[webcrypto] Fix a bug where generated RSA private keys couldn't be exported.

content/child/webcrypto/platform_crypto_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/platform_crypto.h"
 
 #include <cryptohi.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
@@ skipping 1135 matching lines @@
       break;
     case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
       operation_flags = CKF_SIGN | CKF_VERIFY;
       break;
     default:
       NOTREACHED();
       return Status::ErrorUnexpected();
   }
   const CK_FLAGS operation_flags_mask =
       CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP;
-  const PK11AttrFlags attribute_flags = 0;  // Default all PK11_ATTR_ flags.
+  // The private key must be marked as insensitive otherwise it cannot later be
+  // exported, or structured-cloned. Throw in extractable for good measure,
+  // however the tests pass without it too.

[wtc, 2014/03/27 19:38:24]

Summary: I suggest this comment:
  // The private key must be marked as insensitive and extractable, otherwise
  // it cannot later be exported in unencrypted form or structured-cloned.

Details:

Remove the "Throw in extractable for good measure ..." part. If you don't
specify PK11_ATTR_EXTRACTABLE or PK11_ATTR_UNEXTRACTABLE, you are relying on the
token's default. The fact that PK11_ATTR_EXTRACTABLE isn't necessary means the
NSS softoken defaults to extractable keys.

More info on the two attributes:
Extractable: whether the key can be extracted at all, regardless of the form.
Sensitive: the key can only be extracted in encrypted form (i.e., requires the
use of C_WrapKey).

If you need to export unencrypted PrivateKeyInfo, you need the key to be
insensitive and extractable.

+  const PK11AttrFlags attribute_flags =
+      PK11_ATTR_INSENSITIVE | PK11_ATTR_EXTRACTABLE;
 
   // Note: NSS does not generate an sec_public_key if the call below fails,
   // so there is no danger of a leaked sec_public_key.
   SECKEYPublicKey* sec_public_key;
   crypto::ScopedSECKEYPrivateKey scoped_sec_private_key(
       PK11_GenerateKeyPairWithOpFlags(slot.get(),
                                       CKM_RSA_PKCS_KEY_PAIR_GEN,
                                       &rsa_gen_params,
                                       &sec_public_key,
                                       attribute_flags,
@@ skipping 325 matching lines @@
                                      key_algorithm,
                                      usage_mask);
   return Status::Success();
 }
 
 }  // namespace platform
 
 }  // namespace webcrypto
 
 }  // namespace content