Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1830)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: crypto/cup_nss.cc

Issue 15793005: Per discussion, implement the Omaha Client Update Protocol (CUP) in src/crypto. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« crypto/cup.cc ('K') | « crypto/cup.cc ('k') | crypto/cup_openssl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: crypto/cup_nss.cc
===================================================================
--- crypto/cup_nss.cc (revision 0)
+++ crypto/cup_nss.cc (revision 0)
@@ -0,0 +1,84 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "crypto/cup.h"
+
+#include <base64.h>
+#include <keyhi.h>
+#include <pk11pub.h>
+#include <seccomon.h>
+
+#include "base/logging.h"
+#include "crypto/nss_util.h"
+#include "crypto/scoped_nss_types.h"
+
+namespace crypto {
+
+typedef scoped_ptr_malloc<
+ CERTSubjectPublicKeyInfo,
+ NSSDestroyer<CERTSubjectPublicKeyInfo, SECKEY_DestroySubjectPublicKeyInfo> >
+ ScopedCERTSubjectPublicKeyInfo;
+
+typedef scoped_ptr_malloc<
+ unsigned char,
+ NSSDestroyer<void, PORT_Free> >
+ ScopedPORTAllocUnsignedChar;
+
+size_t ClientUpdateProtocol::LoadPublicKey(const char* public_key) {
+ EnsureNSSInit();
+
+ // The string |public_key| is expected to be a Base64-encoded DER public key.
+
Ryan Sleevi 2013/05/30 02:28:08 style: delete blank line.
Ryan Myers (chromium) 2013/05/30 21:01:10 Done.
+ unsigned int der_encoded_spki_len = 0;
+ ScopedPORTAllocUnsignedChar der_encoded_spki(
+ ATOB_AsciiToData(public_key, &der_encoded_spki_len));
Ryan Sleevi 2013/05/30 02:28:08 eg: using DER you don't have to go through these h
Ryan Myers (chromium) 2013/05/30 21:01:10 Done.
+ if (der_encoded_spki_len == 0 || !der_encoded_spki.get()) {
+ return 0;
+ }
+
+ SECItem spki_item;
+ spki_item.type = siBuffer;
+ spki_item.data = der_encoded_spki.get();
+ spki_item.len = der_encoded_spki_len;
+
+ ScopedCERTSubjectPublicKeyInfo spki(
+ SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
+ if (!spki.get()) {
+ return 0;
+ }
+
+ pkv_.reset(SECKEY_ExtractPublicKey(spki.get()));
+ if (!pkv_.get()) {
+ return 0;
+ }
+
+ return SECKEY_PublicKeyStrength(pkv_.get());
+}
+
+bool ClientUpdateProtocol::EncryptSharedKey() {
+ // WARNING: This call bypasses the usual PKCS padding and does direct RSA
+ // exponentiation. This not secure without taking measures to ensure that
+ // the contents of r are suitable. We do this to remain compatible with the
+ // implementation on the Google Update servers; don't copy-paste this code
+ // arbitrarily and expect it to work and/or remain secure!
Ryan Sleevi 2013/05/30 02:28:08 Comment nit: Avoid "we" in comments.
Ryan Myers (chromium) 2013/05/30 21:01:10 Done.
+
+ SECKEYPublicKey* pkv = pkv_.get();
+ if (!pkv) {
+ return false;
+ }
+ size_t keysize = SECKEY_PublicKeyStrength(pkv);
+ if (r_.size() != keysize) {
+ return false;
+ }
+
+ w_.resize(keysize);
+ return SECSuccess == PK11_PubEncryptRaw(pkv,
+ &w_.front(),
+ &r_.front(),
+ r_.size(),
+ NULL);
+}
+
+} // namespace crypto
+
« crypto/cup.cc ('K') | « crypto/cup.cc ('k') | crypto/cup_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698