Changed OAuth token+secret encryption to use supplemental user key from NSS DB.

BUG=chromium-os:18633 TEST=none Review URL: http://codereview.chromium.org/7756025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@99912 0039d316-1c4b-4281-b951-d872f2087c98
author: zelidrag@chromium.org <zelidrag@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-09-07 04:01:03 +0000
committer: zelidrag@chromium.org <zelidrag@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-09-07 04:01:03 +0000
commit: 6e3d9a9cf7aec1dc9777c2860e39ee7751a3e004 (patch)
tree: 4aa823b32cdc4d026a15996a407f80f15913fee8 /crypto/nss_util.cc
parent: 3f7af10d3e7d931500433326908d261333710b31 (diff)
download: chromium_src-6e3d9a9cf7aec1dc9777c2860e39ee7751a3e004.zip
chromium_src-6e3d9a9cf7aec1dc9777c2860e39ee7751a3e004.tar.gz
chromium_src-6e3d9a9cf7aec1dc9777c2860e39ee7751a3e004.tar.bz2
1 files changed, 50 insertions, 0 deletions
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index aa41ba2..9020e7e 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -31,6 +31,10 @@
 #include "base/threading/thread_restrictions.h"
 #include "crypto/scoped_nss_types.h"
 
+#if defined(OS_CHROMEOS)
+#include "crypto/symmetric_key.h"
+#endif
+
 // USE_NSS means we use NSS for everything crypto-related.  If USE_NSS is not
 // defined, such as on Mac and Windows, we use NSS for SSL only -- we don't
 // use NSS for crypto or certificate verification, and we don't use the NSS
@@ -83,6 +87,15 @@ FilePath GetDefaultConfigDirectory() {
   return dir;
 }
 
+#if defined(OS_CHROMEOS)
+// Supplemental user key id.
+unsigned char kSupplementalUserKeyId[] = {
+  0xCC, 0x13, 0x19, 0xDE, 0x75, 0x5E, 0xFE, 0xFA,
+  0x5E, 0x71, 0xD4, 0xA6, 0xFB, 0x00, 0x00, 0xCC
+};
+#endif  // defined(OS_CHROMEOS)
+
+
 // On non-chromeos platforms, return the default config directory.
 // On chromeos, return a read-only directory with fake root CA certs for testing
 // (which will not exist on non-testing images).  These root CA certs are used
@@ -288,6 +301,40 @@ class NSSInitSingleton {
     return FindSlotWithTokenName(token_name);
   }
 
+  SymmetricKey* GetSupplementalUserKey() {
+    DCHECK(chromeos_user_logged_in_);
+
+    PK11SlotInfo* slot = NULL;
+    PK11SymKey* key = NULL;
+    SECItem keyID;
+    CK_MECHANISM_TYPE type = CKM_AES_ECB;
+
+    slot = GetPublicNSSKeySlot();
+    if (!slot)
+      goto done;
+
+    if (PK11_Authenticate(slot, PR_TRUE, NULL) != SECSuccess)
+      goto done;
+
+    keyID.type = siBuffer;
+    keyID.data = kSupplementalUserKeyId;
+    keyID.len = static_cast<int>(sizeof(kSupplementalUserKeyId));
+
+    // Find/generate AES key.
+    key = PK11_FindFixedKey(slot, type, &keyID, NULL);
+    if (!key) {
+      const int kKeySizeInBytes = 32;
+      key = PK11_TokenKeyGen(slot, type, NULL,
+                             kKeySizeInBytes,
+                             &keyID, PR_TRUE, NULL);
+    }
+
+  done:
+    if (slot)
+      PK11_FreeSlot(slot);
+
+    return key ? SymmetricKey::CreateFromKey(key) : NULL;
+  }
 #endif  // defined(OS_CHROMEOS)
 
 
@@ -702,6 +749,9 @@ bool EnsureTPMTokenReady() {
   return g_nss_singleton.Get().EnsureTPMTokenReady();
 }
 
+SymmetricKey* GetSupplementalUserKey() {
+  return g_nss_singleton.Get().GetSupplementalUserKey();
+}
 #endif  // defined(OS_CHROMEOS)
 
 // TODO(port): Implement this more simply.  We can convert by subtracting an
author	zelidrag@chromium.org <zelidrag@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-09-07 04:01:03 +0000
committer	zelidrag@chromium.org <zelidrag@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-09-07 04:01:03 +0000
commit	6e3d9a9cf7aec1dc9777c2860e39ee7751a3e004 (patch)
tree	4aa823b32cdc4d026a15996a407f80f15913fee8 /crypto/nss_util.cc
parent	3f7af10d3e7d931500433326908d261333710b31 (diff)
download	chromium_src-6e3d9a9cf7aec1dc9777c2860e39ee7751a3e004.zip chromium_src-6e3d9a9cf7aec1dc9777c2860e39ee7751a3e004.tar.gz chromium_src-6e3d9a9cf7aec1dc9777c2860e39ee7751a3e004.tar.bz2