Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc

Issue 1106103003: Don't use RSAPrivateKey in NSS integration code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-refactor
Patch Set: pneubeck comments Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc ('k') | components/ownership.gypi » ('j') | components/ownership.gypi » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
diff --git a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
index af14d1136baa119182202158d987613dfc5bc3b2..63131a39d2edcbdd7a716bedeb920051ba4818f8 100644
--- a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
@@ -31,7 +31,8 @@
#include "components/policy/core/common/cloud/cloud_policy_constants.h"
#include "content/public/browser/browser_context.h"
#include "content/public/browser/browser_thread.h"
-#include "crypto/rsa_private_key.h"
+#include "crypto/nss_key_util.h"
+#include "crypto/scoped_nss_types.h"
#include "net/base/crypto_module.h"
#include "net/base/net_errors.h"
#include "net/cert/cert_database.h"
@@ -400,25 +401,28 @@ GetTokensState::GetTokensState(const GetTokensCallback& callback)
// Does the actual key generation on a worker thread. Used by
// GenerateRSAKeyWithDB().
void GenerateRSAKeyOnWorkerThread(scoped_ptr<GenerateRSAKeyState> state) {
- scoped_ptr<crypto::RSAPrivateKey> rsa_key(
- crypto::RSAPrivateKey::CreateSensitive(state->slot_.get(),
- state->modulus_length_bits_));
- if (!rsa_key) {
+ crypto::ScopedSECKEYPublicKey public_key;
+ crypto::ScopedSECKEYPrivateKey private_key;
+ if (!crypto::GenerateRSAKeyPairNSS(
+ state->slot_.get(), state->modulus_length_bits_, true /* permanent */,
+ &public_key, &private_key)) {
LOG(ERROR) << "Couldn't create key.";
state->OnError(FROM_HERE, kErrorInternal);
return;
}
- std::vector<uint8> public_key_spki_der;
- if (!rsa_key->ExportPublicKey(&public_key_spki_der)) {
- // TODO(pneubeck): Remove rsa_key from storage.
+ crypto::ScopedSECItem public_key_der(
+ SECKEY_EncodeDERSubjectPublicKeyInfo(public_key.get()));
+ if (!public_key_der) {
+ // TODO(pneubeck): Remove private_key and public_key from storage.
LOG(ERROR) << "Couldn't export public key.";
state->OnError(FROM_HERE, kErrorInternal);
return;
}
state->CallBack(
FROM_HERE,
- std::string(public_key_spki_der.begin(), public_key_spki_der.end()),
+ std::string(reinterpret_cast<const char*>(public_key_der->data),
+ public_key_der->len),
std::string() /* no error */);
}
@@ -442,13 +446,13 @@ void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) {
public_key_uint8, public_key_uint8 + state->public_key_.size());
// TODO(pneubeck): This searches all slots. Change to look only at |slot_|.
- scoped_ptr<crypto::RSAPrivateKey> rsa_key(
- crypto::RSAPrivateKey::FindFromPublicKeyInfo(public_key_vector));
+ crypto::ScopedSECKEYPrivateKey rsa_key(
+ crypto::FindNSSKeyFromPublicKeyInfo(public_key_vector));
// Fail if the key was not found. If a specific slot was requested, also fail
// if the key was found in the wrong slot.
- if (!rsa_key ||
- (state->slot_ && rsa_key->key()->pkcs11Slot != state->slot_)) {
+ if (!rsa_key || SECKEY_GetPrivateKeyType(rsa_key.get()) != rsaKey ||
+ (state->slot_ && rsa_key->pkcs11Slot != state->slot_)) {
state->OnError(FROM_HERE, kErrorKeyNotFound);
return;
}
@@ -464,7 +468,7 @@ void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) {
state->data_.size()};
// Compute signature of hash.
- int signature_len = PK11_SignatureLen(rsa_key->key());
+ int signature_len = PK11_SignatureLen(rsa_key.get());
if (signature_len <= 0) {
state->OnError(FROM_HERE, kErrorInternal);
return;
@@ -473,7 +477,7 @@ void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) {
std::vector<unsigned char> signature(signature_len);
SECItem signature_output = {
siBuffer, vector_as_array(&signature), signature.size()};
- if (PK11_Sign(rsa_key->key(), &signature_output, &input) == SECSuccess)
+ if (PK11_Sign(rsa_key.get(), &signature_output, &input) == SECSuccess)
signature_str.assign(signature.begin(), signature.end());
} else {
SECOidTag sign_alg_tag = SEC_OID_UNKNOWN;
@@ -499,7 +503,7 @@ void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) {
if (SEC_SignData(
&sign_result,
reinterpret_cast<const unsigned char*>(state->data_.data()),
- state->data_.size(), rsa_key->key(), sign_alg_tag) == SECSuccess) {
+ state->data_.size(), rsa_key.get(), sign_alg_tag) == SECSuccess) {
signature_str.assign(sign_result.data,
sign_result.data + sign_result.len);
}
« no previous file with comments | « chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc ('k') | components/ownership.gypi » ('j') | components/ownership.gypi » ('J')

Powered by Google App Engine
This is Rietveld 408576698