| Index: crypto/ec_private_key_nss.cc
|
| diff --git a/crypto/ec_private_key_nss.cc b/crypto/ec_private_key_nss.cc
|
| index 9bb9df124e497ca4a3c6077bbc88575bd6f16729..1d3bf889204a6b7c2f44c96923160f31785ea335 100644
|
| --- a/crypto/ec_private_key_nss.cc
|
| +++ b/crypto/ec_private_key_nss.cc
|
| @@ -25,8 +25,8 @@ extern "C" {
|
|
|
| namespace {
|
|
|
| -PK11SlotInfo* GetKeySlot() {
|
| - return crypto::GetPublicNSSKeySlot();
|
| +PK11SlotInfo* GetTempKeySlot() {
|
| + return PK11_GetInternalSlot();
|
| }
|
|
|
| class EllipticCurveSupportChecker {
|
| @@ -37,7 +37,7 @@ class EllipticCurveSupportChecker {
|
| // support ECDSA may block NSS, and the value may also change as devices are
|
| // inserted/removed, so we would need to re-check on every use.
|
| crypto::EnsureNSSInit();
|
| - crypto::ScopedPK11Slot slot(GetKeySlot());
|
| + crypto::ScopedPK11Slot slot(GetTempKeySlot());
|
| supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) &&
|
| PK11_DoesMechanism(slot.get(), CKM_ECDSA);
|
| }
|
| @@ -88,58 +88,59 @@ bool ECPrivateKey::IsSupported() {
|
|
|
| // static
|
| ECPrivateKey* ECPrivateKey::Create() {
|
| - return CreateWithParams(PR_FALSE /* not permanent */,
|
| - PR_FALSE /* not sensitive */);
|
| + EnsureNSSInit();
|
| +
|
| + ScopedPK11Slot slot(GetTempKeySlot());
|
| + return CreateWithParams(slot.get(),
|
| + false /* not permanent */,
|
| + false /* not sensitive */);
|
| }
|
|
|
| -// static
|
| -ECPrivateKey* ECPrivateKey::CreateSensitive() {
|
| #if defined(USE_NSS)
|
| - return CreateWithParams(PR_TRUE /* permanent */,
|
| - PR_TRUE /* sensitive */);
|
| -#else
|
| - // If USE_NSS is not defined, we initialize NSS with no databases, so we can't
|
| - // create permanent keys.
|
| - NOTREACHED();
|
| - return NULL;
|
| -#endif
|
| +// static
|
| +ECPrivateKey* ECPrivateKey::CreateSensitive(PK11SlotInfo* slot) {
|
| + return CreateWithParams(
|
| + slot, true /* permanent */, true /* sensitive */);
|
| }
|
| +#endif
|
|
|
| // static
|
| ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
|
| const std::string& password,
|
| const std::vector<uint8>& encrypted_private_key_info,
|
| const std::vector<uint8>& subject_public_key_info) {
|
| + EnsureNSSInit();
|
| +
|
| + ScopedPK11Slot slot(GetTempKeySlot());
|
| return CreateFromEncryptedPrivateKeyInfoWithParams(
|
| + slot.get(),
|
| password,
|
| encrypted_private_key_info,
|
| subject_public_key_info,
|
| - PR_FALSE /* not permanent */,
|
| - PR_FALSE /* not sensitive */);
|
| + false /* not permanent */,
|
| + false /* not sensitive */);
|
| }
|
|
|
| +#if defined(USE_NSS)
|
| // static
|
| ECPrivateKey* ECPrivateKey::CreateSensitiveFromEncryptedPrivateKeyInfo(
|
| + PK11SlotInfo* slot,
|
| const std::string& password,
|
| const std::vector<uint8>& encrypted_private_key_info,
|
| const std::vector<uint8>& subject_public_key_info) {
|
| -#if defined(USE_NSS)
|
| return CreateFromEncryptedPrivateKeyInfoWithParams(
|
| + slot,
|
| password,
|
| encrypted_private_key_info,
|
| subject_public_key_info,
|
| - PR_TRUE /* permanent */,
|
| - PR_TRUE /* sensitive */);
|
| -#else
|
| - // If USE_NSS is not defined, we initialize NSS with no databases, so we can't
|
| - // create permanent keys.
|
| - NOTREACHED();
|
| - return NULL;
|
| -#endif
|
| + true /* permanent */,
|
| + true /* sensitive */);
|
| }
|
| +#endif
|
|
|
| // static
|
| bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
|
| + PK11SlotInfo* slot,
|
| const std::string& password,
|
| const uint8* encrypted_private_key_info,
|
| size_t encrypted_private_key_info_len,
|
| @@ -148,8 +149,7 @@ bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
|
| bool sensitive,
|
| SECKEYPrivateKey** key,
|
| SECKEYPublicKey** public_key) {
|
| - ScopedPK11Slot slot(GetKeySlot());
|
| - if (!slot.get())
|
| + if (!slot)
|
| return false;
|
|
|
| *public_key = SECKEY_ExtractPublicKey(decoded_spki);
|
| @@ -188,7 +188,7 @@ bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
|
| };
|
|
|
| rv = ImportEncryptedECPrivateKeyInfoAndReturnKey(
|
| - slot.get(),
|
| + slot,
|
| &epki,
|
| &password_item,
|
| NULL, // nickname
|
| @@ -275,16 +275,14 @@ bool ECPrivateKey::ExportECParams(std::vector<uint8>* output) {
|
| ECPrivateKey::ECPrivateKey() : key_(NULL), public_key_(NULL) {}
|
|
|
| // static
|
| -ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent,
|
| +ECPrivateKey* ECPrivateKey::CreateWithParams(PK11SlotInfo* slot,
|
| + bool permanent,
|
| bool sensitive) {
|
| - EnsureNSSInit();
|
| + if (!slot)
|
| + return NULL;
|
|
|
| scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
|
|
|
| - ScopedPK11Slot slot(GetKeySlot());
|
| - if (!slot.get())
|
| - return NULL;
|
| -
|
| SECOidData* oid_data = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
|
| if (!oid_data) {
|
| DLOG(ERROR) << "SECOID_FindOIDByTag: " << PORT_GetError();
|
| @@ -306,7 +304,7 @@ ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent,
|
| ec_parameters.data[1] = oid_data->oid.len;
|
| memcpy(ec_parameters.data + 2, oid_data->oid.data, oid_data->oid.len);
|
|
|
| - result->key_ = PK11_GenerateKeyPair(slot.get(),
|
| + result->key_ = PK11_GenerateKeyPair(slot,
|
| CKM_EC_KEY_PAIR_GEN,
|
| &ec_parameters,
|
| &result->public_key_,
|
| @@ -323,13 +321,12 @@ ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent,
|
|
|
| // static
|
| ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams(
|
| + PK11SlotInfo* slot,
|
| const std::string& password,
|
| const std::vector<uint8>& encrypted_private_key_info,
|
| const std::vector<uint8>& subject_public_key_info,
|
| bool permanent,
|
| bool sensitive) {
|
| - EnsureNSSInit();
|
| -
|
| scoped_ptr<ECPrivateKey> result(new ECPrivateKey);
|
|
|
| SECItem encoded_spki = {
|
| @@ -344,7 +341,8 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfoWithParams(
|
| return NULL;
|
| }
|
|
|
| - bool success = ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
|
| + bool success = ImportFromEncryptedPrivateKeyInfo(
|
| + slot,
|
| password,
|
| &encrypted_private_key_info[0],
|
| encrypted_private_key_info.size(),
|
|
|
Chromium Code Reviews
Issue 66213002:
NSS: {EC,RSA}PrivateKey shouldn't call crypto::GetPublicNSSKeySlot or GetPrivateNSSKeySlot. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src