Changed OAuth token+secret encryption to use supplemental user key.

crypto/nss_util.h

Index: crypto/nss_util.h
===================================================================
--- crypto/nss_util.h	(revision 99168)
+++ crypto/nss_util.h	(working copy)
@@ -133,6 +133,15 @@
 // Same as IsTPMTokenReady() except this attempts to initialize the token
 // if necessary.
 CRYPTO_EXPORT bool EnsureTPMTokenReady();
+
+// Gets supplemental user key. Creates one in NSS database if it does not exist.
+CRYPTO_EXPORT bool GetSupplementalUserKey(std::string* user_key);
+
+// Encrypt/decrypt |data| with supplemental user key.
+CRYPTO_EXPORT bool EncryptWithSupplementalUserKey(const std::string& data,
+                                                  std::string* encryped_data);
+CRYPTO_EXPORT bool DecryptWithSupplementalUserKey(const std::string& data,
+                                                  std::string* encryped_data);

[wtc, 2011/09/02 22:31:08]

It seems better to move these functions to some other files.
They don't seem like "NSS utils" to me.  Perhaps new files
for supplemental user key would be a good idea.

Nit: on line 140, change "Encrypt/decrypt" to "Encrypts/decrypts".

Nit: on line 144, the parameter should be named decrypted_data.

I am surprised that I don't need to pass the supplemental
user key as an argument to EncryptWithSupplementalUserKey
and DecryptWithSupplementalUserKey.

 #endif
 
 // Convert a NSS PRTime value into a base::Time object.