From ab782c97959278a043adb66edec252b5cd83f3cc Mon Sep 17 00:00:00 2001 From: "mattm@chromium.org" Date: Mon, 9 Jul 2012 23:12:14 +0000 Subject: NSS Channel ID: don't check ECC support on every socket creation. Add static function to ECPrivateKey to get which NSS slot it uses. BUG=127506 Review URL: https://chromiumcodereview.appspot.com/10700099 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@145777 0039d316-1c4b-4281-b951-d872f2087c98 --- crypto/ec_private_key_nss.cc | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) (limited to 'crypto/ec_private_key_nss.cc') diff --git a/crypto/ec_private_key_nss.cc b/crypto/ec_private_key_nss.cc index c6c4763..9bb9df1 100644 --- a/crypto/ec_private_key_nss.cc +++ b/crypto/ec_private_key_nss.cc @@ -15,6 +15,7 @@ extern "C" { #include #include +#include "base/lazy_instance.h" #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "crypto/nss_util.h" @@ -24,6 +25,34 @@ extern "C" { namespace { +PK11SlotInfo* GetKeySlot() { + return crypto::GetPublicNSSKeySlot(); +} + +class EllipticCurveSupportChecker { + public: + EllipticCurveSupportChecker() { + // NOTE: we can do this check here only because we use the NSS internal + // slot. If we support other slots in the future, checking whether they + // support ECDSA may block NSS, and the value may also change as devices are + // inserted/removed, so we would need to re-check on every use. + crypto::EnsureNSSInit(); + crypto::ScopedPK11Slot slot(GetKeySlot()); + supported_ = PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && + PK11_DoesMechanism(slot.get(), CKM_ECDSA); + } + + bool Supported() { + return supported_; + } + + private: + bool supported_; +}; + +static base::LazyInstance::Leaky + g_elliptic_curve_supported = LAZY_INSTANCE_INITIALIZER; + // Copied from rsa_private_key_nss.cc. static bool ReadAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE type, @@ -53,6 +82,11 @@ ECPrivateKey::~ECPrivateKey() { } // static +bool ECPrivateKey::IsSupported() { + return g_elliptic_curve_supported.Get().Supported(); +} + +// static ECPrivateKey* ECPrivateKey::Create() { return CreateWithParams(PR_FALSE /* not permanent */, PR_FALSE /* not sensitive */); @@ -114,7 +148,7 @@ bool ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( bool sensitive, SECKEYPrivateKey** key, SECKEYPublicKey** public_key) { - ScopedPK11Slot slot(GetPublicNSSKeySlot()); + ScopedPK11Slot slot(GetKeySlot()); if (!slot.get()) return false; @@ -247,7 +281,7 @@ ECPrivateKey* ECPrivateKey::CreateWithParams(bool permanent, scoped_ptr result(new ECPrivateKey); - ScopedPK11Slot slot(GetPrivateNSSKeySlot()); + ScopedPK11Slot slot(GetKeySlot()); if (!slot.get()) return NULL; -- cgit v1.1