Change the Chrome OS PKCS #11 module from libopencryptoki.so to libchaps.so.

This CL is part of a larger effort to replace opencryptoki as the PKCS #11 layer in Chrome OS. In this first phase, libchaps.so forwards requests to a daemon (chapsd) which loads opencryptoki to service the requests. You can find the Chaps design doc here: https://docs.google.com/a/google.com/document/d/1TQFc6GABKa1JgwUx2hIcxAHQ329fkd03yYlGxhfHQlQ/edit Change-Id: I42962c4703413039641b6ede40caaf0c97ab900e BUG=chromium-os:21005 TEST=* Ensure previously existing certs still exist. * Import new cert and private key from PKCS12 file. Review URL: http://codereview.chromium.org/8527006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@110435 0039d316-1c4b-4281-b951-d872f2087c98
author: dkrahn@chromium.org <dkrahn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-11-17 05:12:02 +0000
committer: dkrahn@chromium.org <dkrahn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-11-17 05:12:02 +0000
commit: 84e4772b1fa55875f44d13e3f82092eb6c948fe1 (patch)
tree: 4f4dbbf4b68ac6566ff51960887724d8c7f4c18d /crypto/nss_util.cc
parent: 81ad8eaac9d33c92acd40a710266d939d7deef3e (diff)
download: chromium_src-84e4772b1fa55875f44d13e3f82092eb6c948fe1.zip
chromium_src-84e4772b1fa55875f44d13e3f82092eb6c948fe1.tar.gz
chromium_src-84e4772b1fa55875f44d13e3f82092eb6c948fe1.tar.bz2
1 files changed, 19 insertions, 19 deletions
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index 6bebd0d..53602c3 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -55,9 +55,9 @@ namespace {
 #if defined(OS_CHROMEOS)
 const char kNSSDatabaseName[] = "Real NSS database";
 
-// Constants for loading opencryptoki.
-const char kOpencryptokiModuleName[] = "opencryptoki";
-const char kOpencryptokiPath[] = "/usr/lib/opencryptoki/libopencryptoki.so";
+// Constants for loading the Chrome OS TPM-backed PKCS #11 library.
+const char kChapsModuleName[] = "Chaps";
+const char kChapsPath[] = "libchaps.so";
 
 // Fake certificate authority database used for testing.
 static const FilePath::CharType kReadOnlyCertDB[] =
@@ -245,7 +245,7 @@ class NSSInitSingleton {
     tpm_token_info_delegate_.reset(info_delegate);
   }
 
-  // This is called whenever we want to make sure opencryptoki is
+  // This is called whenever we want to make sure Chaps is
   // properly loaded, because it can fail shortly after the initial
   // login while the PINs are being initialized, and we want to retry
   // if this happens.
@@ -255,16 +255,16 @@ class NSSInitSingleton {
       return false;
 
     // If everything is already initialized, then return true.
-    if (opencryptoki_module_ && tpm_slot_)
+    if (chaps_module_ && tpm_slot_)
       return true;
 
     if (tpm_token_info_delegate_->IsTokenReady()) {
-      // This tries to load the opencryptoki module so NSS can talk to
-      // the hardware TPM.
-      if (!opencryptoki_module_) {
-        opencryptoki_module_ = LoadModule(
-            kOpencryptokiModuleName,
-            kOpencryptokiPath,
+      // This tries to load the Chaps module so NSS can talk to the hardware
+      // TPM.
+      if (!chaps_module_) {
+        chaps_module_ = LoadModule(
+            kChapsModuleName,
+            kChapsPath,
             // trustOrder=100 -- means it'll select this as the most
             //   trusted slot for the mechanisms it provides.
             // slotParams=... -- selects RSA as the only mechanism, and only
@@ -272,7 +272,7 @@ class NSSInitSingleton {
             //   time, or after a timeout).
             "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})");
       }
-      if (opencryptoki_module_) {
+      if (chaps_module_) {
         // If this gets set, then we'll use the TPM for certs with
         // private keys, otherwise we'll fall back to the software
         // implementation.
@@ -373,7 +373,7 @@ class NSSInitSingleton {
 
 #if defined(OS_CHROMEOS)
     // Make sure that if EnableTPMTokenForNSS has been called that we
-    // have successfully loaded opencryptoki.
+    // have successfully loaded Chaps.
     if (tpm_token_info_delegate_.get() != NULL) {
       if (EnsureTPMTokenReady()) {
         return PK11_ReferenceSlot(tpm_slot_);
@@ -407,7 +407,7 @@ class NSSInitSingleton {
   friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>;
 
   NSSInitSingleton()
-      : opencryptoki_module_(NULL),
+      : chaps_module_(NULL),
         software_slot_(NULL),
         test_slot_(NULL),
         tpm_slot_(NULL),
@@ -522,10 +522,10 @@ class NSSInitSingleton {
       SECMOD_DestroyModule(root_);
       root_ = NULL;
     }
-    if (opencryptoki_module_) {
-      SECMOD_UnloadUserModule(opencryptoki_module_);
-      SECMOD_DestroyModule(opencryptoki_module_);
-      opencryptoki_module_ = NULL;
+    if (chaps_module_) {
+      SECMOD_UnloadUserModule(chaps_module_);
+      SECMOD_DestroyModule(chaps_module_);
+      chaps_module_ = NULL;
     }
 
     SECStatus status = NSS_Shutdown();
@@ -596,7 +596,7 @@ class NSSInitSingleton {
   scoped_ptr<TPMTokenInfoDelegate> tpm_token_info_delegate_;
 #endif
 
-  SECMODModule* opencryptoki_module_;
+  SECMODModule* chaps_module_;
   PK11SlotInfo* software_slot_;
   PK11SlotInfo* test_slot_;
   PK11SlotInfo* tpm_slot_;
author	dkrahn@chromium.org <dkrahn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-11-17 05:12:02 +0000
committer	dkrahn@chromium.org <dkrahn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-11-17 05:12:02 +0000
commit	84e4772b1fa55875f44d13e3f82092eb6c948fe1 (patch)
tree	4f4dbbf4b68ac6566ff51960887724d8c7f4c18d /crypto/nss_util.cc
parent	81ad8eaac9d33c92acd40a710266d939d7deef3e (diff)
download	chromium_src-84e4772b1fa55875f44d13e3f82092eb6c948fe1.zip chromium_src-84e4772b1fa55875f44d13e3f82092eb6c948fe1.tar.gz chromium_src-84e4772b1fa55875f44d13e3f82092eb6c948fe1.tar.bz2