Chromium Code Reviews Chromium Code Reviews
Issue 15793005:
Per discussion, implement the Omaha Client Update Protocol (CUP) in src/crypto. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "crypto/cup.h" | |
| 6 | |
| 7 #include <base64.h> | |
| 8 #include <keyhi.h> | |
| 9 #include <pk11pub.h> | |
| 10 #include <seccomon.h> | |
| 11 | |
| 12 #include "base/logging.h" | |
| 13 #include "crypto/nss_util.h" | |
| 14 #include "crypto/scoped_nss_types.h" | |
| 15 | |
| 16 namespace crypto { | |
| 17 | |
| 18 typedef scoped_ptr_malloc< | |
| 19 CERTSubjectPublicKeyInfo, | |
| 20 NSSDestroyer<CERTSubjectPublicKeyInfo, SECKEY_DestroySubjectPublicKeyInfo> > | |
| 21 ScopedCERTSubjectPublicKeyInfo; | |
| 22 | |
| 23 typedef scoped_ptr_malloc< | |
| 24 unsigned char, | |
| 25 NSSDestroyer<void, PORT_Free> > | |
| 26 ScopedPORTAllocUnsignedChar; | |
| 27 | |
| 28 size_t ClientUpdateProtocol::LoadPublicKey(const char* public_key) { | |
| 29 EnsureNSSInit(); | |
| 30 | |
| 31 // The string |public_key| is expected to be a Base64-encoded DER public key. | |
| 32 | |
|
Ryan Sleevi
2013/05/30 02:28:08
style: delete blank line.
Ryan Myers (chromium)
2013/05/30 21:01:10
Done.
| |
| 33 unsigned int der_encoded_spki_len = 0; | |
| 34 ScopedPORTAllocUnsignedChar der_encoded_spki( | |
| 35 ATOB_AsciiToData(public_key, &der_encoded_spki_len)); | |
|
Ryan Sleevi
2013/05/30 02:28:08
eg: using DER you don't have to go through these h
Ryan Myers (chromium)
2013/05/30 21:01:10
Done.
| |
| 36 if (der_encoded_spki_len == 0 || !der_encoded_spki.get()) { | |
| 37 return 0; | |
| 38 } | |
| 39 | |
| 40 SECItem spki_item; | |
| 41 spki_item.type = siBuffer; | |
| 42 spki_item.data = der_encoded_spki.get(); | |
| 43 spki_item.len = der_encoded_spki_len; | |
| 44 | |
| 45 ScopedCERTSubjectPublicKeyInfo spki( | |
| 46 SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item)); | |
| 47 if (!spki.get()) { | |
| 48 return 0; | |
| 49 } | |
| 50 | |
| 51 pkv_.reset(SECKEY_ExtractPublicKey(spki.get())); | |
| 52 if (!pkv_.get()) { | |
| 53 return 0; | |
| 54 } | |
| 55 | |
| 56 return SECKEY_PublicKeyStrength(pkv_.get()); | |
| 57 } | |
| 58 | |
| 59 bool ClientUpdateProtocol::EncryptSharedKey() { | |
| 60 // WARNING: This call bypasses the usual PKCS padding and does direct RSA | |
| 61 // exponentiation. This not secure without taking measures to ensure that | |
| 62 // the contents of r are suitable. We do this to remain compatible with the | |
| 63 // implementation on the Google Update servers; don't copy-paste this code | |
| 64 // arbitrarily and expect it to work and/or remain secure! | |
|
Ryan Sleevi
2013/05/30 02:28:08
Comment nit: Avoid "we" in comments.
Ryan Myers (chromium)
2013/05/30 21:01:10
Done.
| |
| 65 | |
| 66 SECKEYPublicKey* pkv = pkv_.get(); | |
| 67 if (!pkv) { | |
| 68 return false; | |
| 69 } | |
| 70 size_t keysize = SECKEY_PublicKeyStrength(pkv); | |
| 71 if (r_.size() != keysize) { | |
| 72 return false; | |
| 73 } | |
| 74 | |
| 75 w_.resize(keysize); | |
| 76 return SECSuccess == PK11_PubEncryptRaw(pkv, | |
| 77 &w_.front(), | |
| 78 &r_.front(), | |
| 79 r_.size(), | |
| 80 NULL); | |
| 81 } | |
| 82 | |
| 83 } // namespace crypto | |
| 84 | |
| OLD | NEW |
