Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(720)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/rsa_private_key_nss.cc

Issue 17447009: On NSS, treat non-permanent RSA private keys as ephemeral (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Use software slot Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/rsa_private_key.h" 5 #include "crypto/rsa_private_key.h"
6 6
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <keyhi.h> 8 #include <keyhi.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 #include <secmod.h> 10 #include <secmod.h>
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after
199 } 199 }
200 200
201 // static 201 // static
202 RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits, 202 RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits,
203 bool permanent, 203 bool permanent,
204 bool sensitive) { 204 bool sensitive) {
205 EnsureNSSInit(); 205 EnsureNSSInit();
206 206
207 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); 207 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
208 208
209 ScopedPK11Slot slot(GetPrivateNSSKeySlot()); 209 ScopedPK11Slot slot(permanent ? GetPrivateNSSKeySlot() :
210 PK11_GetInternalSlot());
210 if (!slot.get()) 211 if (!slot.get())
211 return NULL; 212 return NULL;
212 213
213 PK11RSAGenParams param; 214 PK11RSAGenParams param;
214 param.keySizeInBits = num_bits; 215 param.keySizeInBits = num_bits;
215 param.pe = 65537L; 216 param.pe = 65537L;
216 result->key_ = PK11_GenerateKeyPair(slot.get(), 217 result->key_ = PK11_GenerateKeyPair(slot.get(),
217 CKM_RSA_PKCS_KEY_PAIR_GEN, 218 CKM_RSA_PKCS_KEY_PAIR_GEN,
218 &param, 219 &param,
219 &result->public_key_, 220 &result->public_key_,
220 permanent, 221 permanent,
221 sensitive, 222 sensitive,
222 NULL); 223 NULL);
223 if (!result->key_) 224 if (!result->key_)
224 return NULL; 225 return NULL;
225 226
226 return result.release(); 227 return result.release();
227 } 228 }
228 229
229 // static 230 // static
230 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( 231 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams(
231 const std::vector<uint8>& input, bool permanent, bool sensitive) { 232 const std::vector<uint8>& input, bool permanent, bool sensitive) {
232 // This method currently leaks some memory. 233 // This method currently leaks some memory.
233 // See http://crbug.com/34742. 234 // See http://crbug.com/34742.
234 ANNOTATE_SCOPED_MEMORY_LEAK; 235 ANNOTATE_SCOPED_MEMORY_LEAK;
235 EnsureNSSInit(); 236 EnsureNSSInit();
236 237
237 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); 238 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
238 239
239 ScopedPK11Slot slot(GetPrivateNSSKeySlot()); 240 ScopedPK11Slot slot(permanent ? GetPrivateNSSKeySlot() :
241 PK11_GetInternalSlot());
240 if (!slot.get()) 242 if (!slot.get())
241 return NULL; 243 return NULL;
242 244
243 SECItem der_private_key_info; 245 SECItem der_private_key_info;
244 der_private_key_info.data = const_cast<unsigned char*>(&input.front()); 246 der_private_key_info.data = const_cast<unsigned char*>(&input.front());
245 der_private_key_info.len = input.size(); 247 der_private_key_info.len = input.size();
246 // Allow the private key to be used for key unwrapping, data decryption, 248 // Allow the private key to be used for key unwrapping, data decryption,
247 // and signature generation. 249 // and signature generation.
248 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | 250 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT |
249 KU_DIGITAL_SIGNATURE; 251 KU_DIGITAL_SIGNATURE;
250 SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( 252 SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
251 slot.get(), &der_private_key_info, NULL, NULL, permanent, sensitive, 253 slot.get(), &der_private_key_info, NULL, NULL, permanent, sensitive,
252 key_usage, &result->key_, NULL); 254 key_usage, &result->key_, NULL);
253 if (rv != SECSuccess) { 255 if (rv != SECSuccess) {
254 NOTREACHED(); 256 NOTREACHED();
255 return NULL; 257 return NULL;
256 } 258 }
257 259
258 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_); 260 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_);
259 if (!result->public_key_) { 261 if (!result->public_key_) {
260 NOTREACHED(); 262 NOTREACHED();
261 return NULL; 263 return NULL;
262 } 264 }
263 265
264 return result.release(); 266 return result.release();
265 } 267 }
266 268
267 } // namespace crypto 269 } // namespace crypto
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698