Revert of Don't use RSAPrivateKey in NSS integration code. (patchset #6 id:100001 of https://codereview.chromium.org/1106103003/)

Reason for revert: Causes SEGV during login on Chrome OS BUG=483606 Original issue's description: > Don't use RSAPrivateKey in NSS integration code. > > Currently some NSS platform integration logic transits private keys through > RSAPrivateKey on CrOS. This prevents incrementally switching RSAPrivateKey to > BoringSSL while keeping platform integrations on NSS. > > The intent of this change is to clarify RSAPrivateKey as a BoringSSL vs NSS > internal crypto library (use_openssl=0 vs use_openssl=1) abstraction. It's > primarily to be used with SignatureCreator. Code which uses NSS based on > use_nss_certs rather than use_openssl because the underlying platform is NSS > should call NSS routines directly, or introduce different abstractions. > > Remove the problematic RSAPrivateKey methods and instead add > crypto/nss_key_util.h which contains some helper functions for manipulating NSS > keys. This is sufficient to allow consumers of the removed methods to use NSS > directly with about as much code. (This should not set back migrating that > logic to NSS as that code was already very NSS-specific; those APIs assumed > PK11SlotInfo.) > > nss_key_util.h, like nss_util.h, is built whenever NSS is used either > internally or for platform integrations. This is so rsa_private_key_nss.cc can > continue to use the helper functions to implement the NSS-agnostic interface. > > With this, the chimera CrOS configuration should build. The RSAPrivateKey logic > is functional with the exception of some logic in components/ownership. That > will be resolved in a future CL. > > BUG=478777 > > Committed: https://crrev.com/a46a990b2ccae2b66e87b5f76d2866044dc3182e > Cr-Commit-Position: refs/heads/master@{#327909} TBR=rsleevi@chromium.org,pneubeck@chromium.org,dpolukhin@chromium.org,caitkp@chromium.org,davidben@chromium.org NOPRESUBMIT=true NOTREECHECKS=true NOTRY=true BUG=483606 Review URL: https://codereview.chromium.org/1118263003 Cr-Commit-Position: refs/heads/master@{#327978}
author: spang <spang@chromium.org> 2015-05-01 14:01:57 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-05-01 21:02:38 +0000
commit: 9ce3458d9a03b38ca717291d08d564e12fd8254a (patch)
tree: b0f4570294cfb11e72f16cf0e424f40313ff2fdb /crypto/rsa_private_key.h
parent: c10dfc7c662c078a7310e6c7d6041763150ce494 (diff)
download: chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.zip
chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.gz
chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.bz2
1 files changed, 68 insertions, 1 deletions
diff --git a/crypto/rsa_private_key.h b/crypto/rsa_private_key.h
index 637be38..9ab9c57 100644
--- a/crypto/rsa_private_key.h
+++ b/crypto/rsa_private_key.h
@@ -191,6 +191,44 @@ class CRYPTO_EXPORT RSAPrivateKey {
   static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key);
 #endif
 
+  // TODO(davidben): These functions are used when NSS is the platform key
+  // store, but they also assume that the internal crypto library is NSS. Split
+  // out the convenience NSS platform key methods from the logic which expects
+  // an RSAPrivateKey. See https://crbug.com/478777.
+#if defined(USE_NSS_CERTS) && !defined(USE_OPENSSL)
+  // Create a new random instance in |slot|. Can return NULL if initialization
+  // fails.  The created key is permanent and is not exportable in plaintext
+  // form.
+  static RSAPrivateKey* CreateSensitive(PK11SlotInfo* slot, uint16 num_bits);
+
+  // Create a new instance in |slot| by importing an existing private key. The
+  // format is an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can
+  // return NULL if initialization fails.
+  // The created key is permanent and is not exportable in plaintext form.
+  static RSAPrivateKey* CreateSensitiveFromPrivateKeyInfo(
+      PK11SlotInfo* slot,
+      const std::vector<uint8>& input);
+
+  // Import an existing public key, and then search for the private
+  // half in the key database. The format of the public key blob is is
+  // an X509 SubjectPublicKeyInfo block. This can return NULL if
+  // initialization fails or the private key cannot be found.  The
+  // caller takes ownership of the returned object, but nothing new is
+  // created in the key database.
+  static RSAPrivateKey* FindFromPublicKeyInfo(
+      const std::vector<uint8>& input);
+
+  // Import an existing public key, and then search for the private
+  // half in the slot specified by |slot|. The format of the public
+  // key blob is is an X509 SubjectPublicKeyInfo block. This can return
+  // NULL if initialization fails or the private key cannot be found.
+  // The caller takes ownership of the returned object, but nothing new
+  // is created in the slot.
+  static RSAPrivateKey* FindFromPublicKeyInfoInSlot(
+      const std::vector<uint8>& input,
+      PK11SlotInfo* slot);
+#endif  // USE_NSS_CERTS && !USE_OPENSSL
+
 #if defined(USE_OPENSSL)
   EVP_PKEY* key() { return key_; }
 #else
@@ -213,9 +251,38 @@ class CRYPTO_EXPORT RSAPrivateKey {
   FRIEND_TEST_ALL_PREFIXES(RSAPrivateKeyNSSTest, FailedFindFromPublicKey);
 #endif
 
-  // Constructor is private. Use one of the Create*() methods above instead.
+  // Constructor is private. Use one of the Create*() or Find*()
+  // methods above instead.
   RSAPrivateKey();
 
+#if !defined(USE_OPENSSL)
+  // Shared helper for Create() and CreateSensitive().
+  // TODO(cmasone): consider replacing |permanent| and |sensitive| with a
+  //                flags arg created by ORing together some enumerated values.
+  // Note: |permanent| is only supported when USE_NSS_CERTS is defined.
+  static RSAPrivateKey* CreateWithParams(PK11SlotInfo* slot,
+                                         uint16 num_bits,
+                                         bool permanent,
+                                         bool sensitive);
+
+  // Shared helper for CreateFromPrivateKeyInfo() and
+  // CreateSensitiveFromPrivateKeyInfo().
+  // Note: |permanent| is only supported when USE_NSS_CERTS is defined.
+  static RSAPrivateKey* CreateFromPrivateKeyInfoWithParams(
+      PK11SlotInfo* slot,
+      const std::vector<uint8>& input,
+      bool permanent,
+      bool sensitive);
+#endif
+
+#if defined(USE_NSS_CERTS)
+  // Import an existing public key. The format of the public key blob
+  // is an X509 SubjectPublicKeyInfo block. This can return NULL if
+  // initialization fails.  The caller takes ownership of the returned
+  // object. Note that this method doesn't initialize the |key_| member.
+  static RSAPrivateKey* InitPublicPart(const std::vector<uint8>& input);
+#endif
+
 #if defined(USE_OPENSSL)
   EVP_PKEY* key_;
 #else
author	spang <spang@chromium.org>	2015-05-01 14:01:57 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-05-01 21:02:38 +0000
commit	9ce3458d9a03b38ca717291d08d564e12fd8254a (patch)
tree	b0f4570294cfb11e72f16cf0e424f40313ff2fdb /crypto/rsa_private_key.h
parent	c10dfc7c662c078a7310e6c7d6041763150ce494 (diff)
download	chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.zip chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.gz chromium_src-9ce3458d9a03b38ca717291d08d564e12fd8254a.tar.bz2