Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(597)

Side by Side Diff: base/crypto/rsa_private_key_nss.cc

Issue 6667020: This change loads opencryptoki and uses the TPM for keygen tags. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Removing _db from names Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | base/nss_util.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/crypto/rsa_private_key.h" 5 #include "base/crypto/rsa_private_key.h"
6 6
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <keyhi.h> 8 #include <keyhi.h>
9 #include <pk11pub.h> 9 #include <pk11pub.h>
10 10
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after
100 100
101 result->public_key_ = SECKEY_ExtractPublicKey(spki); 101 result->public_key_ = SECKEY_ExtractPublicKey(spki);
102 SECKEY_DestroySubjectPublicKeyInfo(spki); 102 SECKEY_DestroySubjectPublicKeyInfo(spki);
103 if (!result->public_key_) { 103 if (!result->public_key_) {
104 NOTREACHED(); 104 NOTREACHED();
105 return NULL; 105 return NULL;
106 } 106 }
107 107
108 // Now, look for the associated private key in the user's NSS DB. If it's 108 // Now, look for the associated private key in the user's NSS DB. If it's
109 // not there, consider that an error. 109 // not there, consider that an error.
110 PK11SlotInfo *slot = GetDefaultNSSKeySlot(); 110 PK11SlotInfo *slot = GetPrivateNSSKeySlot();
111 if (!slot) { 111 if (!slot) {
112 NOTREACHED(); 112 NOTREACHED();
113 return NULL; 113 return NULL;
114 } 114 }
115 115
116 // Make sure the key is an RSA key. If not, that's an error 116 // Make sure the key is an RSA key. If not, that's an error
117 if (result->public_key_->keyType != rsaKey) { 117 if (result->public_key_->keyType != rsaKey) {
118 PK11_FreeSlot(slot); 118 PK11_FreeSlot(slot);
119 NOTREACHED(); 119 NOTREACHED();
120 return NULL; 120 return NULL;
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
183 } 183 }
184 184
185 // static 185 // static
186 RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits, 186 RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits,
187 bool permanent, 187 bool permanent,
188 bool sensitive) { 188 bool sensitive) {
189 base::EnsureNSSInit(); 189 base::EnsureNSSInit();
190 190
191 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); 191 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
192 192
193 PK11SlotInfo *slot = GetDefaultNSSKeySlot(); 193 PK11SlotInfo *slot = GetPrivateNSSKeySlot();
194 if (!slot) 194 if (!slot)
195 return NULL; 195 return NULL;
196 196
197 PK11RSAGenParams param; 197 PK11RSAGenParams param;
198 param.keySizeInBits = num_bits; 198 param.keySizeInBits = num_bits;
199 param.pe = 65537L; 199 param.pe = 65537L;
200 result->key_ = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &param, 200 result->key_ = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &param,
201 &result->public_key_, permanent, sensitive, NULL); 201 &result->public_key_, permanent, sensitive, NULL);
202 PK11_FreeSlot(slot); 202 PK11_FreeSlot(slot);
203 if (!result->key_) 203 if (!result->key_)
204 return NULL; 204 return NULL;
205 205
206 return result.release(); 206 return result.release();
207 } 207 }
208 208
209 // static 209 // static
210 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( 210 RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams(
211 const std::vector<uint8>& input, bool permanent, bool sensitive) { 211 const std::vector<uint8>& input, bool permanent, bool sensitive) {
212 // This method currently leaks some memory. 212 // This method currently leaks some memory.
213 // See http://crbug.com/34742. 213 // See http://crbug.com/34742.
214 ANNOTATE_SCOPED_MEMORY_LEAK; 214 ANNOTATE_SCOPED_MEMORY_LEAK;
215 base::EnsureNSSInit(); 215 base::EnsureNSSInit();
216 216
217 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey); 217 scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
218 218
219 PK11SlotInfo *slot = GetDefaultNSSKeySlot(); 219 PK11SlotInfo *slot = GetPrivateNSSKeySlot();
220 if (!slot) 220 if (!slot)
221 return NULL; 221 return NULL;
222 222
223 SECItem der_private_key_info; 223 SECItem der_private_key_info;
224 der_private_key_info.data = const_cast<unsigned char*>(&input.front()); 224 der_private_key_info.data = const_cast<unsigned char*>(&input.front());
225 der_private_key_info.len = input.size(); 225 der_private_key_info.len = input.size();
226 // Allow the private key to be used for key unwrapping, data decryption, 226 // Allow the private key to be used for key unwrapping, data decryption,
227 // and signature generation. 227 // and signature generation.
228 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT | 228 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DATA_ENCIPHERMENT |
229 KU_DIGITAL_SIGNATURE; 229 KU_DIGITAL_SIGNATURE;
230 SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( 230 SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
231 slot, &der_private_key_info, NULL, NULL, permanent, sensitive, 231 slot, &der_private_key_info, NULL, NULL, permanent, sensitive,
232 key_usage, &result->key_, NULL); 232 key_usage, &result->key_, NULL);
233 PK11_FreeSlot(slot); 233 PK11_FreeSlot(slot);
234 if (rv != SECSuccess) { 234 if (rv != SECSuccess) {
235 NOTREACHED(); 235 NOTREACHED();
236 return NULL; 236 return NULL;
237 } 237 }
238 238
239 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_); 239 result->public_key_ = SECKEY_ConvertToPublicKey(result->key_);
240 if (!result->public_key_) { 240 if (!result->public_key_) {
241 NOTREACHED(); 241 NOTREACHED();
242 return NULL; 242 return NULL;
243 } 243 }
244 244
245 return result.release(); 245 return result.release();
246 } 246 }
247 247
248 } // namespace base 248 } // namespace base
OLDNEW
« no previous file with comments | « no previous file | base/nss_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698