Chromium Code Reviews Chromium Code Reviews
Issue 66213002:
NSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKeySlot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: crypto/ec_private_key_nss.cc |
| diff --git a/crypto/ec_private_key_nss.cc b/crypto/ec_private_key_nss.cc |
| index 9bb9df124e497ca4a3c6077bbc88575bd6f16729..cea19f5f513550cc4d13c45ef103c7247174ba0b 100644 |
| --- a/crypto/ec_private_key_nss.cc |
| +++ b/crypto/ec_private_key_nss.cc |
| @@ -25,10 +25,6 @@ extern "C" { |
| namespace { |
| -PK11SlotInfo* GetKeySlot() { |
| - return crypto::GetPublicNSSKeySlot(); |
| -} |
| - |
| class EllipticCurveSupportChecker { |
| public: |
| EllipticCurveSupportChecker() { |
| @@ -37,7 +33,7 @@ class EllipticCurveSupportChecker { |
| // support ECDSA may block NSS, and the value may also change as devices are |
| // inserted/removed, so we would need to re-check on every use. |
| crypto::EnsureNSSInit(); |
| - crypto::ScopedPK11Slot slot(GetKeySlot()); |
| + crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
|
wtc
2013/11/11 20:56:25
It may be a good idea to keep the GetKeySlot() fun
mattm
2013/11/12 02:42:44
Done.
|
| supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && |
| PK11_DoesMechanism(slot.get(), CKM_ECDSA); |
| } |
| @@ -88,29 +84,30 @@ bool ECPrivateKey::IsSupported() { |
| // static |
| ECPrivateKey* ECPrivateKey::Create() { |
| - return CreateWithParams(PR_FALSE /* not permanent */, |
| + EnsureNSSInit(); |
| + |
| + return CreateWithParams(ScopedPK11Slot(PK11_GetInternalKeySlot()), |
|
wtc
2013/11/11 20:56:25
IMPORTANT: I think this should be PK11_GetInternal
mattm
2013/11/12 02:42:44
Done.
|
| + PR_FALSE /* not permanent */, |
| PR_FALSE /* not sensitive */); |
|
wtc
2013/11/11 20:56:25
Nit: these should be 'false' instead of 'PR_FALSE'
mattm
2013/11/12 02:42:44
Done.
|
| } |
| -// static |
| -ECPrivateKey* ECPrivateKey::CreateSensitive() { |
| #if defined(USE_NSS) |
| - return CreateWithParams(PR_TRUE /* permanent */, |
| - PR_TRUE /* sensitive */); |
| -#else |
| - // If USE_NSS is not defined, we initialize NSS with no databases, so we can't |
| - // create permanent keys. |
| - NOTREACHED(); |
| - return NULL; |
| -#endif |
| +// static |
| +ECPrivateKey* ECPrivateKey::CreateSensitive(ScopedPK11Slot slot) { |
| + return CreateWithParams( |
| + slot.Pass(), PR_TRUE /* permanent */, PR_TRUE /* sensitive */); |
|
wtc
2013/11/11 20:56:25
Nit: these should be 'true' instead of 'PR_TRUE'.
mattm
2013/11/12 02:42:44
Done.
|
| } |
| +#endif |
| // static |
| ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| const std::string& password, |
| const std::vector<uint8>& encrypted_private_key_info, |
| const std::vector<uint8>& subject_public_key_info) { |
| + EnsureNSSInit(); |
| + |
| return CreateFromEncryptedPrivateKeyInfoWithParams( |
| + ScopedPK11Slot(PK11_GetInternalKeySlot()), |
|
wtc
2013/11/11 20:56:25
IMPORTANT: I think this should be PK11_GetInternal
mattm
2013/11/12 02:42:44
Done.
|
| password, |
| encrypted_private_key_info, |
| subject_public_key_info, |
| @@ -118,28 +115,26 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| PR_FALSE /* not sensitive */); |
|
wtc
2013/11/11 20:56:25
Nit: these should be 'false' instead of 'PR_FALSE'
mattm
2013/11/12 02:42:44
Done.
|
| } |
| +#if defined(USE_NSS) |
| // static |
| ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo( |
| + ScopedPK11Slot slot, |
| const std::string& password, |
| const std::vector<uint8>& encrypted_private_key_info, |
| const std::vector<uint8>& subject_public_key_info) { |
| -#if defined(USE_NSS) |
| return CreateFromEncryptedPrivateKeyInfoWithParams( |
| + slot.Pass(), |
| password, |
| encrypted_private_key_info, |
| subject_public_key_info, |
| PR_TRUE /* permanent */, |
| PR_TRUE /* sensitive */); |
|
wtc
2013/11/11 20:56:25
Nit: these should be 'true' instead of 'PR_TRUE'.
mattm
2013/11/12 02:42:44
Done.
|
| -#else |
| - // If USE_NSS is not defined, we initialize NSS with no databases, so we can't |
| - // create permanent keys. |
| - NOTREACHED(); |
| - return NULL; |
| -#endif |
| } |
| +#endif |
| // static |
| bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
| + ScopedPK11Slot slot, |
| const std::string& password, |
| const uint8* encrypted_private_key_info, |
| size_t encrypted_private_key_info_len, |
| @@ -148,7 +143,6 @@ bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
| bool sensitive, |
| SECKEYPrivateKey** key, |
| SECKEYPublicKey** public_key) { |
| - ScopedPK11Slot slot(GetKeySlot()); |
| if (!slot.get()) |
| return false; |
| @@ -275,13 +269,11 @@ bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) { |
| ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {} |
| // static |
| -ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent, |
| +ECPrivateKey* ECPrivateKey::CreateWithParams(ScopedPK11Slot slot, |
| + bool permanent, |
| bool sensitive) { |
| - EnsureNSSInit(); |
| - |
| scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
| - ScopedPK11Slot slot(GetKeySlot()); |
| if (!slot.get()) |
| return NULL; |
| @@ -323,13 +315,12 @@ ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent, |
| // static |
| ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams( |
| + ScopedPK11Slot slot, |
| const std::string& password, |
| const std::vector<uint8>& encrypted_private_key_info, |
| const std::vector<uint8>& subject_public_key_info, |
| bool permanent, |
| bool sensitive) { |
| - EnsureNSSInit(); |
| - |
| scoped_ptr<ECPrivateKey> result(new ECPrivateKey); |
| SECItem encoded_spki = { |
| @@ -345,6 +336,7 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams( |
| } |
| bool success = ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
|
wtc
2013/11/11 22:18:54
Could you take the opportunity to remove "ECPrivat
mattm
2013/11/12 02:42:44
Done.
|
| + slot.Pass(), |
| password, |
| &encrypted_private_key_info[0], |
| encrypted_private_key_info.size(), |
