Chromium Code Reviews Chromium Code Reviews
Issue 66213002:
NSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKeySlot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: crypto/ec_private_key.h |
| diff --git a/crypto/ec_private_key.h b/crypto/ec_private_key.h |
| index d3f5b73af605ca0a064736271acf249df84f7f39..00dd8fd3a7a3b0d009f3dbeb4e05b967ae6500e9 100644 |
| --- a/crypto/ec_private_key.h |
| +++ b/crypto/ec_private_key.h |
| @@ -12,6 +12,10 @@ |
| #include "build/build_config.h" |
| #include "crypto/crypto_export.h" |
| +#if !defined(USE_OPENSSL) |
| +#include "crypto/scoped_nss_types.h" |
| +#endif |
|
wtc
2013/11/11 20:56:25
Move this to the #else block on lines 22-27.
mattm
2013/11/12 02:42:44
Done.
|
| + |
| #if defined(USE_OPENSSL) |
| // Forward declaration for openssl/*.h |
| typedef struct evp_pkey_st EVP_PKEY; |
| @@ -41,11 +45,13 @@ class CRYPTO_EXPORT ECPrivateKey { |
| // TODO(mattm): Add a curve parameter. |
| static ECPrivateKey* Create(); |
| +#if defined(USE_NSS) |
| // Creates a new random instance. Can return NULL if initialization fails. |
| // The created key is permanent and is not exportable in plaintext form. |
|
wtc
2013/11/11 20:56:25
Nit: mention the new |slot| argument.
mattm
2013/11/12 02:42:44
Done.
|
| // |
| // NOTE: Currently only available if USE_NSS is defined. |
|
wtc
2013/11/11 20:56:25
Nit: perhaps we can delete this comment now that t
mattm
2013/11/12 02:42:44
Done.
|
| - static ECPrivateKey* CreateSensitive(); |
| + static ECPrivateKey* CreateSensitive(ScopedPK11Slot slot); |
| +#endif |
| // Creates a new instance by importing an existing key pair. |
| // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo |
| @@ -56,6 +62,7 @@ class CRYPTO_EXPORT ECPrivateKey { |
| const std::vector<uint8>& encrypted_private_key_info, |
| const std::vector<uint8>& subject_public_key_info); |
| +#if defined(USE_NSS) |
| // Creates a new instance by importing an existing key pair. |
| // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo |
| // block and an X.509 SubjectPublicKeyInfo block. |
| @@ -64,9 +71,11 @@ class CRYPTO_EXPORT ECPrivateKey { |
| // |
| // NOTE: Currently only available if USE_NSS is defined. |
|
wtc
2013/11/11 20:56:25
Nit: perhaps we can delete this comment now that t
mattm
2013/11/12 02:42:44
Done.
|
| static ECPrivateKey* CreateSensitiveFromEncryptedPrivateKeyInfo( |
| + ScopedPK11Slot slot, |
| const std::string& password, |
| const std::vector<uint8>& encrypted_private_key_info, |
| const std::vector<uint8>& subject_public_key_info); |
| +#endif |
| #if !defined(USE_OPENSSL) |
| // Imports the key pair and returns in |public_key| and |key|. |
| @@ -74,6 +83,7 @@ class CRYPTO_EXPORT ECPrivateKey { |
| // without having to create a ECPrivateKey object and make a copy of them. |
| // TODO(mattm): move this function to some NSS util file. |
| static bool ImportFromEncryptedPrivateKeyInfo( |
| + ScopedPK11Slot slot, |
| const std::string& password, |
| const uint8* encrypted_private_key_info, |
| size_t encrypted_private_key_info_len, |
| @@ -112,20 +122,24 @@ class CRYPTO_EXPORT ECPrivateKey { |
| // Constructor is private. Use one of the Create*() methods above instead. |
| ECPrivateKey(); |
| +#if !defined(USE_OPENSSL) |
| // Shared helper for Create() and CreateSensitive(). |
| // TODO(cmasone): consider replacing |permanent| and |sensitive| with a |
| // flags arg created by ORing together some enumerated values. |
| - static ECPrivateKey* CreateWithParams(bool permanent, |
| + static ECPrivateKey* CreateWithParams(ScopedPK11Slot slot, |
| + bool permanent, |
| bool sensitive); |
| // Shared helper for CreateFromEncryptedPrivateKeyInfo() and |
| // CreateSensitiveFromEncryptedPrivateKeyInfo(). |
| static ECPrivateKey* CreateFromEncryptedPrivateKeyInfoWithParams( |
| + ScopedPK11Slot slot, |
| const std::string& password, |
| const std::vector<uint8>& encrypted_private_key_info, |
| const std::vector<uint8>& subject_public_key_info, |
| bool permanent, |
| bool sensitive); |
| +#endif |
| #if defined(USE_OPENSSL) |
| EVP_PKEY* key_; |
