Add GetSystemNSSKeySlot, merge GetPrivateNSSKeySlot/GetPublicNSSKeySlot to GetPersistentNSSKeySlot.
GetSystemNSSKeySlot returns the ChromeOS system-wide TPM slot.
ChromeOS has separate slots for each user and linux doesn't have a public/private split, so GetPrivateNSSKeySlot no longer makes sense.
BUG=210525
TBR=stevenjb@chromium.org
Review URL: https://codereview.chromium.org/383593002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@282862 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/crypto/nss_util_internal.h b/crypto/nss_util_internal.h
index 8175604..e9d4870 100644
--- a/crypto/nss_util_internal.h
+++ b/crypto/nss_util_internal.h
@@ -21,17 +21,11 @@
namespace crypto {
-// Returns a reference to the default NSS key slot for storing
-// public-key data only (e.g. server certs). Caller must release
-// returned reference with PK11_FreeSlot.
-CRYPTO_EXPORT PK11SlotInfo* GetPublicNSSKeySlot() WARN_UNUSED_RESULT;
-
-// Returns a reference to the default slot for storing private-key and
-// mixed private-key/public-key data. Returns a hardware (TPM) NSS
-// key slot if on ChromeOS and EnableTPMForNSS() has been called
-// successfully. Caller must release returned reference with
-// PK11_FreeSlot.
-CRYPTO_EXPORT PK11SlotInfo* GetPrivateNSSKeySlot() WARN_UNUSED_RESULT;
+// Returns a reference to the default NSS key slot for storing persistent data.
+// Caller must release returned reference with PK11_FreeSlot.
+// TODO(mattm): this should be if !defined(OS_CHROMEOS), but some tests need to
+// be fixed first.
+CRYPTO_EXPORT PK11SlotInfo* GetPersistentNSSKeySlot() WARN_UNUSED_RESULT;
// A helper class that acquires the SECMOD list read lock while the
// AutoSECMODListReadLock is in scope.
@@ -46,6 +40,10 @@
};
#if defined(OS_CHROMEOS)
+// Returns a reference to the system-wide TPM slot. Caller must release
+// returned reference with PK11_FreeSlot.
+CRYPTO_EXPORT PK11SlotInfo* GetSystemNSSKeySlot() WARN_UNUSED_RESULT;
+
// Prepare per-user NSS slot mapping. It is safe to call this function multiple
// times. Returns true if the user was added, or false if it already existed.
CRYPTO_EXPORT bool InitializeNSSForChromeOSUser(