Use FindNSSKeyFromPublicKeyInfoInSlot when a slot is known.

Follow-up to https://codereview.chromium.org/1128153003/. Rather than query all keys and checking the slot afterwards, just look up keys in the slot directly. BUG=478777 Review URL: https://codereview.chromium.org/1139533002 Cr-Commit-Position: refs/heads/master@{#329498}

Use FindNSSKeyFromPublicKeyInfoInSlot when a slot is known.
Follow-up to https://codereview.chromium.org/1128153003/. Rather than query all keys and checking the slot afterwards, just look up keys in the slot directly. BUG=478777 Review URL: https://codereview.chromium.org/1139533002 Cr-Commit-Position: refs/heads/master@{#329498}
67840e51 · davidben · Commit bot · f97970c1 · 67840e51 · 67840e51
Commit 67840e51 authored May 12, 2015 by davidben Committed by Commit bot May 12, 2015
2 changed files
--- a/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
+++ b/chrome/browser/chromeos/login/easy_unlock/easy_unlock_tpm_key_manager.cc
@@ -79,24 +79,22 @@ void EnsureUserTPMInitializedOnIOThread(
 }
 // Checks if a private RSA key associated with |public_key| can be found in
-// |slot|.
+// |slot|. |slot| must be non-null.
 // Must be called on a worker thread.
 crypto::ScopedSECKEYPrivateKey GetPrivateKeyOnWorkerThread(
    PK11SlotInfo* slot,
    const std::string& public_key) {
+  CHECK(slot);
  const uint8* public_key_uint8 =
      reinterpret_cast<const uint8*>(public_key.data());
  std::vector<uint8> public_key_vector(
      public_key_uint8, public_key_uint8 + public_key.size());
-  // TODO(davidben): This should be equivalent to calling
-  // FindNSSKeyFromPublicKeyInfoInSlot.
  crypto::ScopedSECKEYPrivateKey rsa_key(
-      crypto::FindNSSKeyFromPublicKeyInfo(public_key_vector));
+      crypto::FindNSSKeyFromPublicKeyInfoInSlot(public_key_vector, slot));
-  if (!rsa_key || rsa_key->pkcs11Slot != slot ||
+  if (!rsa_key || SECKEY_GetPrivateKeyType(rsa_key.get()) != rsaKey)
-      SECKEY_GetPrivateKeyType(rsa_key.get()) != rsaKey) {
    return nullptr;
-  }
  return rsa_key.Pass();
 }

--- a/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
+++ b/chrome/browser/chromeos/platform_keys/platform_keys_nss.cc
@@ -451,14 +451,16 @@ void SignRSAOnWorkerThread(scoped_ptr<SignRSAState> state) {
  std::vector<uint8> public_key_vector(
      public_key_uint8, public_key_uint8 + state->public_key_.size());
-  // TODO(pneubeck): This searches all slots. Change to look only at |slot_|.
+  crypto::ScopedSECKEYPrivateKey rsa_key;
-  crypto::ScopedSECKEYPrivateKey rsa_key(
+  if (state->slot_) {
-      crypto::FindNSSKeyFromPublicKeyInfo(public_key_vector));
+    rsa_key = crypto::FindNSSKeyFromPublicKeyInfoInSlot(public_key_vector,
+                                                        state->slot_.get());
-  // Fail if the key was not found. If a specific slot was requested, also fail
+  } else {
-  // if the key was found in the wrong slot.
+    rsa_key = crypto::FindNSSKeyFromPublicKeyInfo(public_key_vector);
-  if (!rsa_key || SECKEY_GetPrivateKeyType(rsa_key.get()) != rsaKey ||
+  }
-      (state->slot_ && rsa_key->pkcs11Slot != state->slot_)) {
+  // Fail if the key was not found or is of the wrong type.
+  if (!rsa_key || SECKEY_GetPrivateKeyType(rsa_key.get()) != rsaKey) {
    state->OnError(FROM_HERE, kErrorKeyNotFound);
    return;
  }