diff options
| author | gspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-07 17:34:21 +0000 |
|---|---|---|
| committer | gspencer@chromium.org <gspencer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-07 17:34:21 +0000 |
| commit | 6a89ef2c78c7b2ae2b56b3c50cafb493cedfd8d7 (patch) | |
| tree | a042bc9c8386ceb3090eee5ea12028bb31b9b33d /net/base | |
| parent | 2eea9bc97ca82d9221f58f12e1ee612da4042080 (diff) | |
| download | chromium_src-6a89ef2c78c7b2ae2b56b3c50cafb493cedfd8d7.zip chromium_src-6a89ef2c78c7b2ae2b56b3c50cafb493cedfd8d7.tar.gz chromium_src-6a89ef2c78c7b2ae2b56b3c50cafb493cedfd8d7.tar.bz2 | |
This change loads opencryptoki and uses the TPM for keygen tags.
on ChromeOS.
After this change, on ChromeOS we will use the TPM to generate keys
for keygen tags in forms. NSS will also have opencryptoki loaded so
it can talk to the TPM.
BUG=chromium-os:12416, chromium-os:12417
TEST=Generated keys on a ChromeOS device.
Review URL: http://codereview.chromium.org/6667020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80806 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/cert_database.h | 8 | ||||
| -rw-r--r-- | net/base/cert_database_nss.cc | 18 | ||||
| -rw-r--r-- | net/base/cert_database_nss_unittest.cc | 2 | ||||
| -rw-r--r-- | net/base/cert_database_openssl.cc | 8 | ||||
| -rw-r--r-- | net/base/keygen_handler_nss.cc | 10 |
5 files changed, 33 insertions, 13 deletions
diff --git a/net/base/cert_database.h b/net/base/cert_database.h index c03bca9..4204578 100644 --- a/net/base/cert_database.h +++ b/net/base/cert_database.h @@ -93,9 +93,13 @@ class CertDatabase { // instance of all certificates.) void ListCerts(CertificateList* certs); - // Get the default module. + // Get the default module for public key data. // The returned pointer must be stored in a scoped_refptr<CryptoModule>. - CryptoModule* GetDefaultModule() const; + CryptoModule* GetPublicModule() const; + + // Get the default module for private key or mixed private/public key data. + // The returned pointer must be stored in a scoped_refptr<CryptoModule>. + CryptoModule* GetPrivateModule() const; // Get all modules. // If |need_rw| is true, only writable modules will be returned. diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc index b8a8e30..c8e1e56 100644 --- a/net/base/cert_database_nss.cc +++ b/net/base/cert_database_nss.cc @@ -109,11 +109,21 @@ void CertDatabase::ListCerts(CertificateList* certs) { CERT_DestroyCertList(cert_list); } -CryptoModule* CertDatabase::GetDefaultModule() const { +CryptoModule* CertDatabase::GetPublicModule() const { CryptoModule* module = - CryptoModule::CreateFromHandle(base::GetDefaultNSSKeySlot()); - // The module is already referenced when returned from GetDefaultNSSKeymodule, - // so we need to deref it once. + CryptoModule::CreateFromHandle(base::GetPublicNSSKeySlot()); + // The module is already referenced when returned from + // GetPublicNSSKeySlot, so we need to deref it once. + PK11_FreeSlot(module->os_module_handle()); + + return module; +} + +CryptoModule* CertDatabase::GetPrivateModule() const { + CryptoModule* module = + CryptoModule::CreateFromHandle(base::GetPrivateNSSKeySlot()); + // The module is already referenced when returned from + // GetPrivateNSSKeySlot, so we need to deref it once. PK11_FreeSlot(module->os_module_handle()); return module; diff --git a/net/base/cert_database_nss_unittest.cc b/net/base/cert_database_nss_unittest.cc index 37d48ff..6d47260b 100644 --- a/net/base/cert_database_nss_unittest.cc +++ b/net/base/cert_database_nss_unittest.cc @@ -112,7 +112,7 @@ class CertDatabaseNSSTest : public testing::Test { "CertDatabaseNSSTest db")); temp_db_initialized_ = true; } - slot_ = cert_db_.GetDefaultModule(); + slot_ = cert_db_.GetPublicModule(); // Test db should be empty at start of test. EXPECT_EQ(0U, ListCertsInSlot(slot_->os_module_handle()).size()); diff --git a/net/base/cert_database_openssl.cc b/net/base/cert_database_openssl.cc index 4de96fa..01ac118 100644 --- a/net/base/cert_database_openssl.cc +++ b/net/base/cert_database_openssl.cc @@ -41,7 +41,13 @@ void CertDatabase::ListCerts(CertificateList* certs) { NOTIMPLEMENTED(); } -CryptoModule* CertDatabase::GetDefaultModule() const { +CryptoModule* CertDatabase::GetPublicModule() const { + // TODO(bulach): implement me. + NOTIMPLEMENTED(); + return NULL; +} + +CryptoModule* CertDatabase::GetPrivateModule() const { // TODO(bulach): implement me. NOTIMPLEMENTED(); return NULL; diff --git a/net/base/keygen_handler_nss.cc b/net/base/keygen_handler_nss.cc index 74fb9a6..80af39e 100644 --- a/net/base/keygen_handler_nss.cc +++ b/net/base/keygen_handler_nss.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -20,17 +20,17 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { // Ensure NSS is initialized. base::EnsureNSSInit(); - // TODO(mattm): allow choosing which slot to generate and store the key? - base::ScopedPK11Slot slot(base::GetDefaultNSSKeySlot()); + // TODO(mattm): allow choosing which slot to generate and store the key. + base::ScopedPK11Slot slot(base::GetPrivateNSSKeySlot()); if (!slot.get()) { - LOG(ERROR) << "Couldn't get internal key slot!"; + LOG(ERROR) << "Couldn't get private key slot from NSS!"; return std::string(); } // Authenticate to the token. if (SECSuccess != PK11_Authenticate(slot.get(), PR_TRUE, crypto_module_password_delegate_.get())) { - LOG(ERROR) << "Couldn't authenticate to internal key slot!"; + LOG(ERROR) << "Couldn't authenticate to private key slot!"; return std::string(); } |