NSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKeySlot.

crypto/ec_private_key.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CRYPTO_EC_PRIVATE_KEY_H_
 #define CRYPTO_EC_PRIVATE_KEY_H_
 
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "build/build_config.h"
 #include "crypto/crypto_export.h"
 
+#if !defined(USE_OPENSSL)
+#include "crypto/scoped_nss_types.h"
+#endif

[wtc, 2013/11/11 20:56:25]

Move this to the #else block on lines 22-27.

[mattm, 2013/11/12 02:42:44]

Done.

+
 #if defined(USE_OPENSSL)
 // Forward declaration for openssl/*.h
 typedef struct evp_pkey_st EVP_PKEY;
 #else
 // Forward declaration.
 typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
 typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
 #endif
 
 namespace crypto {
 
 // Encapsulates an elliptic curve (EC) private key. Can be used to generate new
 // keys, export keys to other formats, or to extract a public key.
 // TODO(mattm): make this and RSAPrivateKey implement some PrivateKey interface.
 // (The difference in types of key() and public_key() make this a little
 // tricky.)
 class CRYPTO_EXPORT ECPrivateKey {
  public:
   ~ECPrivateKey();
 
   // Returns whether the system supports elliptic curve cryptography.
   static bool IsSupported();
 
   // Creates a new random instance. Can return NULL if initialization fails.
   // The created key will use the NIST P-256 curve.
   // TODO(mattm): Add a curve parameter.
   static ECPrivateKey* Create();
 
+#if defined(USE_NSS)
   // Creates a new random instance. Can return NULL if initialization fails.
   // The created key is permanent and is not exportable in plaintext form.

[wtc, 2013/11/11 20:56:25]

Nit: mention the new |slot| argument.

[mattm, 2013/11/12 02:42:44]

Done.

   //
   // NOTE: Currently only available if USE_NSS is defined.

[wtc, 2013/11/11 20:56:25]

Nit: perhaps we can delete this comment now that the function is inside #if
defined(USE_NSS).

[mattm, 2013/11/12 02:42:44]

Done.

-  static ECPrivateKey* CreateSensitive();
+  static ECPrivateKey* CreateSensitive(ScopedPK11Slot slot);
+#endif
 
   // Creates a new instance by importing an existing key pair.
   // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
   // block and an X.509 SubjectPublicKeyInfo block.
   // Returns NULL if initialization fails.
   static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo(
       const std::string& password,
       const std::vector<uint8>& encrypted_private_key_info,
       const std::vector<uint8>& subject_public_key_info);
 
+#if defined(USE_NSS)
   // Creates a new instance by importing an existing key pair.
   // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
   // block and an X.509 SubjectPublicKeyInfo block.
   // This can return NULL if initialization fails.  The created key is permanent
   // and is not exportable in plaintext form.
   //
   // NOTE: Currently only available if USE_NSS is defined.

[wtc, 2013/11/11 20:56:25]

Nit: perhaps we can delete this comment now that the function is inside #if
defined(USE_NSS).

[mattm, 2013/11/12 02:42:44]

Done.

   static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo(
+      ScopedPK11Slot slot,
       const std::string& password,
       const std::vector<uint8>& encrypted_private_key_info,
       const std::vector<uint8>& subject_public_key_info);
+#endif
 
 #if !defined(USE_OPENSSL)
   // Imports the key pair and returns in |public_key| and |key|.
   // Shortcut for code that needs to keep a reference directly to NSS types
   // without having to create a ECPrivateKey object and make a copy of them.
   // TODO(mattm): move this function to some NSS util file.
   static bool ImportFromEncryptedPrivateKeyInfo(
+      ScopedPK11Slot slot,
       const std::string& password,
       const uint8* encrypted_private_key_info,
       size_t encrypted_private_key_info_len,
       CERTSubjectPublicKeyInfo* decoded_spki,
       bool permanent,
       bool sensitive,
       SECKEYPrivateKey** key,
       SECKEYPublicKey** public_key);
 #endif
 
@@ skipping 18 matching lines @@
 
   // Exports private key data for testing. The format of data stored into output
   // doesn't matter other than that it is consistent for the same key.
   bool ExportValue(std::vector<uint8>* output);
   bool ExportECParams(std::vector<uint8>* output);
 
  private:
   // Constructor is private. Use one of the Create*() methods above instead.
   ECPrivateKey();
 
+#if !defined(USE_OPENSSL)
   // Shared helper for Create() and CreateSensitive().
   // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
   //                flags arg created by ORing together some enumerated values.
-  static ECPrivateKey* CreateWithParams(bool permanent,
+  static ECPrivateKey* CreateWithParams(ScopedPK11Slot slot,
+                                        bool permanent,
                                         bool sensitive);
 
   // Shared helper for CreateFromEncryptedPrivateKeyInfo() and
   // CreateSensitiveFromEncryptedPrivateKeyInfo().
   static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams(
+      ScopedPK11Slot slot,
       const std::string& password,
       const std::vector<uint8>& encrypted_private_key_info,
       const std::vector<uint8>& subject_public_key_info,
       bool permanent,
       bool sensitive);
+#endif
 
 #if defined(USE_OPENSSL)
   EVP_PKEY* key_;
 #else
   SECKEYPrivateKey* key_;
   SECKEYPublicKey* public_key_;
 #endif
 
   DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
 };
 
 
 }  // namespace crypto
 
 #endif  // CRYPTO_EC_PRIVATE_KEY_H_