Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: google_apis/cup/client_update_protocol_nss.cc

Issue 15793005: Per discussion, implement the Omaha Client Update Protocol (CUP) in src/crypto. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « google_apis/cup/client_update_protocol.cc ('k') | google_apis/cup/client_update_protocol_openssl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: google_apis/cup/client_update_protocol_nss.cc
===================================================================
--- google_apis/cup/client_update_protocol_nss.cc (revision 0)
+++ google_apis/cup/client_update_protocol_nss.cc (revision 0)
@@ -0,0 +1,81 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "google_apis/cup/client_update_protocol.h"
+
+#include <keyhi.h>
+#include <pk11pub.h>
+#include <seccomon.h>
+
+#include "base/logging.h"
+#include "crypto/nss_util.h"
+#include "crypto/scoped_nss_types.h"
+
+typedef scoped_ptr_malloc<
+ CERTSubjectPublicKeyInfo,
+ crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
+ SECKEY_DestroySubjectPublicKeyInfo> >
+ ScopedCERTSubjectPublicKeyInfo;
+
+ClientUpdateProtocol::~ClientUpdateProtocol() {
+ if (public_key_)
+ SECKEY_DestroyPublicKey(public_key_);
+}
+
+bool ClientUpdateProtocol::LoadPublicKey(const base::StringPiece& public_key) {
+ crypto::EnsureNSSInit();
+
+ // The binary blob |public_key| is expected to be a DER-encoded ASN.1
+ // Subject Public Key Info.
+ SECItem spki_item;
+ spki_item.type = siBuffer;
+ spki_item.data =
+ reinterpret_cast<unsigned char*>(const_cast<char*>(public_key.data()));
+ spki_item.len = static_cast<unsigned int>(public_key.size());
+
+ ScopedCERTSubjectPublicKeyInfo spki(
+ SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
+ if (!spki.get())
+ return false;
+
+ public_key_ = SECKEY_ExtractPublicKey(spki.get());
+ if (!public_key_)
+ return false;
+
+ if (!PublicKeyLength())
+ return false;
+
+ return true;
+}
+
+size_t ClientUpdateProtocol::PublicKeyLength() {
+ if (!public_key_)
+ return 0;
+
+ return SECKEY_PublicKeyStrength(public_key_);
+}
+
+bool ClientUpdateProtocol::EncryptKeySource(
+ const std::vector<uint8>& key_source) {
+ // WARNING: This call bypasses the usual PKCS #1 padding and does direct RSA
+ // exponentiation. This is not secure without taking measures to ensure that
+ // the contents of r are suitable. This is done to remain compatible with
+ // the implementation on the Google Update servers; don't copy-paste this
+ // code arbitrarily and expect it to work and/or remain secure!
+ if (!public_key_)
+ return false;
+
+ size_t keysize = SECKEY_PublicKeyStrength(public_key_);
+ if (key_source.size() != keysize)
+ return false;
+
+ encrypted_key_source_.resize(keysize);
+ return SECSuccess == PK11_PubEncryptRaw(
+ public_key_,
+ &encrypted_key_source_[0],
+ const_cast<unsigned char*>(&key_source[0]),
+ key_source.size(),
+ NULL);
+}
+
« no previous file with comments | « google_apis/cup/client_update_protocol.cc ('k') | google_apis/cup/client_update_protocol_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698