Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(472)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc

Issue 1106103003: Don't use RSAPrivateKey in NSS integration code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-refactor
Patch Set: avoid exposing NSS through net headers (unnecessary) Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc ('k') | chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc » ('j') | chrome/browser/chromeos/platform_keys/platform_keys_nss.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
diff --git a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
index 3321ed9a336e55cc9240c61ff3b2ba9d7e67ee62..84fcc623c9b2a1e95769e38d3f986bba47c10caa 100644
--- a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
+++ b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
@@ -5,6 +5,7 @@
#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h"
#include <cryptohi.h>
+#include <keyhi.h>
#include "base/base64.h"
#include "base/bind.h"
@@ -22,8 +23,8 @@
#include "chrome/browser/browser_process.h"
#include "chrome/common/pref_names.h"
#include "content/public/browser/browser_thread.h"
+#include "crypto/nss_key_util.h"
#include "crypto/nss_util_internal.h"
-#include "crypto/rsa_private_key.h"
#include "crypto/scoped_nss_types.h"
namespace {
@@ -57,7 +58,7 @@ void GetSystemSlotOnIOThread(
// Checks if a private RSA key associated with |public_key| can be found in
// |slot|.
// Must be called on a worker thread.
-scoped_ptr<crypto::RSAPrivateKey> GetPrivateKeyOnWorkerThread(
+crypto::ScopedSECKEYPrivateKey GetPrivateKeyOnWorkerThread(
PK11SlotInfo* slot,
const std::string& public_key) {
const uint8* public_key_uint8 =
@@ -65,10 +66,10 @@ scoped_ptr<crypto::RSAPrivateKey> GetPrivateKeyOnWorkerThread(
std::vector<uint8> public_key_vector(
public_key_uint8, public_key_uint8 + public_key.size());
- scoped_ptr<crypto::RSAPrivateKey> rsa_key(
- crypto::RSAPrivateKey::FindFromPublicKeyInfo(public_key_vector));
- if (!rsa_key || rsa_key->key()->pkcs11Slot != slot)
- return scoped_ptr<crypto::RSAPrivateKey>();
+ crypto::ScopedSECKEYPrivateKey rsa_key(
+ crypto::FindNSSKeyFromPublicKeyInfoInSlot(public_key_vector, slot));
+ if (!rsa_key || SECKEY_GetPrivateKeyType(rsa_key.get()) != rsaKey)
+ return nullptr;
return rsa_key.Pass();
}
@@ -81,7 +82,7 @@ void SignDataOnWorkerThread(
const std::string& data,
const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
const base::Callback<void(const std::string&)>& callback) {
- scoped_ptr<crypto::RSAPrivateKey> private_key(
+ crypto::ScopedSECKEYPrivateKey private_key(
GetPrivateKeyOnWorkerThread(slot.get(), public_key));
if (!private_key) {
LOG(ERROR) << "Private key for signing data not found";
@@ -93,8 +94,7 @@ void SignDataOnWorkerThread(
crypto::ScopedSECItem sign_result(SECITEM_AllocItem(NULL, NULL, 0));
if (SEC_SignData(sign_result.get(),
reinterpret_cast<const unsigned char*>(data.data()),
- data.size(),
- private_key->key(),
+ data.size(), private_key.get(),
SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION) != SECSuccess) {
LOG(ERROR) << "Failed to sign data";
response_task_runner->PostTask(FROM_HERE,
@@ -123,17 +123,20 @@ void CreateTpmKeyPairOnWorkerThread(
return;
}
- scoped_ptr<crypto::RSAPrivateKey> rsa_key(
- crypto::RSAPrivateKey::CreateSensitive(slot.get(), kKeyModulusLength));
- if (!rsa_key) {
+ crypto::ScopedSECKEYPublicKey public_key_obj;
+ crypto::ScopedSECKEYPrivateKey private_key;
Ryan Sleevi 2015/04/27 19:11:26 Why the different naming? public_key_obj vs privat
davidben 2015/04/27 19:53:44 Done.
+ if (!crypto::GenerateRSAKeyPairNSS(slot.get(), kKeyModulusLength,
+ true /* permanent */, &public_key_obj,
+ &private_key)) {
LOG(ERROR) << "Failed to create an RSA key.";
response_task_runner->PostTask(FROM_HERE,
base::Bind(callback, std::string()));
return;
}
- std::vector<uint8> created_public_key;
- if (!rsa_key->ExportPublicKey(&created_public_key)) {
+ crypto::ScopedSECItem created_public_key(
Ryan Sleevi 2015/04/27 19:11:26 seems like this should be named like public_key_de
davidben 2015/04/27 19:53:44 Done.
+ SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_obj.get()));
+ if (!created_public_key) {
LOG(ERROR) << "Failed to export public key.";
response_task_runner->PostTask(FROM_HERE,
base::Bind(callback, std::string()));
@@ -141,10 +144,9 @@ void CreateTpmKeyPairOnWorkerThread(
}
response_task_runner->PostTask(
- FROM_HERE,
- base::Bind(callback,
- std::string(created_public_key.begin(),
- created_public_key.end())));
+ FROM_HERE, base::Bind(callback, std::string(reinterpret_cast<const char*>(
+ created_public_key->data),
+ created_public_key->len)));
}
} // namespace
« no previous file with comments | « chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc ('k') | chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc » ('j') | chrome/browser/chromeos/platform_keys/platform_keys_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698