Implemented profile-aware owner key loading.

crypto/rsa_private_key_nss.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/rsa_private_key.h"
 
 #include <cryptohi.h>
 #include <keyhi.h>
 #include <pk11pub.h>
 #include <secmod.h>
@@ skipping 20 matching lines @@
   if (rv != SECSuccess) {
     NOTREACHED();
     return false;
   }
 
   output->assign(item.data, item.data + item.len);
   SECITEM_FreeItem(&item, PR_FALSE);
   return true;
 }
 
+#if defined(USE_NSS)
+SECKEYPublicKey* GetRSAPublicKey(const std::vector<uint8>& input) {

[wtc, 2014/05/16 15:06:36]

Nit: please document this function, especially the ownership of the return
value.

[ygorshenin1, 2014/05/19 09:43:50]

Done.

+  // First, decode and save the public key.
+  SECItem key_der;
+  key_der.type = siBuffer;
+  key_der.data = const_cast<unsigned char*>(&input[0]);
+  key_der.len = input.size();
+
+  CERTSubjectPublicKeyInfo* spki =
+      SECKEY_DecodeDERSubjectPublicKeyInfo(&key_der);
+  if (!spki)
+    return NULL;
+  SECKEYPublicKey* result = SECKEY_ExtractPublicKey(spki);
+  SECKEY_DestroySubjectPublicKeyInfo(spki);
+  if (!result || result->keyType != rsaKey)

[wtc, 2014/05/16 15:06:36]

BUG: in the result->keyType != rsaKey case, we need to destroy |result| (with
SECKEY_DestroyPublicKey) before returning NULL.

[ygorshenin1, 2014/05/19 09:43:50]

Done.

+    return NULL;
+  return result;
+}
+#endif  // defined(USE_NSS)
+
 }  // namespace
 
 namespace crypto {
 
 RSAPrivateKey::~RSAPrivateKey() {
   if (key_)
     SECKEY_DestroyPrivateKey(key_);
   if (public_key_)
     SECKEY_DestroyPublicKey(public_key_);
 }
@@ skipping 56 matching lines @@
     return NULL;
   }
   return copy;
 }
 
 // static
 RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo(
     const std::vector<uint8>& input) {
   EnsureNSSInit();
 
-  scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey);
-
-  // First, decode and save the public key.
-  SECItem key_der;
-  key_der.type = siBuffer;
-  key_der.data = const_cast<unsigned char*>(&input[0]);
-  key_der.len = input.size();
-
-  CERTSubjectPublicKeyInfo* spki =
-      SECKEY_DecodeDERSubjectPublicKeyInfo(&key_der);
-  if (!spki) {
-    NOTREACHED();
-    return NULL;
-  }
-
-  result->public_key_ = SECKEY_ExtractPublicKey(spki);
-  SECKEY_DestroySubjectPublicKeyInfo(spki);
+  scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey());
+  result->public_key_ = GetRSAPublicKey(input);
   if (!result->public_key_) {
     NOTREACHED();
     return NULL;
   }
 
-  // Make sure the key is an RSA key.  If not, that's an error

[wtc, 2014/05/16 15:06:36]

Please copy this comment to the new GetRSAPublicKey function.

[ygorshenin1, 2014/05/19 09:43:50]

Done.

-  if (result->public_key_->keyType != rsaKey) {
-    NOTREACHED();
-    return NULL;
-  }
-
   ScopedSECItem ck_id(
       PK11_MakeIDFromPubKey(&(result->public_key_->u.rsa.modulus)));
   if (!ck_id.get()) {
     NOTREACHED();
     return NULL;
   }
 
   // Search all slots in all modules for the key with the given ID.
   AutoSECMODListReadLock auto_lock;
   SECMODModuleList* head = SECMOD_GetDefaultModuleList();
   for (SECMODModuleList* item = head; item != NULL; item = item->next) {
     int slot_count = item->module->loaded ? item->module->slotCount : 0;
     for (int i = 0; i < slot_count; i++) {
       // Finally...Look for the key!
       result->key_ = PK11_FindKeyByKeyID(item->module->slots[i],
                                          ck_id.get(), NULL);
       if (result->key_)
         return result.release();
     }
   }
 
   // We didn't find the key.
   return NULL;
 }
+
+// static
+RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfoInSlot(
+    const std::vector<uint8>& input,
+    PK11SlotInfo* slot) {
+  EnsureNSSInit();
+
+  if (!slot)
+    return NULL;
+
+  scoped_ptr<RSAPrivateKey> result(new RSAPrivateKey());
+  result->public_key_ = GetRSAPublicKey(input);
+  if (!result->public_key_) {
+    NOTREACHED();
+    return NULL;
+  }
+
+  ScopedSECItem ck_id(
+      PK11_MakeIDFromPubKey(&(result->public_key_->u.rsa.modulus)));
+  if (!ck_id.get()) {
+    NOTREACHED();
+    return NULL;
+  }

[wtc, 2014/05/16 15:06:36]

Nit: we can work harder and share more code between these two functions. The
code up to this line (except for the null pointer check for |slot|) is the same
between the two functions.

[ygorshenin1, 2014/05/19 09:43:50]

Done.

+
+  result->key_ = PK11_FindKeyByKeyID(slot, ck_id.get(), NULL);
+  if (!result->key_)
+    return NULL;
+  return result.release();
+}
 #endif
 
 RSAPrivateKey* RSAPrivateKey::Copy() const {
   RSAPrivateKey* copy = new RSAPrivateKey();
   copy->key_ = SECKEY_CopyPrivateKey(key_);
   copy->public_key_ = SECKEY_CopyPublicKey(public_key_);
   return copy;
 }
 
 bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) const {
@@ skipping 88 matching lines @@
   result->public_key_ = SECKEY_ConvertToPublicKey(result->key_);
   if (!result->public_key_) {
     NOTREACHED();
     return NULL;
   }
 
   return result.release();
 }
 
 }  // namespace crypto