google_apis/cup/client_update_protocol_nss.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "google_apis/cup/client_update_protocol.h"

#include <keyhi.h>
#include <pk11pub.h>
#include <seccomon.h>

#include "base/logging.h"
#include "crypto/nss_util.h"
#include "crypto/scoped_nss_types.h"

typedef scoped_ptr<CERTSubjectPublicKeyInfo,
                   crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
                                        SECKEY_DestroySubjectPublicKeyInfo> >
    ScopedCERTSubjectPublicKeyInfo;

ClientUpdateProtocol::~ClientUpdateProtocol() {
  if (public_key_)
    SECKEY_DestroyPublicKey(public_key_);
}

bool ClientUpdateProtocol::LoadPublicKey(const base::StringPiece& public_key) {
  crypto::EnsureNSSInit();

  // The binary blob |public_key| is expected to be a DER-encoded ASN.1
  // Subject Public Key Info.
  SECItem spki_item;
  spki_item.type = siBuffer;
  spki_item.data =
      reinterpret_cast<unsigned char*>(const_cast<char*>(public_key.data()));
  spki_item.len = static_cast<unsigned int>(public_key.size());

  ScopedCERTSubjectPublicKeyInfo spki(
      SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
  if (!spki.get())
    return false;

  public_key_ = SECKEY_ExtractPublicKey(spki.get());
  if (!public_key_)
    return false;

  if (!PublicKeyLength())
    return false;

  return true;
}

size_t ClientUpdateProtocol::PublicKeyLength() {
  if (!public_key_)
    return 0;

  return SECKEY_PublicKeyStrength(public_key_);
}

bool ClientUpdateProtocol::EncryptKeySource(
    const std::vector<uint8>& key_source) {
  // WARNING: This call bypasses the usual PKCS #1 padding and does direct RSA
  // exponentiation.  This is not secure without taking measures to ensure that
  // the contents of r are suitable.  This is done to remain compatible with
  // the implementation on the Google Update servers; don't copy-paste this
  // code arbitrarily and expect it to work and/or remain secure!
  if (!public_key_)
    return false;

  size_t keysize = SECKEY_PublicKeyStrength(public_key_);
  if (key_source.size() != keysize)
    return false;

  encrypted_key_source_.resize(keysize);
  return SECSuccess == PK11_PubEncryptRaw(
      public_key_,
      &encrypted_key_source_[0],
      const_cast<unsigned char*>(&key_source[0]),
      key_source.size(),
      NULL);
}