Assigning to peter to triage and/or implement.

Note https://codereview.chromium.org/1935053003/ still needs to land which adds the function. It's probably too early for one of you to do this. (In fact, Push probably should have had a separate bug here. There's two consumers.)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/212cdf69ab10af4d04cb12919b5c6504e54f73cc

commit 212cdf69ab10af4d04cb12919b5c6504e54f73cc
Author: davidben <davidben@chromium.org>
Date: Tue Jun 07 17:11:09 2016

Add PKCS#8 ECPrivateKey export/import functions.

Also const-correct a few functions and add some missing error tracers.
Deprecate the old ones. Also const-correct a few functions and add some missing
error tracers. Future work migrate existing serializations to the new format.

BUG= 603319 

Review-Url: https://codereview.chromium.org/1935053003
Cr-Commit-Position: refs/heads/master@{#398318}

[modify] https://crrev.com/212cdf69ab10af4d04cb12919b5c6504e54f73cc/crypto/ec_private_key.cc
[modify] https://crrev.com/212cdf69ab10af4d04cb12919b5c6504e54f73cc/crypto/ec_private_key.h
[modify] https://crrev.com/212cdf69ab10af4d04cb12919b5c6504e54f73cc/crypto/ec_private_key_unittest.cc
[modify] https://crrev.com/212cdf69ab10af4d04cb12919b5c6504e54f73cc/crypto/rsa_private_key.cc
[modify] https://crrev.com/212cdf69ab10af4d04cb12919b5c6504e54f73cc/net/spdy/spdy_test_util_common.cc

I've split the two[*] call sites out into their own bugs since they'll probably want to be done by the people working on them.

[*] There's a third in Android WebView, but since it doesn't involve any persistence, I've gone ahead and uploaded a CL for it.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/526946fc5c0cb41ef269d5cbdcec5ca81a957c93

commit 526946fc5c0cb41ef269d5cbdcec5ca81a957c93
Author: davidben <davidben@chromium.org>
Date: Tue Jun 21 19:53:42 2016

Switch AwTokenBindingManager's internals to PKCS#8.

There's no need to do the silly encrypt with empty password and then decrypt in
Java dance. Just serialize to a PKCS#8 blob and parse it back out normally.

BUG= 603319 

Review-Url: https://codereview.chromium.org/2047763002
Cr-Commit-Position: refs/heads/master@{#401083}

[modify] https://crrev.com/526946fc5c0cb41ef269d5cbdcec5ca81a957c93/android_webview/java/src/org/chromium/android_webview/AwTokenBindingManager.java
[modify] https://crrev.com/526946fc5c0cb41ef269d5cbdcec5ca81a957c93/android_webview/native/token_binding_manager_bridge.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1c02c94c34e1c57154914d51c44e818aa290f7a0

commit 1c02c94c34e1c57154914d51c44e818aa290f7a0
Author: davidben <davidben@chromium.org>
Date: Wed Jan 04 13:54:32 2017

Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey.

Even with a password, the encryption scheme used here is really not what
we'd want people to use. This does two things:

1. Cut down on the number of ways to use ExportEncryptedPrivateKey and
   makes it less likely someone will mistakenly use it for security
   purposes.

2. When we ported to BoringSSL, we added "raw" versions of
   PKCS8_{encrypt,decrypt} to account for confusion about two ways to
   encode the empty password. But PKCS8_{encrypt,decrypt} already
   handled this by treating NULL and "" differently. Limiting to just
   the empty password lets us trim BoringSSL's API surface in
   preparation for decoupling it from crypto/asn1.

BUG= 603319 

Review-Url: https://codereview.chromium.org/2608453002
Cr-Commit-Position: refs/heads/master@{#441365}

[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/components/gcm_driver/crypto/p256_key_util.cc
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/crypto/ec_private_key.cc
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/crypto/ec_private_key.h
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/crypto/ec_private_key_unittest.cc
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/crypto/ec_signature_creator_unittest.cc
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/net/extras/sqlite/sqlite_channel_id_store.cc
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/net/extras/sqlite/sqlite_channel_id_store_unittest.cc
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/net/ssl/channel_id_service.cc
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/net/ssl/channel_id_service.h
[modify] https://crrev.com/1c02c94c34e1c57154914d51c44e818aa290f7a0/net/ssl/ssl_platform_key_nss_unittest.cc

 Issue 618025  has been merged into this issue.

Here's a short write up on my strategy for this Issue:
https://docs.google.com/document/d/1aCw0vB_YQWlPup0Rezaj_fjKqrEedJOW7YYqQ6OA4Rk/edit?usp=sharing

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c0f6cdb1b64d1789fa3ad88af79824e3ddd5c157

commit c0f6cdb1b64d1789fa3ad88af79824e3ddd5c157
Author: Mugdha Lakhani <nator@chromium.org>
Date: Thu Feb 08 19:15:02 2018

[GCM Driver] Use OnceCallback and OnceClosure for

GCM key store instead of Callback and Closure, respectively.
This is because we only are using these callbacks once.
This also lays the foundation for replacing KeyPair with ECPrivateKey.

Bug:  603319 
Change-Id: I01632b0d3be7cf92cdced81a3b35d99134d37ad7
Reviewed-on: https://chromium-review.googlesource.com/907348
Commit-Queue: Mugdha Lakhani <nator@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Cr-Commit-Position: refs/heads/master@{#535468}
[modify] https://crrev.com/c0f6cdb1b64d1789fa3ad88af79824e3ddd5c157/chrome/browser/push_messaging/push_messaging_service_impl.cc
[modify] https://crrev.com/c0f6cdb1b64d1789fa3ad88af79824e3ddd5c157/components/gcm_driver/crypto/gcm_encryption_provider.cc
[modify] https://crrev.com/c0f6cdb1b64d1789fa3ad88af79824e3ddd5c157/components/gcm_driver/crypto/gcm_encryption_provider.h
[modify] https://crrev.com/c0f6cdb1b64d1789fa3ad88af79824e3ddd5c157/components/gcm_driver/crypto/gcm_key_store.cc
[modify] https://crrev.com/c0f6cdb1b64d1789fa3ad88af79824e3ddd5c157/components/gcm_driver/crypto/gcm_key_store.h
[add] https://crrev.com/c0f6cdb1b64d1789fa3ad88af79824e3ddd5c157/components/gcm_driver/features.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0

commit 1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0
Author: Mugdha Lakhani <nator@chromium.org>
Date: Mon Feb 19 13:32:32 2018

[GCM Driver] Deprecate KeyPair

Bug:  603319 
Change-Id: I4e649017a696562b30c986129c73cb777f42a0af
Reviewed-on: https://chromium-review.googlesource.com/909389
Commit-Queue: Mugdha Lakhani <nator@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Cr-Commit-Position: refs/heads/master@{#537640}
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/gcm_crypto_test_helpers.cc
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/gcm_encryption_provider.cc
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/gcm_encryption_provider.h
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/gcm_encryption_provider_unittest.cc
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/gcm_key_store.cc
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/gcm_key_store.h
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/gcm_key_store_unittest.cc
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/gcm_message_cryptographer_unittest.cc
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/p256_key_util.cc
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/p256_key_util.h
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/p256_key_util_unittest.cc
[modify] https://crrev.com/1a27c8f148eb9c7de7e1b4d97df86435c7ecb6b0/components/gcm_driver/crypto/proto/gcm_encryption_data.proto

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5511dc07a6212df90d686518fa30cd9baffde2a8

commit 5511dc07a6212df90d686518fa30cd9baffde2a8
Author: Mugdha Lakhani <nator@chromium.org>
Date: Wed Feb 21 19:00:45 2018

[GCM Driver] Add upgrade path for cleaner private key storage.

Chrome used to support two crypto libraries: Mozilla's NSS and OpenSSL. Then we
forked OpenSSL into BoringSSL, and moved to support just that. NSS used to
require private keys to be stored in an encrypted way. In practice this was moot,
so we always supplied an empty passphrase.
In the process of deprecating this old way of storing private keys,KeyPair has
been deprecated from EncryptionData. However, in order to not break the
functionality for existing users, we need to still be able to read KeyPairs
containing encrypted private keys from the underlying database, and convert it
to the format the current logic understands, i.e., ECPrivateKey objects, and
upgrade the underlying database to contain unencrypted private key.

Additionally, a unit test has been added to test the upgrade path.

A detailed design can be found linked from the Bug.
Bug:  603319 


Change-Id: Ia139518fa08ff2bc89b0dbee946d3d25cb009401
Reviewed-on: https://chromium-review.googlesource.com/921964
Commit-Queue: Mugdha Lakhani <nator@chromium.org>
Reviewed-by: Mark Pearson <mpearson@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Cr-Commit-Position: refs/heads/master@{#538172}
[modify] https://crrev.com/5511dc07a6212df90d686518fa30cd9baffde2a8/components/gcm_driver/crypto/BUILD.gn
[modify] https://crrev.com/5511dc07a6212df90d686518fa30cd9baffde2a8/components/gcm_driver/crypto/gcm_key_store.cc
[modify] https://crrev.com/5511dc07a6212df90d686518fa30cd9baffde2a8/components/gcm_driver/crypto/gcm_key_store.h
[modify] https://crrev.com/5511dc07a6212df90d686518fa30cd9baffde2a8/components/gcm_driver/crypto/gcm_key_store_unittest.cc
[modify] https://crrev.com/5511dc07a6212df90d686518fa30cd9baffde2a8/components/gcm_driver/crypto/proto/BUILD.gn
[modify] https://crrev.com/5511dc07a6212df90d686518fa30cd9baffde2a8/tools/metrics/histograms/histograms.xml

Thanks for doing this!