diff options
| author | rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-14 17:37:14 +0000 |
|---|---|---|
| committer | rvargas@google.com <rvargas@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-14 17:37:14 +0000 |
| commit | 4b559b4ddffc0b7f688019bcb80658f05e063af7 (patch) | |
| tree | 0be21d8914de707f5125d2cb66733cbcf088606c /net | |
| parent | 056dd45d610de34312344445d7b078a31f4a1e20 (diff) | |
| download | chromium_src-4b559b4ddffc0b7f688019bcb80658f05e063af7.zip chromium_src-4b559b4ddffc0b7f688019bcb80658f05e063af7.tar.gz chromium_src-4b559b4ddffc0b7f688019bcb80658f05e063af7.tar.bz2 | |
Move crypto files out of base, to a top level directory.
src/crypto is now an independent project that contains our
cryptographic primitives (except md5 and sha1).
This removes the base dependency from nss, openssl and sqlite.
BUG=76996
TEST=none
Review URL: http://codereview.chromium.org/6805019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81611 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
40 files changed, 194 insertions, 200 deletions
@@ -1,4 +1,5 @@ include_rules = [ + "+crypto", "+third_party/libevent", "+third_party/nss", "+third_party/zlib", diff --git a/net/base/cert_database_mac.cc b/net/base/cert_database_mac.cc index 05854fc..06b036f 100644 --- a/net/base/cert_database_mac.cc +++ b/net/base/cert_database_mac.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -6,9 +6,9 @@ #include <Security/Security.h> -#include "base/crypto/mac_security_services_lock.h" #include "base/logging.h" #include "base/synchronization/lock.h" +#include "crypto/mac_security_services_lock.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" @@ -43,7 +43,7 @@ int CertDatabase::CheckUserCert(X509Certificate* cert) { int CertDatabase::AddUserCert(X509Certificate* cert) { OSStatus err; { - base::AutoLock locked(base::GetMacSecurityServicesLock()); + base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecCertificateAddToKeychain(cert->os_cert_handle(), NULL); } switch (err) { diff --git a/net/base/cert_database_nss.cc b/net/base/cert_database_nss.cc index 1cc5bfb..1e753de 100644 --- a/net/base/cert_database_nss.cc +++ b/net/base/cert_database_nss.cc @@ -12,8 +12,8 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" -#include "base/nss_util.h" -#include "base/nss_util_internal.h" +#include "crypto/nss_util.h" +#include "crypto/nss_util_internal.h" #include "net/base/crypto_module.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" @@ -27,7 +27,7 @@ namespace psm = mozilla_security_manager; namespace net { CertDatabase::CertDatabase() { - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); psm::EnsurePKCS12Init(); } @@ -78,7 +78,7 @@ int CertDatabase::AddUserCert(X509Certificate* cert_obj) { nickname = username + "'s " + ca_name + " ID"; { - base::AutoNSSWriteLock lock; + crypto::AutoNSSWriteLock lock; slot = PK11_ImportCertForKey(cert, const_cast<char*>(nickname.c_str()), NULL); @@ -111,7 +111,7 @@ void CertDatabase::ListCerts(CertificateList* certs) { CryptoModule* CertDatabase::GetPublicModule() const { CryptoModule* module = - CryptoModule::CreateFromHandle(base::GetPublicNSSKeySlot()); + CryptoModule::CreateFromHandle(crypto::GetPublicNSSKeySlot()); // The module is already referenced when returned from // GetPublicNSSKeySlot, so we need to deref it once. PK11_FreeSlot(module->os_module_handle()); @@ -121,7 +121,7 @@ CryptoModule* CertDatabase::GetPublicModule() const { CryptoModule* CertDatabase::GetPrivateModule() const { CryptoModule* module = - CryptoModule::CreateFromHandle(base::GetPrivateNSSKeySlot()); + CryptoModule::CreateFromHandle(crypto::GetPrivateNSSKeySlot()); // The module is already referenced when returned from // GetPrivateNSSKeySlot, so we need to deref it once. PK11_FreeSlot(module->os_module_handle()); diff --git a/net/base/cert_database_nss_unittest.cc b/net/base/cert_database_nss_unittest.cc index 6d47260b..0bdc61a 100644 --- a/net/base/cert_database_nss_unittest.cc +++ b/net/base/cert_database_nss_unittest.cc @@ -7,16 +7,16 @@ #include <algorithm> -#include "base/crypto/scoped_nss_types.h" #include "base/file_path.h" #include "base/file_util.h" #include "base/lazy_instance.h" #include "base/memory/scoped_temp_dir.h" -#include "base/nss_util.h" -#include "base/nss_util_internal.h" #include "base/path_service.h" #include "base/string_util.h" #include "base/utf_string_conversions.h" +#include "crypto/nss_util.h" +#include "crypto/nss_util_internal.h" +#include "crypto/scoped_nss_types.h" #include "net/base/cert_database.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_verify_result.h" @@ -108,8 +108,8 @@ class CertDatabaseNSSTest : public testing::Test { if (!temp_db_initialized_) { ASSERT_TRUE(temp_db_dir_.Get().CreateUniqueTempDir()); ASSERT_TRUE( - base::OpenTestNSSDB(temp_db_dir_.Get().path(), - "CertDatabaseNSSTest db")); + crypto::OpenTestNSSDB(temp_db_dir_.Get().path(), + "CertDatabaseNSSTest db")); temp_db_initialized_ = true; } slot_ = cert_db_.GetPublicModule(); diff --git a/net/base/dnssec_chain_verifier.cc b/net/base/dnssec_chain_verifier.cc index a915686..e3eeee7 100644 --- a/net/base/dnssec_chain_verifier.cc +++ b/net/base/dnssec_chain_verifier.cc @@ -7,8 +7,8 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/sha1.h" -#include "base/sha2.h" #include "base/string_util.h" +#include "crypto/sha2.h" #include "net/base/dns_util.h" #include "net/base/dnssec_keyset.h" @@ -516,7 +516,7 @@ bool DNSSECChainVerifier::DigestKey(base::StringPiece* out, uint16 keyid, uint8 algorithm) { std::string temp; - uint8 temp2[base::SHA256_LENGTH]; + uint8 temp2[crypto::SHA256_LENGTH]; const uint8* digest; unsigned digest_len; @@ -527,7 +527,7 @@ bool DNSSECChainVerifier::DigestKey(base::StringPiece* out, digest = reinterpret_cast<const uint8*>(temp.data()); digest_len = base::SHA1_LENGTH; } else if (digest_type == kDNSSEC_SHA256) { - base::SHA256HashString(input, temp2, sizeof(temp2)); + crypto::SHA256HashString(input, temp2, sizeof(temp2)); digest = temp2; digest_len = sizeof(temp2); } else { diff --git a/net/base/dnssec_keyset.cc b/net/base/dnssec_keyset.cc index 29dfc86..1cb8c73 100644 --- a/net/base/dnssec_keyset.cc +++ b/net/base/dnssec_keyset.cc @@ -10,8 +10,8 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" -#include "base/nss_util.h" #include "base/time.h" +#include "crypto/nss_util.h" #include "net/base/dns_util.h" namespace { @@ -193,13 +193,13 @@ bool DNSSECKeySet::VerifySignature( base::StringPiece public_key, base::StringPiece signed_data) { // This code is largely a copy-and-paste from - // base/crypto/signature_verifier_nss.cc. We can't change - // base::SignatureVerifier to always use NSS because we want the ability to - // be FIPS 140-2 compliant. However, we can't use base::SignatureVerifier + // crypto/signature_verifier_nss.cc. We can't change + // crypto::SignatureVerifier to always use NSS because we want the ability to + // be FIPS 140-2 compliant. However, we can't use crypto::SignatureVerifier // here because some platforms don't support SHA256 signatures. Therefore, we // use NSS directly. - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); CERTSubjectPublicKeyInfo* spki = NULL; SECItem spki_der; diff --git a/net/base/dnssec_keyset.h b/net/base/dnssec_keyset.h index 58bd288..968063f 100644 --- a/net/base/dnssec_keyset.h +++ b/net/base/dnssec_keyset.h @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -12,7 +12,7 @@ namespace net { -// DNSSECKeySet function wraps base/crypto/signature_verifier.h to accept +// DNSSECKeySet function wraps crypto/signature_verifier.h to accept // DNSSEC encodings. (See RFC 4043) class DNSSECKeySet { public: diff --git a/net/base/keygen_handler.cc b/net/base/keygen_handler.cc index 8c88b4d..7d63f4d 100644 --- a/net/base/keygen_handler.cc +++ b/net/base/keygen_handler.cc @@ -1,13 +1,9 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/base/keygen_handler.h" -#if defined(USE_NSS) -#include "base/crypto/crypto_module_blocking_password_delegate.h" -#endif - namespace net { // The constructor and destructor must be defined in a .cc file so that diff --git a/net/base/keygen_handler.h b/net/base/keygen_handler.h index 4dd7bbf..6927763 100644 --- a/net/base/keygen_handler.h +++ b/net/base/keygen_handler.h @@ -13,9 +13,7 @@ #include "googleurl/src/gurl.h" #if defined(USE_NSS) -namespace base { -class CryptoModuleBlockingPasswordDelegate; -}; +#include "crypto/crypto_module_blocking_password_delegate.h" #endif // defined(USE_NSS) namespace net { @@ -48,7 +46,7 @@ class KeygenHandler { // password callback is okay here. // Takes ownership of the delegate. void set_crypto_module_password_delegate( - base::CryptoModuleBlockingPasswordDelegate* delegate); + crypto::CryptoModuleBlockingPasswordDelegate* delegate); #endif // defined(USE_NSS) private: @@ -58,7 +56,7 @@ class KeygenHandler { bool stores_key_; // should the generated key-pair be stored persistently? #if defined(USE_NSS) // The callback for requesting a password to the PKCS#11 token. - scoped_ptr<base::CryptoModuleBlockingPasswordDelegate> + scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> crypto_module_password_delegate_; #endif // defined(USE_NSS) }; diff --git a/net/base/keygen_handler_mac.cc b/net/base/keygen_handler_mac.cc index cfd72bb..1bb4038 100644 --- a/net/base/keygen_handler_mac.cc +++ b/net/base/keygen_handler_mac.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -9,13 +9,13 @@ #include <Security/Security.h> #include "base/base64.h" -#include "base/crypto/cssm_init.h" -#include "base/crypto/mac_security_services_lock.h" #include "base/logging.h" #include "base/mac/scoped_cftyperef.h" #include "base/string_util.h" #include "base/synchronization/lock.h" #include "base/sys_string_conversions.h" +#include "crypto/cssm_init.h" +#include "crypto/mac_security_services_lock.h" // These are in Security.framework but not declared in a public header. extern const SecAsn1Template kSecAsn1AlgorithmIDTemplate[]; @@ -121,7 +121,7 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { err = SecAccessCreate(label, NULL, &initial_access); // If we fail, just continue without a label. if (err) - base::LogCSSMError("SecAccessCreate", err); + crypto::LogCSSMError("SecAccessCreate", err); } // Create the key-pair. @@ -135,7 +135,7 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { err = SecKeychainItemExport(public_key, kSecFormatBSAFE, 0, NULL, &key_data); if (err) { - base::LogCSSMError("SecKeychainItemExpor", err); + crypto::LogCSSMError("SecKeychainItemExpor", err); goto failure; } base::mac::ScopedCFTypeRef<CFDataRef> scoped_key_data(key_data); @@ -143,7 +143,7 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { // Create an ASN.1 encoder. err = SecAsn1CoderCreate(&coder); if (err) { - base::LogCSSMError("SecAsn1CoderCreate", err); + crypto::LogCSSMError("SecAsn1CoderCreate", err); goto failure; } @@ -163,7 +163,7 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { err = SecAsn1EncodeItem(coder, &spkac.pkac, kPublicKeyAndChallengeTemplate, &encoded); if (err) { - base::LogCSSMError("SecAsn1EncodeItem", err); + crypto::LogCSSMError("SecAsn1EncodeItem", err); goto failure; } @@ -181,7 +181,7 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { err = SecAsn1EncodeItem(coder, &spkac, kSignedPublicKeyAndChallengeTemplate, &encoded); if (err) { - base::LogCSSMError("SecAsn1EncodeItem", err); + crypto::LogCSSMError("SecAsn1EncodeItem", err); goto failure; } @@ -230,12 +230,12 @@ static OSStatus CreateRSAKeyPair(int size_in_bits, SecKeychainRef keychain; err = SecKeychainCopyDefault(&keychain); if (err) { - base::LogCSSMError("SecKeychainCopyDefault", err); + crypto::LogCSSMError("SecKeychainCopyDefault", err); return err; } base::mac::ScopedCFTypeRef<SecKeychainRef> scoped_keychain(keychain); { - base::AutoLock locked(base::GetMacSecurityServicesLock()); + base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecKeyCreatePair( keychain, CSSM_ALGID_RSA, @@ -252,7 +252,7 @@ static OSStatus CreateRSAKeyPair(int size_in_bits, out_pub_key, out_priv_key); } if (err) - base::LogCSSMError("SecKeyCreatePair", err); + crypto::LogCSSMError("SecKeyCreatePair", err); return err; } @@ -262,34 +262,34 @@ static OSStatus CreateSignatureContext(SecKeyRef key, OSStatus err; const CSSM_ACCESS_CREDENTIALS* credentials = NULL; { - base::AutoLock locked(base::GetMacSecurityServicesLock()); + base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN, kSecCredentialTypeDefault, &credentials); } if (err) { - base::LogCSSMError("SecKeyGetCredentials", err); + crypto::LogCSSMError("SecKeyGetCredentials", err); return err; } CSSM_CSP_HANDLE csp_handle = 0; { - base::AutoLock locked(base::GetMacSecurityServicesLock()); + base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecKeyGetCSPHandle(key, &csp_handle); } if (err) { - base::LogCSSMError("SecKeyGetCSPHandle", err); + crypto::LogCSSMError("SecKeyGetCSPHandle", err); return err; } const CSSM_KEY* cssm_key = NULL; { - base::AutoLock locked(base::GetMacSecurityServicesLock()); + base::AutoLock locked(crypto::GetMacSecurityServicesLock()); err = SecKeyGetCSSMKey(key, &cssm_key); } if (err) { - base::LogCSSMError("SecKeyGetCSSMKey", err); + crypto::LogCSSMError("SecKeyGetCSSMKey", err); return err; } @@ -299,7 +299,7 @@ static OSStatus CreateSignatureContext(SecKeyRef key, cssm_key, out_cc_handle); if (err) - base::LogCSSMError("CSSM_CSP_CreateSignatureContext", err); + crypto::LogCSSMError("CSSM_CSP_CreateSignatureContext", err); return err; } @@ -311,12 +311,12 @@ static OSStatus SignData(CSSM_DATA data, CSSM_ALGID_MD5WithRSA, &cc_handle); if (err) { - base::LogCSSMError("CreateSignatureContext", err); + crypto::LogCSSMError("CreateSignatureContext", err); return err; } err = CSSM_SignData(cc_handle, &data, 1, CSSM_ALGID_NONE, signature); if (err) - base::LogCSSMError("CSSM_SignData", err); + crypto::LogCSSMError("CSSM_SignData", err); CSSM_DeleteContext(cc_handle); return err; } diff --git a/net/base/keygen_handler_nss.cc b/net/base/keygen_handler_nss.cc index 80af39e..5e97807 100644 --- a/net/base/keygen_handler_nss.cc +++ b/net/base/keygen_handler_nss.cc @@ -4,11 +4,11 @@ #include "net/base/keygen_handler.h" -#include "base/crypto/crypto_module_blocking_password_delegate.h" -#include "base/crypto/scoped_nss_types.h" #include "base/logging.h" -#include "base/nss_util.h" -#include "base/nss_util_internal.h" +#include "crypto/crypto_module_blocking_password_delegate.h" +#include "crypto/nss_util.h" +#include "crypto/nss_util_internal.h" +#include "crypto/scoped_nss_types.h" #include "net/third_party/mozilla_security_manager/nsKeygenHandler.h" // PSM = Mozilla's Personal Security Manager. @@ -18,10 +18,10 @@ namespace net { std::string KeygenHandler::GenKeyAndSignChallenge() { // Ensure NSS is initialized. - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); // TODO(mattm): allow choosing which slot to generate and store the key. - base::ScopedPK11Slot slot(base::GetPrivateNSSKeySlot()); + crypto::ScopedPK11Slot slot(crypto::GetPrivateNSSKeySlot()); if (!slot.get()) { LOG(ERROR) << "Couldn't get private key slot from NSS!"; return std::string(); @@ -39,7 +39,7 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { } void KeygenHandler::set_crypto_module_password_delegate( - base::CryptoModuleBlockingPasswordDelegate* delegate) { + crypto::CryptoModuleBlockingPasswordDelegate* delegate) { crypto_module_password_delegate_.reset(delegate); } diff --git a/net/base/keygen_handler_openssl.cc b/net/base/keygen_handler_openssl.cc index 0bfa734..cc6be2d 100644 --- a/net/base/keygen_handler_openssl.cc +++ b/net/base/keygen_handler_openssl.cc @@ -6,23 +6,23 @@ #include <openssl/ssl.h> -#include "base/crypto/rsa_private_key.h" #include "base/logging.h" #include "base/memory/scoped_ptr.h" -#include "base/openssl_util.h" +#include "crypto/openssl_util.h" +#include "crypto/rsa_private_key.h" #include "net/base/openssl_private_key_store.h" namespace net { std::string KeygenHandler::GenKeyAndSignChallenge() { - scoped_ptr<base::RSAPrivateKey> key( - base::RSAPrivateKey::Create(key_size_in_bits_)); + scoped_ptr<crypto::RSAPrivateKey> key( + crypto::RSAPrivateKey::Create(key_size_in_bits_)); EVP_PKEY* pkey = key->key(); if (stores_key_) OpenSSLPrivateKeyStore::GetInstance()->StorePrivateKey(url_, pkey); - base::ScopedOpenSSL<NETSCAPE_SPKI, NETSCAPE_SPKI_free> spki( + crypto::ScopedOpenSSL<NETSCAPE_SPKI, NETSCAPE_SPKI_free> spki( NETSCAPE_SPKI_new()); ASN1_STRING_set(spki.get()->spkac->challenge, challenge_.data(), challenge_.size()); diff --git a/net/base/keygen_handler_unittest.cc b/net/base/keygen_handler_unittest.cc index ee60cee..52c7edf 100644 --- a/net/base/keygen_handler_unittest.cc +++ b/net/base/keygen_handler_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -9,11 +9,11 @@ #include "build/build_config.h" #include "base/base64.h" #include "base/logging.h" -#include "base/nss_util.h" #include "base/task.h" #include "base/threading/worker_pool.h" #include "base/threading/thread_restrictions.h" #include "base/synchronization/waitable_event.h" +#include "crypto/nss_util.h" #include "testing/gtest/include/gtest/gtest.h" #if defined(USE_NSS) @@ -31,7 +31,7 @@ class KeygenHandlerTest : public ::testing::Test { virtual void SetUp() { #if defined(OS_CHROMEOS) - base::OpenPersistentNSSDB(); + crypto::OpenPersistentNSSDB(); #endif } }; diff --git a/net/base/keygen_handler_win.cc b/net/base/keygen_handler_win.cc index 6d30da6..bbe86f0 100644 --- a/net/base/keygen_handler_win.cc +++ b/net/base/keygen_handler_win.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -16,12 +16,13 @@ #include "base/base64.h" #include "base/basictypes.h" -#include "base/crypto/capi_util.h" -#include "base/crypto/scoped_capi_types.h" #include "base/logging.h" #include "base/string_piece.h" #include "base/string_util.h" #include "base/utf_string_conversions.h" +#include "crypto/capi_util.h" +#include "crypto/scoped_capi_types.h" + namespace net { @@ -143,13 +144,13 @@ struct KeyContainer { provider_.reset(); if (delete_keyset_ && !key_id_.empty()) { HCRYPTPROV provider; - base::CryptAcquireContextLocked(&provider, key_id_.c_str(), NULL, + crypto::CryptAcquireContextLocked(&provider, key_id_.c_str(), NULL, PROV_RSA_FULL, CRYPT_SILENT | CRYPT_DELETEKEYSET); } } } - base::ScopedHCRYPTPROV provider_; + crypto::ScopedHCRYPTPROV provider_; std::wstring key_id_; private: @@ -176,9 +177,9 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { // Only create new key containers, so that existing key containers are not // overwritten. - if (base::CryptAcquireContextLocked(key_container.provider_.receive(), - key_container.key_id_.c_str(), NULL, PROV_RSA_FULL, - CRYPT_SILENT | CRYPT_NEWKEYSET)) + if (crypto::CryptAcquireContextLocked(key_container.provider_.receive(), + key_container.key_id_.c_str(), NULL, PROV_RSA_FULL, + CRYPT_SILENT | CRYPT_NEWKEYSET)) break; if (GetLastError() != NTE_BAD_KEYSET) { @@ -194,7 +195,7 @@ std::string KeygenHandler::GenKeyAndSignChallenge() { } { - base::ScopedHCRYPTKEY key; + crypto::ScopedHCRYPTKEY key; if (!CryptGenKey(key_container.provider_, CALG_RSA_KEYX, (key_size_in_bits_ << 16) | CRYPT_EXPORTABLE, key.receive())) { LOG(ERROR) << "Keygen failed: Couldn't generate an RSA key"; diff --git a/net/base/openssl_memory_private_key_store.cc b/net/base/openssl_memory_private_key_store.cc index 2d42e3e..92716f2 100644 --- a/net/base/openssl_memory_private_key_store.cc +++ b/net/base/openssl_memory_private_key_store.cc @@ -10,7 +10,6 @@ #include "base/logging.h" #include "base/memory/singleton.h" -#include "base/openssl_util.h" #include "base/synchronization/lock.h" #include "net/base/x509_certificate.h" diff --git a/net/base/run_all_unittests.cc b/net/base/run_all_unittests.cc index bec0da2..a844354 100644 --- a/net/base/run_all_unittests.cc +++ b/net/base/run_all_unittests.cc @@ -4,7 +4,7 @@ #include "build/build_config.h" #include "base/metrics/histogram.h" -#include "base/nss_util.h" +#include "crypto/nss_util.h" #include "net/base/net_test_suite.h" #include "net/socket/client_socket_pool_base.h" @@ -18,7 +18,7 @@ int main(int argc, char** argv) { #if defined(OS_WIN) // We want to be sure to init NSPR on the main thread. - base::EnsureNSPRInit(); + crypto::EnsureNSPRInit(); #endif return test_suite.Run(); diff --git a/net/base/sdch_manager.cc b/net/base/sdch_manager.cc index 9d4d496..0c16455 100644 --- a/net/base/sdch_manager.cc +++ b/net/base/sdch_manager.cc @@ -7,9 +7,9 @@ #include "base/base64.h" #include "base/logging.h" #include "base/metrics/histogram.h" -#include "base/sha2.h" #include "base/string_number_conversions.h" #include "base/string_util.h" +#include "crypto/sha2.h" #include "net/base/registry_controlled_domain.h" #include "net/url_request/url_request_http_job.h" @@ -496,7 +496,7 @@ void SdchManager::GetAvailDictionaryList(const GURL& target_url, void SdchManager::GenerateHash(const std::string& dictionary_text, std::string* client_hash, std::string* server_hash) { char binary_hash[32]; - base::SHA256HashString(dictionary_text, binary_hash, sizeof(binary_hash)); + crypto::SHA256HashString(dictionary_text, binary_hash, sizeof(binary_hash)); std::string first_48_bits(&binary_hash[0], 6); std::string second_48_bits(&binary_hash[6], 6); diff --git a/net/base/test_root_certs_nss.cc b/net/base/test_root_certs_nss.cc index ae5ff5c..70c8133 100644 --- a/net/base/test_root_certs_nss.cc +++ b/net/base/test_root_certs_nss.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -7,8 +7,8 @@ #include <cert.h> #include "base/logging.h" -#include "base/nss_util.h" #include "base/stl_util-inl.h" +#include "crypto/nss_util.h" #include "net/base/x509_certificate.h" namespace net { @@ -113,7 +113,7 @@ TestRootCerts::~TestRootCerts() { } void TestRootCerts::Init() { - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); } } // namespace net diff --git a/net/base/test_root_certs_openssl.cc b/net/base/test_root_certs_openssl.cc index 8307703..6016e33 100644 --- a/net/base/test_root_certs_openssl.cc +++ b/net/base/test_root_certs_openssl.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -8,8 +8,8 @@ #include <openssl/x509v3.h> #include "base/logging.h" -#include "base/openssl_util.h" #include "base/tracked.h" +#include "crypto/openssl_util.h" #include "net/base/x509_certificate.h" namespace net { @@ -20,7 +20,7 @@ bool TestRootCerts::Add(X509Certificate* certificate) { unsigned long error_code = ERR_peek_error(); if (ERR_GET_LIB(error_code) != ERR_LIB_X509 || ERR_GET_REASON(error_code) != X509_R_CERT_ALREADY_IN_HASH_TABLE) { - base::ClearOpenSSLERRStack(FROM_HERE); + crypto::ClearOpenSSLERRStack(FROM_HERE); return false; } ERR_clear_error(); diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc index 78f3227..8644032 100644 --- a/net/base/transport_security_state.cc +++ b/net/base/transport_security_state.cc @@ -10,12 +10,12 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/sha1.h" -#include "base/sha2.h" #include "base/string_number_conversions.h" #include "base/string_tokenizer.h" #include "base/string_util.h" #include "base/utf_string_conversions.h" #include "base/values.h" +#include "crypto/sha2.h" #include "googleurl/src/gurl.h" #include "net/base/dns_util.h" @@ -40,8 +40,8 @@ void TransportSecurityState::EnableHost(const std::string& host, if (IsPreloadedSTS(canonicalized_host, true, &temp)) return; - char hashed[base::SHA256_LENGTH]; - base::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); + char hashed[crypto::SHA256_LENGTH]; + crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); // Use the original creation date if we already have this host. DomainState state_copy(state); @@ -62,8 +62,8 @@ bool TransportSecurityState::DeleteHost(const std::string& host) { if (canonicalized_host.empty()) return false; - char hashed[base::SHA256_LENGTH]; - base::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); + char hashed[crypto::SHA256_LENGTH]; + crypto::SHA256HashString(canonicalized_host, hashed, sizeof(hashed)); std::map<std::string, DomainState>::iterator i = enabled_hosts_.find( std::string(hashed, sizeof(hashed))); @@ -103,10 +103,10 @@ bool TransportSecurityState::IsEnabledForHost(DomainState* result, base::Time current_time(base::Time::Now()); for (size_t i = 0; canonicalized_host[i]; i += canonicalized_host[i] + 1) { - char hashed_domain[base::SHA256_LENGTH]; + char hashed_domain[crypto::SHA256_LENGTH]; - base::SHA256HashString(IncludeNUL(&canonicalized_host[i]), &hashed_domain, - sizeof(hashed_domain)); + crypto::SHA256HashString(IncludeNUL(&canonicalized_host[i]), &hashed_domain, + sizeof(hashed_domain)); std::map<std::string, DomainState>::iterator j = enabled_hosts_.find(std::string(hashed_domain, sizeof(hashed_domain))); if (j == enabled_hosts_.end()) @@ -285,7 +285,7 @@ static std::string HashedDomainToExternalString(const std::string& hashed) { static std::string ExternalStringToHashedDomain(const std::string& external) { std::string out; if (!base::Base64Decode(external, &out) || - out.size() != base::SHA256_LENGTH) { + out.size() != crypto::SHA256_LENGTH) { return std::string(); } diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h index a6896e9..7f2c881 100644 --- a/net/base/x509_certificate.h +++ b/net/base/x509_certificate.h @@ -36,10 +36,10 @@ struct CERTCertificateStr; class Pickle; -namespace base { +namespace crypto { class StringPiece; class RSAPrivateKey; -} // namespace base +} // namespace crypto namespace net { @@ -176,7 +176,7 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> { // 2. Self-signed certificates cannot be revoked. // // Use this certificate only after the above risks are acknowledged. - static X509Certificate* CreateSelfSigned(base::RSAPrivateKey* key, + static X509Certificate* CreateSelfSigned(crypto::RSAPrivateKey* key, const std::string& subject, uint32 serial_number, base::TimeDelta valid_duration); diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc index 3156e56..a60b240 100644 --- a/net/base/x509_certificate_mac.cc +++ b/net/base/x509_certificate_mac.cc @@ -10,16 +10,16 @@ #include <vector> -#include "base/crypto/cssm_init.h" -#include "base/crypto/rsa_private_key.h" #include "base/lazy_instance.h" #include "base/logging.h" #include "base/mac/scoped_cftyperef.h" #include "base/memory/singleton.h" -#include "base/nss_util.h" #include "base/pickle.h" #include "base/sha1.h" #include "base/sys_string_conversions.h" +#include "crypto/cssm_init.h" +#include "crypto/nss_util.h" +#include "crypto/rsa_private_key.h" #include "net/base/asn1_util.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_verify_result.h" @@ -485,11 +485,11 @@ class ScopedEncodedCertResults { CSSM_ENCODED_CERT* encCert = reinterpret_cast<CSSM_ENCODED_CERT*>(results_->Results); for (uint32 i = 0; i < results_->NumberOfResults; i++) { - base::CSSMFree(encCert[i].CertBlob.Data); + crypto::CSSMFree(encCert[i].CertBlob.Data); } } - base::CSSMFree(results_->Results); - base::CSSMFree(results_); + crypto::CSSMFree(results_->Results); + crypto::CSSMFree(results_); } private: @@ -566,7 +566,7 @@ X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle, // static X509Certificate* X509Certificate::CreateSelfSigned( - base::RSAPrivateKey* key, + crypto::RSAPrivateKey* key, const std::string& subject, uint32 serial_number, base::TimeDelta valid_duration) { @@ -588,7 +588,7 @@ X509Certificate* X509Certificate::CreateSelfSigned( // NSS is used to parse the subject string into a set of // CSSM_OID/string pairs. There doesn't appear to be a system routine for // parsing Distinguished Name strings. - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); CSSMOIDStringVector subject_name_oids; ScopedCertName subject_name( @@ -617,8 +617,8 @@ X509Certificate* X509Certificate::CreateSelfSigned( // Set up a certificate request. CSSM_APPLE_TP_CERT_REQUEST certReq; memset(&certReq, 0, sizeof(certReq)); - certReq.cspHand = base::GetSharedCSPHandle(); - certReq.clHand = base::GetSharedCLHandle(); + certReq.cspHand = crypto::GetSharedCSPHandle(); + certReq.clHand = crypto::GetSharedCLHandle(); // See comment about serial numbers above. certReq.serialNumber = serial_number & 0x7fffffff; certReq.numSubjectNames = cssm_subject_names.size(); @@ -650,7 +650,7 @@ X509Certificate* X509Certificate::CreateSelfSigned( callerAuthContext.Policy.NumberOfPolicyIds = 1; callerAuthContext.Policy.PolicyIds = &policyId; - CSSM_TP_HANDLE tp_handle = base::GetSharedTPHandle(); + CSSM_TP_HANDLE tp_handle = crypto::GetSharedTPHandle(); CSSM_DATA refId; memset(&refId, 0, sizeof(refId)); sint32 estTime; @@ -667,7 +667,7 @@ X509Certificate* X509Certificate::CreateSelfSigned( crtn = CSSM_TP_RetrieveCredResult(tp_handle, &refId, NULL, &estTime, &confirmRequired, &resultSet); ScopedEncodedCertResults scopedResults(resultSet); - base::CSSMFree(refId.Data); + crypto::CSSMFree(refId.Data); if (crtn) { DLOG(ERROR) << "CSSM_TP_RetrieveCredResult failed " << crtn; return NULL; diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index 4b39f9e..56035fa 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -16,12 +16,12 @@ #include <sechash.h> #include <sslerr.h> -#include "base/crypto/rsa_private_key.h" #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/pickle.h" #include "base/time.h" -#include "base/nss_util.h" +#include "crypto/nss_util.h" +#include "crypto/rsa_private_key.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_verify_result.h" #include "net/base/ev_root_ca_metadata.h" @@ -278,7 +278,7 @@ void ParseDate(SECItem* der_date, base::Time* result) { PRTime prtime; SECStatus rv = DER_DecodeTimeChoice(&prtime, der_date); DCHECK(rv == SECSuccess); - *result = base::PRTimeToBaseTime(prtime); + *result = crypto::PRTimeToBaseTime(prtime); } void GetCertSubjectAltNamesOfType(X509Certificate::OSCertHandle cert_handle, @@ -662,7 +662,7 @@ X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle, // static X509Certificate* X509Certificate::CreateSelfSigned( - base::RSAPrivateKey* key, + crypto::RSAPrivateKey* key, const std::string& subject, uint32 serial_number, base::TimeDelta valid_duration) { @@ -926,7 +926,7 @@ X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( if (length < 0) return NULL; - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); if (!NSS_IsInitialized()) return NULL; @@ -948,7 +948,7 @@ X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes( if (length < 0) return results; - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); if (!NSS_IsInitialized()) return results; diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc index 687cfb5..52d9d4e 100644 --- a/net/base/x509_certificate_openssl.cc +++ b/net/base/x509_certificate_openssl.cc @@ -14,10 +14,10 @@ #include <openssl/x509v3.h> #include "base/memory/singleton.h" -#include "base/openssl_util.h" #include "base/pickle.h" #include "base/sha1.h" #include "base/string_number_conversions.h" +#include "crypto/openssl_util.h" #include "net/base/asn1_util.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_verify_result.h" @@ -33,9 +33,9 @@ namespace { void CreateOSCertHandlesFromPKCS7Bytes( const char* data, int length, X509Certificate::OSCertHandles* handles) { - base::EnsureOpenSSLInit(); + crypto::EnsureOpenSSLInit(); const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data); - base::ScopedOpenSSL<PKCS7, PKCS7_free> pkcs7_cert( + crypto::ScopedOpenSSL<PKCS7, PKCS7_free> pkcs7_cert( d2i_PKCS7(NULL, &der_data, length)); if (!pkcs7_cert.get()) return; @@ -101,7 +101,7 @@ void ParseSubjectAltNames(X509Certificate::OSCertHandle cert, if (!alt_name_ext) return; - base::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names( + crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names( reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext))); if (!alt_names.get()) return; @@ -228,14 +228,14 @@ class X509InitSingleton { private: friend struct DefaultSingletonTraits<X509InitSingleton>; X509InitSingleton() { - base::EnsureOpenSSLInit(); + crypto::EnsureOpenSSLInit(); der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free); DCHECK_NE(der_cache_ex_index_, -1); ResetCertStore(); } int der_cache_ex_index_; - base::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_; + crypto::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_; DISALLOW_COPY_AND_ASSIGN(X509InitSingleton); }; @@ -310,7 +310,7 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { } void X509Certificate::Initialize() { - base::EnsureOpenSSLInit(); + crypto::EnsureOpenSSLInit(); fingerprint_ = CalculateFingerprint(cert_handle_); ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); @@ -348,7 +348,7 @@ X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( const char* data, int length) { if (length < 0) return NULL; - base::EnsureOpenSSLInit(); + crypto::EnsureOpenSSLInit(); const unsigned char* d2i_data = reinterpret_cast<const unsigned char*>(data); // Don't cache this data via SetDERCache as this wire format may be not be @@ -397,7 +397,7 @@ X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle, // static X509Certificate* X509Certificate::CreateSelfSigned( - base::RSAPrivateKey* key, + crypto::RSAPrivateKey* key, const std::string& subject, uint32 serial_number, base::TimeDelta valid_duration) { @@ -446,10 +446,10 @@ int X509Certificate::Verify(const std::string& hostname, if (!VerifyHostname(hostname, cert_names)) verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; - base::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( + crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( X509_STORE_CTX_new()); - base::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( + crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( sk_X509_new_null()); if (!intermediates.get()) return ERR_OUT_OF_MEMORY; diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index e7f924f..f49e035 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -2,7 +2,6 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "base/crypto/rsa_private_key.h" #include "base/file_path.h" #include "base/file_util.h" #include "base/path_service.h" @@ -10,6 +9,7 @@ #include "base/sha1.h" #include "base/string_number_conversions.h" #include "base/string_split.h" +#include "crypto/rsa_private_key.h" #include "net/base/asn1_util.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_test_util.h" @@ -831,8 +831,8 @@ TEST(X509CertificateTest, IsIssuedBy) { // This test creates a self-signed cert from a private key and then verify the // content of the certificate. TEST(X509CertificateTest, CreateSelfSigned) { - scoped_ptr<base::RSAPrivateKey> private_key( - base::RSAPrivateKey::Create(1024)); + scoped_ptr<crypto::RSAPrivateKey> private_key( + crypto::RSAPrivateKey::Create(1024)); scoped_refptr<X509Certificate> cert = X509Certificate::CreateSelfSigned( private_key.get(), "CN=subject", 1, base::TimeDelta::FromDays(1)); @@ -927,7 +927,7 @@ TEST(X509CertificateTest, CreateSelfSigned) { input.resize(sizeof(private_key_info)); memcpy(&input.front(), private_key_info, sizeof(private_key_info)); - private_key.reset(base::RSAPrivateKey::CreateFromPrivateKeyInfo(input)); + private_key.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(input)); ASSERT_TRUE(private_key.get()); cert = X509Certificate::CreateSelfSigned( @@ -938,8 +938,8 @@ TEST(X509CertificateTest, CreateSelfSigned) { } TEST(X509CertificateTest, GetDEREncoded) { - scoped_ptr<base::RSAPrivateKey> private_key( - base::RSAPrivateKey::Create(1024)); + scoped_ptr<crypto::RSAPrivateKey> private_key( + crypto::RSAPrivateKey::Create(1024)); scoped_refptr<X509Certificate> cert = X509Certificate::CreateSelfSigned( private_key.get(), "CN=subject", 0, base::TimeDelta::FromDays(1)); diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc index f42fdc4..a1a3eae 100644 --- a/net/base/x509_certificate_win.cc +++ b/net/base/x509_certificate_win.cc @@ -4,8 +4,6 @@ #include "net/base/x509_certificate.h" -#include "base/crypto/rsa_private_key.h" -#include "base/crypto/scoped_capi_types.h" #include "base/lazy_instance.h" #include "base/logging.h" #include "base/pickle.h" @@ -13,6 +11,8 @@ #include "base/string_tokenizer.h" #include "base/string_util.h" #include "base/utf_string_conversions.h" +#include "crypto/rsa_private_key.h" +#include "crypto/scoped_capi_types.h" #include "net/base/asn1_util.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_verify_result.h" @@ -30,10 +30,10 @@ namespace net { namespace { -typedef base::ScopedCAPIHandle< +typedef crypto::ScopedCAPIHandle< HCERTSTORE, - base::CAPIDestroyerWithFlags<HCERTSTORE, - CertCloseStore, 0> > ScopedHCERTSTORE; + crypto::CAPIDestroyerWithFlags<HCERTSTORE, + CertCloseStore, 0> > ScopedHCERTSTORE; struct FreeChainEngineFunctor { void operator()(HCERTCHAINENGINE engine) const { @@ -42,7 +42,7 @@ struct FreeChainEngineFunctor { } }; -typedef base::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor> +typedef crypto::ScopedCAPIHandle<HCERTCHAINENGINE, FreeChainEngineFunctor> ScopedHCERTCHAINENGINE; //----------------------------------------------------------------------------- @@ -574,7 +574,7 @@ X509Certificate* X509Certificate::CreateFromPickle(const Pickle& pickle, // static X509Certificate* X509Certificate::CreateSelfSigned( - base::RSAPrivateKey* key, + crypto::RSAPrivateKey* key, const std::string& subject, uint32 serial_number, base::TimeDelta valid_duration) { diff --git a/net/http/des.cc b/net/http/des.cc index 30706e9..e9d6388 100644 --- a/net/http/des.cc +++ b/net/http/des.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -8,17 +8,17 @@ #if defined(USE_OPENSSL) #include <openssl/des.h> -#include "base/openssl_util.h" +#include "crypto/openssl_util.h" #elif defined(USE_NSS) #include <nss.h> #include <pk11pub.h> -#include "base/nss_util.h" +#include "crypto/nss_util.h" #elif defined(OS_MACOSX) #include <CommonCrypto/CommonCryptor.h> #elif defined(OS_WIN) #include <windows.h> #include <wincrypt.h> -#include "base/crypto/scoped_capi_types.h" +#include "crypto/scoped_capi_types.h" #endif // The Mac and Windows (CryptoAPI) versions of DESEncrypt are our own code. @@ -90,7 +90,7 @@ void DESMakeKey(const uint8* raw, uint8* key) { #if defined(USE_OPENSSL) void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { - base::EnsureOpenSSLInit(); + crypto::EnsureOpenSSLInit(); DES_key_schedule ks; DES_set_key_unchecked( @@ -112,7 +112,7 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { SECStatus rv; unsigned int n; - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); slot = PK11_GetBestSlot(cipher_mech, NULL); if (!slot) @@ -171,7 +171,7 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { #elif defined(OS_WIN) void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { - base::ScopedHCRYPTPROV provider; + crypto::ScopedHCRYPTPROV provider; if (!CryptAcquireContext(provider.receive(), NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) return; @@ -191,7 +191,7 @@ void DESEncrypt(const uint8* key, const uint8* src, uint8* hash) { key_blob.key_size = 8; // 64 bits memcpy(key_blob.key_data, key, 8); - base::ScopedHCRYPTKEY key; + crypto::ScopedHCRYPTKEY key; BOOL import_ok = CryptImportKey(provider, reinterpret_cast<BYTE*>(&key_blob), sizeof key_blob, 0, 0, key.receive()); diff --git a/net/net.gyp b/net/net.gyp index 6b9aca0..1c8b595 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -15,6 +15,7 @@ '../base/base.gyp:base_i18n', '../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations', '../build/temp_gyp/googleurl.gyp:googleurl', + '../crypto/crypto.gyp:crypto', '../sdch/sdch.gyp:sdch', '../third_party/icu/icu.gyp:icui18n', '../third_party/icu/icu.gyp:icuuc', @@ -357,6 +358,7 @@ '../base/base.gyp:base', '../base/base.gyp:base_i18n', '../build/temp_gyp/googleurl.gyp:googleurl', + '../crypto/crypto.gyp:crypto', '../sdch/sdch.gyp:sdch', '../third_party/icu/icu.gyp:icui18n', '../third_party/icu/icu.gyp:icuuc', @@ -867,6 +869,7 @@ 'net_test_support', '../base/base.gyp:base', '../base/base.gyp:base_i18n', + '../crypto/crypto.gyp:crypto', '../testing/gmock.gyp:gmock', '../testing/gtest.gyp:gtest', '../third_party/zlib/zlib.gyp:zlib', diff --git a/net/socket/dns_cert_provenance_checker.cc b/net/socket/dns_cert_provenance_checker.cc index dfa86d2..5ab0631 100644 --- a/net/socket/dns_cert_provenance_checker.cc +++ b/net/socket/dns_cert_provenance_checker.cc @@ -18,12 +18,12 @@ #include "base/base64.h" #include "base/basictypes.h" -#include "base/crypto/encryptor.h" -#include "base/crypto/symmetric_key.h" #include "base/lazy_instance.h" #include "base/memory/scoped_ptr.h" #include "base/pickle.h" #include "base/threading/non_thread_safe.h" +#include "crypto/encryptor.h" +#include "crypto/symmetric_key.h" #include "net/base/completion_callback.h" #include "net/base/dns_util.h" #include "net/base/dnsrr_resolver.h" @@ -302,12 +302,12 @@ std::string DnsCertProvenanceChecker::BuildEncryptedReport( DCHECK_GE(sizeof(key_data), kKeySizeInBytes + kIVSizeInBytes); std::string raw_key(key_data, kKeySizeInBytes); - scoped_ptr<base::SymmetricKey> symkey( - base::SymmetricKey::Import(base::SymmetricKey::AES, raw_key)); + scoped_ptr<crypto::SymmetricKey> symkey( + crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key)); std::string iv(key_data + kKeySizeInBytes, kIVSizeInBytes); - base::Encryptor encryptor; - bool r = encryptor.Init(symkey.get(), base::Encryptor::CBC, iv); + crypto::Encryptor encryptor; + bool r = encryptor.Init(symkey.get(), crypto::Encryptor::CBC, iv); CHECK(r); std::string plaintext(reinterpret_cast<const char*>(p.data()), p.size()); diff --git a/net/socket/nss_ssl_util.cc b/net/socket/nss_ssl_util.cc index 3c8a7e1..daed00f 100644 --- a/net/socket/nss_ssl_util.cc +++ b/net/socket/nss_ssl_util.cc @@ -14,9 +14,9 @@ #include "base/lazy_instance.h" #include "base/logging.h" #include "base/memory/singleton.h" -#include "base/nss_util.h" #include "base/threading/thread_restrictions.h" #include "base/values.h" +#include "crypto/nss_util.h" #include "net/base/net_errors.h" #include "net/base/net_log.h" @@ -25,7 +25,7 @@ namespace net { class NSSSSLInitSingleton { public: NSSSSLInitSingleton() { - base::EnsureNSSInit(); + crypto::EnsureNSSInit(); NSS_SetDomesticPolicy(); diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 37e93f2..a2396b1 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -68,7 +68,6 @@ #include "base/logging.h" #include "base/memory/singleton.h" #include "base/metrics/histogram.h" -#include "base/nss_util.h" #include "base/string_number_conversions.h" #include "base/string_util.h" #include "base/stringprintf.h" diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 13af0c6..395c067 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -12,8 +12,8 @@ #include "base/memory/singleton.h" #include "base/metrics/histogram.h" -#include "base/openssl_util.h" #include "base/synchronization/lock.h" +#include "crypto/openssl_util.h" #include "net/base/cert_verifier.h" #include "net/base/net_errors.h" #include "net/base/openssl_private_key_store.h" @@ -172,7 +172,7 @@ int MapOpenSSLErrorSSL() { // error stack if needed. Note that |tracer| is not currently used in the // implementation, but is passed in anyway as this ensures the caller will clear // any residual codes left on the error stack. -int MapOpenSSLError(int err, const base::OpenSSLErrStackTracer& tracer) { +int MapOpenSSLError(int err, const crypto::OpenSSLErrStackTracer& tracer) { switch (err) { case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: @@ -206,7 +206,7 @@ class SSLSessionCache { void OnSessionAdded(const HostPortPair& host_and_port, SSL_SESSION* session) { // Declare the session cleaner-upper before the lock, so any call into // OpenSSL to free the session will happen after the lock is released. - base::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free; + crypto::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free; base::AutoLock lock(lock_); DCHECK_EQ(0U, session_map_.count(session)); @@ -228,7 +228,7 @@ class SSLSessionCache { void OnSessionRemoved(SSL_SESSION* session) { // Declare the session cleaner-upper before the lock, so any call into // OpenSSL to free the session will happen after the lock is released. - base::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free; + crypto::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free; base::AutoLock lock(lock_); SessionMap::iterator it = session_map_.find(session); @@ -301,7 +301,7 @@ class SSLContext { friend struct DefaultSingletonTraits<SSLContext>; SSLContext() { - base::EnsureOpenSSLInit(); + crypto::EnsureOpenSSLInit(); ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0); DCHECK_NE(ssl_socket_data_index_, -1); ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); @@ -358,7 +358,7 @@ class SSLContext { // SSLClientSocketOpenSSL object from an SSL instance. int ssl_socket_data_index_; - base::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx_; + crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx_; SSLSessionCache session_cache_; }; @@ -415,7 +415,7 @@ bool SSLClientSocketOpenSSL::Init() { DCHECK(!transport_bio_); SSLContext* context = SSLContext::GetInstance(); - base::OpenSSLErrStackTracer err_tracer(FROM_HERE); + crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); ssl_ = SSL_new(context->ssl_ctx()); if (!ssl_ || !context->SetClientSocketForSSL(ssl_, this)) @@ -727,7 +727,7 @@ int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) { } int SSLClientSocketOpenSSL::DoHandshake() { - base::OpenSSLErrStackTracer err_tracer(FROM_HERE); + crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); int net_error = net::OK; int rv = SSL_do_handshake(ssl_); @@ -859,7 +859,7 @@ X509Certificate* SSLClientSocketOpenSSL::UpdateServerCert() { if (server_cert_) return server_cert_; - base::ScopedOpenSSL<X509, X509_free> cert(SSL_get_peer_certificate(ssl_)); + crypto::ScopedOpenSSL<X509, X509_free> cert(SSL_get_peer_certificate(ssl_)); if (!cert.get()) { LOG(WARNING) << "SSL_get_peer_certificate returned NULL"; return NULL; @@ -1169,7 +1169,7 @@ bool SSLClientSocketOpenSSL::SetSendBufferSize(int32 size) { } int SSLClientSocketOpenSSL::DoPayloadRead() { - base::OpenSSLErrStackTracer err_tracer(FROM_HERE); + crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); int rv = SSL_read(ssl_, user_read_buf_->data(), user_read_buf_len_); // We don't need to invalidate the non-client-authenticated SSL session // because the server will renegotiate anyway. @@ -1184,7 +1184,7 @@ int SSLClientSocketOpenSSL::DoPayloadRead() { } int SSLClientSocketOpenSSL::DoPayloadWrite() { - base::OpenSSLErrStackTracer err_tracer(FROM_HERE); + crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); if (rv >= 0) diff --git a/net/socket/ssl_server_socket.h b/net/socket/ssl_server_socket.h index b689c71..33ade01 100644 --- a/net/socket/ssl_server_socket.h +++ b/net/socket/ssl_server_socket.h @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -9,7 +9,7 @@ #include "net/base/completion_callback.h" #include "net/socket/socket.h" -namespace base { +namespace crypto { class RSAPrivateKey; } // namespace base @@ -45,7 +45,7 @@ class SSLServerSocket : public Socket { // TODO(hclam): Defines ServerSocketFactory to create SSLServerSocket. This will // make mocking easier. SSLServerSocket* CreateSSLServerSocket( - Socket* socket, X509Certificate* certificate, base::RSAPrivateKey* key, + Socket* socket, X509Certificate* certificate, crypto::RSAPrivateKey* key, const SSLConfig& ssl_config); } // namespace net diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc index 024290a..de212e2 100644 --- a/net/socket/ssl_server_socket_nss.cc +++ b/net/socket/ssl_server_socket_nss.cc @@ -29,9 +29,9 @@ #include <limits> -#include "base/crypto/rsa_private_key.h" #include "base/memory/ref_counted.h" -#include "base/nss_util_internal.h" +#include "crypto/rsa_private_key.h" +#include "crypto/nss_util_internal.h" #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/base/net_log.h" @@ -46,7 +46,7 @@ static const int kRecvBufferSize = 4096; namespace net { SSLServerSocket* CreateSSLServerSocket( - Socket* socket, X509Certificate* cert, base::RSAPrivateKey* key, + Socket* socket, X509Certificate* cert, crypto::RSAPrivateKey* key, const SSLConfig& ssl_config) { return new SSLServerSocketNSS(socket, cert, key, ssl_config); } @@ -54,7 +54,7 @@ SSLServerSocket* CreateSSLServerSocket( SSLServerSocketNSS::SSLServerSocketNSS( Socket* transport_socket, scoped_refptr<X509Certificate> cert, - base::RSAPrivateKey* key, + crypto::RSAPrivateKey* key, const SSLConfig& ssl_config) : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( this, &SSLServerSocketNSS::BufferSendComplete)), @@ -79,7 +79,7 @@ SSLServerSocketNSS::SSLServerSocketNSS( // TODO(hclam): Need a better way to clone a key. std::vector<uint8> key_bytes; CHECK(key->ExportPrivateKey(&key_bytes)); - key_.reset(base::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); + key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); CHECK(key_.get()); } @@ -302,7 +302,7 @@ int SSLServerSocketNSS::InitializeSSLOptions() { } SECKEYPrivateKeyStr* private_key = NULL; - PK11SlotInfo *slot = base::GetPrivateNSSKeySlot(); + PK11SlotInfo* slot = crypto::GetPrivateNSSKeySlot(); if (!slot) { CERT_DestroyCertificate(cert); return ERR_UNEXPECTED; diff --git a/net/socket/ssl_server_socket_nss.h b/net/socket/ssl_server_socket_nss.h index 4f18916..7953c38 100644 --- a/net/socket/ssl_server_socket_nss.h +++ b/net/socket/ssl_server_socket_nss.h @@ -32,7 +32,7 @@ class SSLServerSocketNSS : public SSLServerSocket { // |key| - The private key used by the server. SSLServerSocketNSS(Socket* transport_socket, scoped_refptr<X509Certificate> cert, - base::RSAPrivateKey* key, + crypto::RSAPrivateKey* key, const SSLConfig& ssl_config); virtual ~SSLServerSocketNSS(); @@ -121,7 +121,7 @@ class SSLServerSocketNSS : public SSLServerSocket { scoped_refptr<X509Certificate> cert_; // Private key used by the server. - scoped_ptr<base::RSAPrivateKey> key_; + scoped_ptr<crypto::RSAPrivateKey> key_; State next_handshake_state_; bool completed_handshake_; diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc index 1668bfe..6269282 100644 --- a/net/socket/ssl_server_socket_unittest.cc +++ b/net/socket/ssl_server_socket_unittest.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -17,11 +17,11 @@ #include <queue> -#include "base/crypto/rsa_private_key.h" #include "base/file_path.h" #include "base/file_util.h" -#include "base/nss_util.h" #include "base/path_service.h" +#include "crypto/nss_util.h" +#include "crypto/rsa_private_key.h" #include "net/base/address_list.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_verifier.h" @@ -234,8 +234,8 @@ class SSLServerSocketTest : public PlatformTest { reinterpret_cast<const uint8*>(key_string.data() + key_string.length())); - scoped_ptr<base::RSAPrivateKey> private_key( - base::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); + scoped_ptr<crypto::RSAPrivateKey> private_key( + crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_vector)); net::SSLConfig ssl_config; ssl_config.false_start_enabled = false; diff --git a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp b/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp index c00e58a..51e4861 100644 --- a/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp +++ b/net/third_party/mozilla_security_manager/nsKeygenHandler.cpp @@ -49,7 +49,7 @@ #include "base/base64.h" #include "base/logging.h" -#include "base/nss_util.h" +#include "crypto/nss_util.h" #include "googleurl/src/gurl.h" namespace { @@ -136,7 +136,7 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits, VLOG(1) << "Creating key pair..."; { - base::AutoNSSWriteLock lock; + crypto::AutoNSSWriteLock lock; privateKey = PK11_GenerateKeyPair(slot, keyGenMechanism, keyGenParams, @@ -159,7 +159,7 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits, // example.com", but localize it. const std::string& label = url.host(); { - base::AutoNSSWriteLock lock; + crypto::AutoNSSWriteLock lock; PK11_SetPublicKeyNickname(publicKey, label.c_str()); PK11_SetPrivateKeyNickname(privateKey, label.c_str()); } @@ -235,7 +235,7 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits, // On successful keygen we need to keep the private key, of course, // or we won't be able to use the client certificate. if (!isSuccess || !stores_key) { - base::AutoNSSWriteLock lock; + crypto::AutoNSSWriteLock lock; PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID); } SECKEY_DestroyPrivateKey(privateKey); @@ -243,7 +243,7 @@ std::string GenKeyAndSignChallenge(int key_size_in_bits, if (publicKey) { if (!isSuccess || !stores_key) { - base::AutoNSSWriteLock lock; + crypto::AutoNSSWriteLock lock; PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); } SECKEY_DestroyPublicKey(publicKey); diff --git a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp index f8d4a45..a430889 100644 --- a/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp +++ b/net/third_party/mozilla_security_manager/nsNSSCertificateDB.cpp @@ -42,9 +42,9 @@ #include <pk11pub.h> #include <secerr.h> -#include "base/crypto/scoped_nss_types.h" #include "base/logging.h" -#include "base/nss_util_internal.h" +#include "crypto/nss_util_internal.h" +#include "crypto/scoped_nss_types.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" #include "net/third_party/mozilla_security_manager/nsNSSCertTrust.h" @@ -56,7 +56,7 @@ bool ImportCACerts(const net::CertificateList& certificates, net::X509Certificate* root, unsigned int trustBits, net::CertDatabase::ImportCertFailureList* not_imported) { - base::ScopedPK11Slot slot(base::GetPublicNSSKeySlot()); + crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot()); if (!slot.get()) { LOG(ERROR) << "Couldn't get internal key slot!"; return false; @@ -163,7 +163,7 @@ bool ImportCACerts(const net::CertificateList& certificates, // Based on nsNSSCertificateDB::ImportServerCertificate. bool ImportServerCert(const net::CertificateList& certificates, net::CertDatabase::ImportCertFailureList* not_imported) { - base::ScopedPK11Slot slot(base::GetPublicNSSKeySlot()); + crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot()); if (!slot.get()) { LOG(ERROR) << "Couldn't get internal key slot!"; return false; diff --git a/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp b/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp index 0cf9562..1175ca0 100644 --- a/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp +++ b/net/third_party/mozilla_security_manager/nsPKCS12Blob.cpp @@ -42,11 +42,10 @@ #include <p12plcy.h> #include <secerr.h> -#include "base/crypto/scoped_nss_types.h" #include "base/lazy_instance.h" #include "base/logging.h" -#include "base/nss_util_internal.h" #include "base/string_util.h" +#include "crypto/nss_util_internal.h" #include "net/base/net_errors.h" #include "net/base/x509_certificate.h" diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc index 394f813..4a21059 100644 --- a/net/url_request/url_request_unittest.cc +++ b/net/url_request/url_request_unittest.cc @@ -7,8 +7,6 @@ #if defined(OS_WIN) #include <shlobj.h> #include <windows.h> -#elif defined(USE_NSS) -#include "base/nss_util.h" #endif #include <algorithm> |