tracker.cc

@@ -125,16 +125,16 @@ const char kVariationsServiceRandomQueryProbability[] =
 const char kVariationsServiceFetchBehavior[] = "FetchBehavior";
 
 // This is an ECDSA prime256v1 named-curve key.
-const int kKeyVersion = 1;
+const int kKeyVersion = 2;
 const uint8_t kKeyPubBytes[] = {
     0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
     0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
-    0x42, 0x00, 0x04, 0xeb, 0xd8, 0xad, 0x0b, 0x8f, 0x75, 0xe8, 0x84, 0x36,
-    0x23, 0x48, 0x14, 0x24, 0xd3, 0x93, 0x42, 0x25, 0x43, 0xc1, 0xde, 0x36,
-    0x29, 0xc6, 0x95, 0xca, 0xeb, 0x28, 0x85, 0xff, 0x09, 0xdc, 0x08, 0xec,
-    0x45, 0x74, 0x6e, 0x4b, 0xc3, 0xa5, 0xfd, 0x8a, 0x2f, 0x02, 0xa0, 0x4b,
-    0xc3, 0xc6, 0xa4, 0x7b, 0xa4, 0x41, 0xfc, 0xa7, 0x02, 0x54, 0xab, 0xe3,
-    0xe4, 0xb1, 0x00, 0xf5, 0xd5, 0x09, 0x11};
+    0x42, 0x00, 0x04, 0xc9, 0xde, 0x8e, 0x72, 0x05, 0xb8, 0xb9, 0xec, 0xa4,
+    0x26, 0xc8, 0x0d, 0xd9, 0x05, 0x59, 0x67, 0xad, 0xd7, 0xf5, 0xf0, 0x46,
+    0xe4, 0xab, 0xe9, 0x81, 0x67, 0x8b, 0x9d, 0x2a, 0x21, 0x68, 0x22, 0xfe,
+    0x83, 0xed, 0x9f, 0x80, 0x19, 0x4f, 0xc5, 0x24, 0xac, 0x12, 0x66, 0xc4,
+    0x4e, 0xf6, 0x8f, 0x54, 0xb5, 0x0c, 0x49, 0xe9, 0xa5, 0xf1, 0x40, 0xfd,
+    0xd9, 0x1a, 0x92, 0x90, 0x8a, 0x67, 0x15};
 
 std::string GetServerProof(const net::URLFetcher* source) {
   const net::HttpResponseHeaders* response_headers =

components/network_time/network_time_tracker_unittest.cc

@@ -475,7 +475,8 @@ TEST_F(NetworkTimeTrackerTest, UpdateFromNetwork) {
   EXPECT_EQ(NetworkTimeTracker::NETWORK_TIME_AVAILABLE,
             tracker_->GetNetworkTime(&out_network_time, nullptr));
   EXPECT_EQ(base::Time::UnixEpoch() +
-                base::TimeDelta::FromMilliseconds(1461621971825),
+                base::TimeDelta::FromMilliseconds(
+                    (uint64_t)kGoodTimeResponseHandlerJsTime[0]),
             out_network_time);
   // Should see no backoff in the success case.
   EXPECT_EQ(base::TimeDelta::FromMinutes(60),
@@ -503,7 +504,8 @@ TEST_F(NetworkTimeTrackerTest, StartTimeFetch) {
   EXPECT_EQ(NetworkTimeTracker::NETWORK_TIME_AVAILABLE,
             tracker_->GetNetworkTime(&out_network_time, nullptr));
   EXPECT_EQ(base::Time::UnixEpoch() +
-                base::TimeDelta::FromMilliseconds(1461621971825),
+                base::TimeDelta::FromMilliseconds(
+                    (uint64_t)kGoodTimeResponseHandlerJsTime[0]),
             out_network_time);
   // Should see no backoff in the success case.
   EXPECT_EQ(base::TimeDelta::FromMinutes(60),
@@ -531,7 +533,8 @@ TEST_F(NetworkTimeTrackerTest, StartTimeFetchWithQueryInProgress) {
   EXPECT_EQ(NetworkTimeTracker::NETWORK_TIME_AVAILABLE,
             tracker_->GetNetworkTime(&out_network_time, nullptr));
   EXPECT_EQ(base::Time::UnixEpoch() +
-                base::TimeDelta::FromMilliseconds(1461621971825),
+                base::TimeDelta::FromMilliseconds(
+                    (uint64_t)kGoodTimeResponseHandlerJsTime[0]),
             out_network_time);
   // Should see no backoff in the success case.
   EXPECT_EQ(base::TimeDelta::FromMinutes(60),
@@ -838,74 +841,38 @@ class MultipleGoodTimeResponseHandler {
   base::Time GetTimeAtIndex(unsigned int i);
 
  private:
-  // |kJsTimes|, |kTimeResponseBodies|, and |kTimeProofHeaders| contain signed
-  // responses for three subsequent time queries served by
-  // MultipleGoodTimeResponseHandler. (That is, kJsTimes[i] is the timestamp
-  // contained in kTimeResponseBodies[i] with signature in kTimeProofHeader[i].)
-  // NetworkTimeTrackerTest.TimeBetweenFetchesHistogram expects that each
-  // timestamp is greater than the one before it.
-  //
-  // Update as follows:
-  //
-  // curl -v http://clients2.google.com/time/1/current?cup2key=1:123123123
-  //
-  // where 1 is the key version and 123123123 is the nonce.  Copy the
-  // response and the x-cup-server-proof header into
-  // |kTimeResponseBodies| and |kTimeProofHeaders| respectively, and the
-  // 'current_time_millis' value of the response into |kJsTimes|.
-  static const double kJsTimes[];
-  static const char* kTimeResponseBodies[];
-  static const char* kTimeProofHeaders[];
-
-  // The index into |kJsTimes|, |kTimeResponseBodies|, and
-  // |kTimeProofHeaders| that will be used in the response in the next
-  // ResponseHandler() call.
+  // The index into |kGoodTimeResponseHandlerJsTime|, |kGoodTimeResponseBody|,
+  // and |kGoodTimeResponseServerProofHeaders| that will be used in the
+  // response in the next ResponseHandler() call.
   unsigned int next_time_index_ = 0;
 
   DISALLOW_COPY_AND_ASSIGN(MultipleGoodTimeResponseHandler);
 };
 
-const double MultipleGoodTimeResponseHandler::kJsTimes[] = {1481653709754,
-                                                            1481653820879};
-const char* MultipleGoodTimeResponseHandler::kTimeResponseBodies[] = {
-    ")]}'\n"
-    "{\"current_time_millis\":1481653709754,\"server_nonce\":-2."
-    "7144232419525693E172}",
-    ")]}'\n"
-    "{\"current_time_millis\":1481653820879,\"server_nonce\":1."
-    "8874633267958474E185}"};
-const char* MultipleGoodTimeResponseHandler::kTimeProofHeaders[] = {
-    "3045022006fdfa882460cd43e15b11d7d35cfc3805b0662c558f6efe54f9bf0c38e80650"
-    "0221009777817152b6cc1c2b2ea765104a1ab6b87a4da1e87686ae0641c25b23161ea8:"
-    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
-    "3045022100b6ebcf0f2f5c42bb18bd097a60c4204dd2ed29cad4992b5fdfcf1b32bdfdc6"
-    "58022005b378c27dd3ddb6edacce39edc8b4ecf189dff5b64ce99975859f6cdc984e20:"
-    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"};
-
 std::unique_ptr<net::test_server::HttpResponse>
 MultipleGoodTimeResponseHandler::ResponseHandler(
     const net::test_server::HttpRequest& request) {
   net::test_server::BasicHttpResponse* response =
       new net::test_server::BasicHttpResponse();
 
-  if (next_time_index_ >=
-      arraysize(MultipleGoodTimeResponseHandler::kJsTimes)) {
+  if (next_time_index_ >= arraysize(kGoodTimeResponseBody)) {
     response->set_code(net::HTTP_BAD_REQUEST);
     return std::unique_ptr<net::test_server::HttpResponse>(response);
   }
 
   response->set_code(net::HTTP_OK);
-  response->set_content(kTimeResponseBodies[next_time_index_]);
-  response->AddCustomHeader("x-cup-server-proof",
-                            kTimeProofHeaders[next_time_index_]);
+  response->set_content(kGoodTimeResponseBody[next_time_index_]);
+  response->AddCustomHeader(
+      "x-cup-server-proof",
+      kGoodTimeResponseServerProofHeader[next_time_index_]);
   next_time_index_++;
   return std::unique_ptr<net::test_server::HttpResponse>(response);
 }
 
 base::Time MultipleGoodTimeResponseHandler::GetTimeAtIndex(unsigned int i) {
-  if (i >= arraysize(kJsTimes))
+  if (i >= arraysize(kGoodTimeResponseHandlerJsTime))
     return base::Time();
-  return base::Time::FromJsTime(kJsTimes[i]);
+  return base::Time::FromJsTime(kGoodTimeResponseHandlerJsTime[i]);
 }
 
 }  // namespace

components/update_client/request_sender.cc

@@ -25,10 +25,10 @@ namespace update_client {
 namespace {
 
 // This is an ECDSA prime256v1 named-curve key.
-constexpr int kKeyVersion = 7;
+constexpr int kKeyVersion = 8;
 const char kKeyPubBytesBase64[] =
-    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEj0QKufXIOBN30DtKeOYA5NV64FfY"
-    "HDou4sGqtcNUIlxpTzIbO45rB45QILhW6aDTwwjWLR1YCqpEAGICvFs8dQ==";
+    "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+J2iCpfk8lThcuKUPzTaVcUjhNR3"
+    "AYHK+tTelGdHvyGGx7RP7BphYSPmpH6P4Vr72ak0W1a0bW55O9HW2oz3rQ==";
 
 // The ETag header carries the ECSDA signature of the protocol response, if
 // signing has been used.