google_apis/cup/client_update_protocol_nss.cc - platform/external/chromium_org - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "google_apis/cup/client_update_protocol.h"

 #include <keyhi.h>
 #include <pk11pub.h>
 #include <seccomon.h>

 #include "base/logging.h"
 #include "crypto/nss_util.h"
 #include "crypto/scoped_nss_types.h"

 typedef scoped_ptr<CERTSubjectPublicKeyInfo,
                    crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
                                         SECKEY_DestroySubjectPublicKeyInfo> >
     ScopedCERTSubjectPublicKeyInfo;

 ClientUpdateProtocol::~ClientUpdateProtocol() {
   if (public_key_)
     SECKEY_DestroyPublicKey(public_key_);
 }

 bool ClientUpdateProtocol::LoadPublicKey(const base::StringPiece& public_key) {
   crypto::EnsureNSSInit();

   // The binary blob |public_key| is expected to be a DER-encoded ASN.1
   // Subject Public Key Info.
   SECItem spki_item;
   spki_item.type = siBuffer;
   spki_item.data =
       reinterpret_cast<unsigned char*>(const_cast<char*>(public_key.data()));
   spki_item.len = static_cast<unsigned int>(public_key.size());

   ScopedCERTSubjectPublicKeyInfo spki(
       SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
   if (!spki.get())
     return false;

   public_key_ = SECKEY_ExtractPublicKey(spki.get());
   if (!public_key_)
     return false;

   if (!PublicKeyLength())
     return false;

   return true;
 }

 size_t ClientUpdateProtocol::PublicKeyLength() {
   if (!public_key_)
     return 0;

   return SECKEY_PublicKeyStrength(public_key_);
 }

 bool ClientUpdateProtocol::EncryptKeySource(
     const std::vector<uint8>& key_source) {
   // WARNING: This call bypasses the usual PKCS #1 padding and does direct RSA
   // exponentiation.  This is not secure without taking measures to ensure that
   // the contents of r are suitable.  This is done to remain compatible with
   // the implementation on the Google Update servers; don't copy-paste this
   // code arbitrarily and expect it to work and/or remain secure!
   if (!public_key_)
     return false;

   size_t keysize = SECKEY_PublicKeyStrength(public_key_);
   if (key_source.size() != keysize)
     return false;

   encrypted_key_source_.resize(keysize);
   return SECSuccess == PK11_PubEncryptRaw(
       public_key_,
       &encrypted_key_source_[0],
       const_cast<unsigned char*>(&key_source[0]),
       key_source.size(),
       NULL);
 }
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "google_apis/cup/client_update_protocol.h"

	#include <keyhi.h>
	#include <pk11pub.h>
	#include <seccomon.h>

	#include "base/logging.h"
	#include "crypto/nss_util.h"
	#include "crypto/scoped_nss_types.h"

	typedef scoped_ptr<CERTSubjectPublicKeyInfo,
	crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
	SECKEY_DestroySubjectPublicKeyInfo> >
	ScopedCERTSubjectPublicKeyInfo;

	ClientUpdateProtocol::~ClientUpdateProtocol() {
	if (public_key_)
	SECKEY_DestroyPublicKey(public_key_);
	}

	bool ClientUpdateProtocol::LoadPublicKey(const base::StringPiece& public_key) {
	crypto::EnsureNSSInit();

	// The binary blob \|public_key\| is expected to be a DER-encoded ASN.1
	// Subject Public Key Info.
	SECItem spki_item;
	spki_item.type = siBuffer;
	spki_item.data =
	reinterpret_cast<unsigned char>(const_cast<char>(public_key.data()));
	spki_item.len = static_cast<unsigned int>(public_key.size());

	ScopedCERTSubjectPublicKeyInfo spki(
	SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
	if (!spki.get())
	return false;

	public_key_ = SECKEY_ExtractPublicKey(spki.get());
	if (!public_key_)
	return false;

	if (!PublicKeyLength())
	return false;

	return true;
	}

	size_t ClientUpdateProtocol::PublicKeyLength() {
	if (!public_key_)
	return 0;

	return SECKEY_PublicKeyStrength(public_key_);
	}

	bool ClientUpdateProtocol::EncryptKeySource(
	const std::vector<uint8>& key_source) {
	// WARNING: This call bypasses the usual PKCS #1 padding and does direct RSA
	// exponentiation. This is not secure without taking measures to ensure that
	// the contents of r are suitable. This is done to remain compatible with
	// the implementation on the Google Update servers; don't copy-paste this
	// code arbitrarily and expect it to work and/or remain secure!
	if (!public_key_)
	return false;

	size_t keysize = SECKEY_PublicKeyStrength(public_key_);
	if (key_source.size() != keysize)
	return false;

	encrypted_key_source_.resize(keysize);
	return SECSuccess == PK11_PubEncryptRaw(
	public_key_,
	&encrypted_key_source_[0],
	const_cast<unsigned char*>(&key_source[0]),
	key_source.size(),
	NULL);
	}