Chromium Code Reviews Chromium Code Reviews
Issue 8373022:
Fixed slot selection in HMAC class to ensure that we are using softtoken instead of TPM slots. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/hmac.h" | 5 #include "crypto/hmac.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "crypto/nss_util.h" | 12 #include "crypto/nss_util.h" |
| 13 #include "crypto/scoped_nss_types.h" | 13 #include "crypto/scoped_nss_types.h" |
| 14 | 14 |
| 15 #if defined(OS_CHROMEOS) | |
| 16 #include "crypto/nss_util_internal.h" | |
| 17 #endif | |
| 18 | |
| 15 namespace crypto { | 19 namespace crypto { |
| 16 | 20 |
| 17 struct HMACPlatformData { | 21 struct HMACPlatformData { |
| 18 CK_MECHANISM_TYPE mechanism_; | 22 CK_MECHANISM_TYPE mechanism_; |
| 19 ScopedPK11Slot slot_; | 23 ScopedPK11Slot slot_; |
| 20 ScopedPK11SymKey sym_key_; | 24 ScopedPK11SymKey sym_key_; |
| 21 }; | 25 }; |
| 22 | 26 |
| 23 HMAC::HMAC(HashAlgorithm hash_alg) | 27 HMAC::HMAC(HashAlgorithm hash_alg) |
| 24 : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { | 28 : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 41 | 45 |
| 42 bool HMAC::Init(const unsigned char *key, int key_length) { | 46 bool HMAC::Init(const unsigned char *key, int key_length) { |
| 43 EnsureNSSInit(); | 47 EnsureNSSInit(); |
| 44 | 48 |
| 45 if (plat_->slot_.get()) { | 49 if (plat_->slot_.get()) { |
| 46 // Init must not be called more than twice on the same HMAC object. | 50 // Init must not be called more than twice on the same HMAC object. |
| 47 NOTREACHED(); | 51 NOTREACHED(); |
| 48 return false; | 52 return false; |
| 49 } | 53 } |
| 50 | 54 |
| 55 #if defined(OS_CHROMEOS) | |
| 56 // TODO(zelidrag): http://crosbug.com/21633 | |
| 57 // For yet unknown reasons, on ChromeOS PK11_GetBestSlot is matching slot from | |
| 58 // TPM here on a fresh machine when an account is just created. Need to | |
| 59 // investigate what is the underlying cause of this transient behavior. | |
| 60 plat_->slot_.reset(GetPublicNSSKeySlot()); | |
| 61 #else | |
| 51 plat_->slot_.reset(PK11_GetBestSlot(plat_->mechanism_, NULL)); | 62 plat_->slot_.reset(PK11_GetBestSlot(plat_->mechanism_, NULL)); |
|
wtc
2011/10/22 22:58:23
Please try
plat_->slot_.reset(PK11_GetInternal
| |
| 63 #endif | |
| 52 if (!plat_->slot_.get()) { | 64 if (!plat_->slot_.get()) { |
| 53 NOTREACHED(); | 65 NOTREACHED(); |
| 54 return false; | 66 return false; |
| 55 } | 67 } |
| 56 | 68 |
| 57 SECItem key_item; | 69 SECItem key_item; |
| 58 key_item.type = siBuffer; | 70 key_item.type = siBuffer; |
| 59 key_item.data = const_cast<unsigned char*>(key); // NSS API isn't const. | 71 key_item.data = const_cast<unsigned char*>(key); // NSS API isn't const. |
| 60 key_item.len = key_length; | 72 key_item.len = key_length; |
| 61 | 73 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 108 if (PK11_DigestFinal(context.get(), | 120 if (PK11_DigestFinal(context.get(), |
| 109 digest, &len, digest_length) != SECSuccess) { | 121 digest, &len, digest_length) != SECSuccess) { |
| 110 NOTREACHED(); | 122 NOTREACHED(); |
| 111 return false; | 123 return false; |
| 112 } | 124 } |
| 113 | 125 |
| 114 return true; | 126 return true; |
| 115 } | 127 } |
| 116 | 128 |
| 117 } // namespace crypto | 129 } // namespace crypto |
| OLD | NEW |
