| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "google_apis/cup/client_update_protocol.h" |
| 6 |
| 7 #include <keyhi.h> |
| 8 #include <pk11pub.h> |
| 9 #include <seccomon.h> |
| 10 |
| 11 #include "base/logging.h" |
| 12 #include "crypto/nss_util.h" |
| 13 #include "crypto/scoped_nss_types.h" |
| 14 |
| 15 typedef scoped_ptr_malloc< |
| 16 CERTSubjectPublicKeyInfo, |
| 17 crypto::NSSDestroyer<CERTSubjectPublicKeyInfo, |
| 18 SECKEY_DestroySubjectPublicKeyInfo> > |
| 19 ScopedCERTSubjectPublicKeyInfo; |
| 20 |
| 21 class NSSCupKeyImpl : public ClientUpdateProtocol::CupKeyImpl { |
| 22 public: |
| 23 NSSCupKeyImpl(); |
| 24 virtual ~NSSCupKeyImpl(); |
| 25 |
| 26 virtual size_t PublicKeyLength() const OVERRIDE; |
| 27 virtual std::vector<uint8> EncryptKeySource( |
| 28 const std::vector<uint8>& key_source) OVERRIDE; |
| 29 |
| 30 bool LoadPublicKey(const base::StringPiece& public_key); |
| 31 |
| 32 private: |
| 33 crypto::ScopedSECKEYPublicKey public_key_; |
| 34 }; |
| 35 |
| 36 NSSCupKeyImpl::NSSCupKeyImpl() { |
| 37 crypto::EnsureNSSInit(); |
| 38 } |
| 39 |
| 40 NSSCupKeyImpl::~NSSCupKeyImpl() { |
| 41 } |
| 42 |
| 43 bool NSSCupKeyImpl::LoadPublicKey(const base::StringPiece& public_key) { |
| 44 |
| 45 // The binary blob |public_key| is expected to be a DER-encoded ASN.1 |
| 46 // Subject Public Key Info. |
| 47 SECItem spki_item; |
| 48 spki_item.type = siBuffer; |
| 49 spki_item.data = (unsigned char*) public_key.data(); |
| 50 spki_item.len = static_cast<unsigned int>(public_key.size()); |
| 51 |
| 52 ScopedCERTSubjectPublicKeyInfo spki( |
| 53 SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item)); |
| 54 if (!spki.get()) |
| 55 return false; |
| 56 |
| 57 public_key_.reset(SECKEY_ExtractPublicKey(spki.get())); |
| 58 if (!public_key_.get()) |
| 59 return false; |
| 60 |
| 61 if (!PublicKeyLength()) |
| 62 return false; |
| 63 |
| 64 return true; |
| 65 } |
| 66 |
| 67 size_t NSSCupKeyImpl::PublicKeyLength() const { |
| 68 if (!public_key_.get()) |
| 69 return 0; |
| 70 |
| 71 return SECKEY_PublicKeyStrength(public_key_.get()); |
| 72 } |
| 73 |
| 74 std::vector<uint8> NSSCupKeyImpl::EncryptKeySource( |
| 75 const std::vector<uint8>& key_source) { |
| 76 // WARNING: This call bypasses the usual PKCS #1 padding and does direct RSA |
| 77 // exponentiation. This is not secure without taking measures to ensure that |
| 78 // the contents of r are suitable. This is done to remain compatible with |
| 79 // the implementation on the Google Update servers; don't copy-paste this |
| 80 // code arbitrarily and expect it to work and/or remain secure! |
| 81 SECKEYPublicKey* public_key = public_key_.get(); |
| 82 if (!public_key) |
| 83 return std::vector<uint8>(); |
| 84 |
| 85 size_t keysize = SECKEY_PublicKeyStrength(public_key); |
| 86 if (key_source.size() != keysize) |
| 87 return std::vector<uint8>(); |
| 88 |
| 89 std::vector<uint8> result(keysize); |
| 90 if (SECSuccess != PK11_PubEncryptRaw( |
| 91 public_key, |
| 92 &result[0], |
| 93 const_cast<unsigned char*>(&key_source[0]), |
| 94 key_source.size(), |
| 95 NULL)) |
| 96 return std::vector<uint8>(); |
| 97 |
| 98 return result; |
| 99 } |
| 100 |
| 101 ClientUpdateProtocol::CupKeyImpl* ClientUpdateProtocol::GetCupKeyImpl( |
| 102 const base::StringPiece& public_key) { |
| 103 scoped_ptr<NSSCupKeyImpl> result(new NSSCupKeyImpl()); |
| 104 if (!result.get()) |
| 105 return NULL; |
| 106 |
| 107 if (!result->LoadPublicKey(public_key)) |
| 108 return NULL; |
| 109 |
| 110 return result.release(); |
| 111 } |
| 112 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 15793005:
Per discussion, implement the Omaha Client Update Protocol (CUP) in src/crypto. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/