Chromium Code Reviews Chromium Code Reviews
Issue 8373022:
Fixed slot selection in HMAC class to ensure that we are using softtoken instead of TPM slots. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/hmac.h" | 5 #include "crypto/hmac.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "crypto/nss_util.h" | 12 #include "crypto/nss_util.h" |
| 13 #include "crypto/scoped_nss_types.h" | 13 #include "crypto/scoped_nss_types.h" |
| 14 | 14 |
| 15 #if defined(OS_CHROMEOS) | |
| 16 #include "crypto/nss_util_internal.h" | |
| 17 #endif | |
| 18 | |
| 15 namespace crypto { | 19 namespace crypto { |
| 16 | 20 |
| 17 struct HMACPlatformData { | 21 struct HMACPlatformData { |
| 18 CK_MECHANISM_TYPE mechanism_; | 22 CK_MECHANISM_TYPE mechanism_; |
| 19 ScopedPK11Slot slot_; | 23 ScopedPK11Slot slot_; |
| 20 ScopedPK11SymKey sym_key_; | 24 ScopedPK11SymKey sym_key_; |
| 21 }; | 25 }; |
| 22 | 26 |
| 23 HMAC::HMAC(HashAlgorithm hash_alg) | 27 HMAC::HMAC(HashAlgorithm hash_alg) |
| 24 : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { | 28 : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 41 | 45 |
| 42 bool HMAC::Init(const unsigned char *key, int key_length) { | 46 bool HMAC::Init(const unsigned char *key, int key_length) { |
| 43 EnsureNSSInit(); | 47 EnsureNSSInit(); |
| 44 | 48 |
| 45 if (plat_->slot_.get()) { | 49 if (plat_->slot_.get()) { |
| 46 // Init must not be called more than twice on the same HMAC object. | 50 // Init must not be called more than twice on the same HMAC object. |
| 47 NOTREACHED(); | 51 NOTREACHED(); |
| 48 return false; | 52 return false; |
| 49 } | 53 } |
| 50 | 54 |
| 55 #if defined(OS_CHROMEOS) | |
|
Will Drewry
2011/10/22 19:05:40
Might be worth putting in a comment explaining why
zel
2011/10/22 19:13:15
Done.
| |
| 56 plat_->slot_.reset(GetPublicNSSKeySlot()); | |
| 57 #else | |
| 51 plat_->slot_.reset(PK11_GetBestSlot(plat_->mechanism_, NULL)); | 58 plat_->slot_.reset(PK11_GetBestSlot(plat_->mechanism_, NULL)); |
| 59 #endif | |
| 52 if (!plat_->slot_.get()) { | 60 if (!plat_->slot_.get()) { |
| 53 NOTREACHED(); | 61 NOTREACHED(); |
| 54 return false; | 62 return false; |
| 55 } | 63 } |
| 56 | 64 |
| 57 SECItem key_item; | 65 SECItem key_item; |
| 58 key_item.type = siBuffer; | 66 key_item.type = siBuffer; |
| 59 key_item.data = const_cast<unsigned char*>(key); // NSS API isn't const. | 67 key_item.data = const_cast<unsigned char*>(key); // NSS API isn't const. |
| 60 key_item.len = key_length; | 68 key_item.len = key_length; |
| 61 | 69 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 108 if (PK11_DigestFinal(context.get(), | 116 if (PK11_DigestFinal(context.get(), |
| 109 digest, &len, digest_length) != SECSuccess) { | 117 digest, &len, digest_length) != SECSuccess) { |
| 110 NOTREACHED(); | 118 NOTREACHED(); |
| 111 return false; | 119 return false; |
| 112 } | 120 } |
| 113 | 121 |
| 114 return true; | 122 return true; |
| 115 } | 123 } |
| 116 | 124 |
| 117 } // namespace crypto | 125 } // namespace crypto |
| OLD | NEW |
