Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(534)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc

Issue 1118263003: Revert of Don't use RSAPrivateKey in NSS integration code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-refactor
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc ('k') | chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
diff --git a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
index 06c58978defd3afc04e80c765e98cac5ba394ce7..3321ed9a336e55cc9240c61ff3b2ba9d7e67ee62 100644
--- a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
+++ b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
@@ -5,7 +5,6 @@
#include "chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.h"
#include <cryptohi.h>
-#include <keyhi.h>
#include "base/base64.h"
#include "base/bind.h"
@@ -23,8 +22,8 @@
#include "chrome/browser/browser_process.h"
#include "chrome/common/pref_names.h"
#include "content/public/browser/browser_thread.h"
-#include "crypto/nss_key_util.h"
#include "crypto/nss_util_internal.h"
+#include "crypto/rsa_private_key.h"
#include "crypto/scoped_nss_types.h"
namespace {
@@ -58,7 +57,7 @@
// Checks if a private RSA key associated with |public_key| can be found in
// |slot|.
// Must be called on a worker thread.
-crypto::ScopedSECKEYPrivateKey GetPrivateKeyOnWorkerThread(
+scoped_ptr<crypto::RSAPrivateKey> GetPrivateKeyOnWorkerThread(
PK11SlotInfo* slot,
const std::string& public_key) {
const uint8* public_key_uint8 =
@@ -66,10 +65,10 @@
std::vector<uint8> public_key_vector(
public_key_uint8, public_key_uint8 + public_key.size());
- crypto::ScopedSECKEYPrivateKey rsa_key(
- crypto::FindNSSKeyFromPublicKeyInfoInSlot(public_key_vector, slot));
- if (!rsa_key || SECKEY_GetPrivateKeyType(rsa_key.get()) != rsaKey)
- return nullptr;
+ scoped_ptr<crypto::RSAPrivateKey> rsa_key(
+ crypto::RSAPrivateKey::FindFromPublicKeyInfo(public_key_vector));
+ if (!rsa_key || rsa_key->key()->pkcs11Slot != slot)
+ return scoped_ptr<crypto::RSAPrivateKey>();
return rsa_key.Pass();
}
@@ -82,7 +81,7 @@
const std::string& data,
const scoped_refptr<base::SingleThreadTaskRunner>& response_task_runner,
const base::Callback<void(const std::string&)>& callback) {
- crypto::ScopedSECKEYPrivateKey private_key(
+ scoped_ptr<crypto::RSAPrivateKey> private_key(
GetPrivateKeyOnWorkerThread(slot.get(), public_key));
if (!private_key) {
LOG(ERROR) << "Private key for signing data not found";
@@ -94,7 +93,8 @@
crypto::ScopedSECItem sign_result(SECITEM_AllocItem(NULL, NULL, 0));
if (SEC_SignData(sign_result.get(),
reinterpret_cast<const unsigned char*>(data.data()),
- data.size(), private_key.get(),
+ data.size(),
+ private_key->key(),
SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION) != SECSuccess) {
LOG(ERROR) << "Failed to sign data";
response_task_runner->PostTask(FROM_HERE,
@@ -123,20 +123,17 @@
return;
}
- crypto::ScopedSECKEYPublicKey public_key_obj;
- crypto::ScopedSECKEYPrivateKey private_key_obj;
- if (!crypto::GenerateRSAKeyPairNSS(slot.get(), kKeyModulusLength,
- true /* permanent */, &public_key_obj,
- &private_key_obj)) {
+ scoped_ptr<crypto::RSAPrivateKey> rsa_key(
+ crypto::RSAPrivateKey::CreateSensitive(slot.get(), kKeyModulusLength));
+ if (!rsa_key) {
LOG(ERROR) << "Failed to create an RSA key.";
response_task_runner->PostTask(FROM_HERE,
base::Bind(callback, std::string()));
return;
}
- crypto::ScopedSECItem public_key_der(
- SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_obj.get()));
- if (!public_key_der) {
+ std::vector<uint8> created_public_key;
+ if (!rsa_key->ExportPublicKey(&created_public_key)) {
LOG(ERROR) << "Failed to export public key.";
response_task_runner->PostTask(FROM_HERE,
base::Bind(callback, std::string()));
@@ -144,9 +141,10 @@
}
response_task_runner->PostTask(
- FROM_HERE, base::Bind(callback, std::string(reinterpret_cast<const char*>(
- public_key_der->data),
- public_key_der->len)));
+ FROM_HERE,
+ base::Bind(callback,
+ std::string(created_public_key.begin(),
+ created_public_key.end())));
}
} // namespace
« no previous file with comments | « chrome/browser/chromeos/login/auth/cryptohome_authenticator_unittest.cc ('k') | chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698