Changed OAuth token+secret encryption to use supplemental user key.

crypto/nss_util.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CRYPTO_NSS_UTIL_H_
 #define CRYPTO_NSS_UTIL_H_
 #pragma once
 
 #include <string>
 #include "base/basictypes.h"
 #include "crypto/crypto_export.h"
 
 #if defined(USE_NSS)
 class FilePath;
 #endif  // defined(USE_NSS)
 
 namespace base {
 class Lock;
 class Time;
 }  // namespace base
 
 // This file specifically doesn't depend on any NSS or NSPR headers because it
 // is included by various (non-crypto) parts of chrome to call the
 // initialization functions.
 namespace crypto {
 
+class SymmetricKey;
+
 #if defined(USE_NSS)
 // EarlySetupForNSSInit performs lightweight setup which must occur before the
 // process goes multithreaded. This does not initialise NSS. For test, see
 // EnsureNSSInit.
 CRYPTO_EXPORT void EarlySetupForNSSInit();
 #endif
 
 // Initialize NRPR if it isn't already initialized.  This function is
 // thread-safe, and NSPR will only ever be initialized once.
 CRYPTO_EXPORT void EnsureNSPRInit();
@@ skipping 89 matching lines @@
 
 // Returns true if the TPM is owned and PKCS#11 initialized with the
 // user and security officer PINs, and has been enabled in NSS by
 // calling EnableTPMForNSS, and opencryptoki has been successfully
 // loaded into NSS.
 CRYPTO_EXPORT bool IsTPMTokenReady();
 
 // Same as IsTPMTokenReady() except this attempts to initialize the token
 // if necessary.
 CRYPTO_EXPORT bool EnsureTPMTokenReady();
+
+// Gets supplemental user key. Creates one in NSS database if it does not exist.
+CRYPTO_EXPORT SymmetricKey* GetSupplementalUserKey();
 #endif
 
 // Convert a NSS PRTime value into a base::Time object.
 // We use a int64 instead of PRTime here to avoid depending on NSPR headers.
 CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64 prtime);
 
 #if defined(USE_NSS)
+CRYPTO_EXPORT SymmetricKey* GetSupplementalUserKey();

[wtc, 2011/09/06 21:35:17]

Remove this line?  This is a duplicate declaration of the
GetSupplementalUserKey() function.

On line 139, can you define what a "supplemental user key"
is?  I did a Google search for "supplemental user key", and
the first search result is this CL :-)

[zel, 2011/09/06 22:33:35]

Done.

 // Exposed for unittests only.  |path| should be an existing directory under
 // which the DB files will be placed.  |description| is a user-visible name for
 // the DB, as a utf8 string, which will be truncated at 32 bytes.
 CRYPTO_EXPORT bool OpenTestNSSDB(const FilePath& path, const char* description);
 CRYPTO_EXPORT void CloseTestNSSDB();
 
 // NSS has a bug which can cause a deadlock or stall in some cases when writing
 // to the certDB and keyDB. It also has a bug which causes concurrent key pair
 // generations to scribble over each other. To work around this, we synchronize
 // writes to the NSS databases with a global lock. The lock is hidden beneath a
@@ skipping 12 matching lines @@
  private:
   base::Lock *lock_;
   DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock);
 };
 
 #endif  // defined(USE_NSS)
 
 }  // namespace crypto
 
 #endif  // CRYPTO_NSS_UTIL_H_