[webcrypto] Some fixes for HMAC

content/renderer/webcrypto/webcrypto_impl_nss.cc

Index: content/renderer/webcrypto/webcrypto_impl_nss.cc
diff --git a/content/renderer/webcrypto/webcrypto_impl_nss.cc b/content/renderer/webcrypto/webcrypto_impl_nss.cc
index 107c27b0cc135023af09961f6af002aff2a05933..33c1a0b77757cdd5620f6066d4519035142dbf9e 100644
--- a/content/renderer/webcrypto/webcrypto_impl_nss.cc
+++ b/content/renderer/webcrypto/webcrypto_impl_nss.cc
@@ -80,13 +80,19 @@ HASH_HashType WebCryptoAlgorithmToNSSHashType(
   }
 }
 
-CK_MECHANISM_TYPE WebCryptoAlgorithmToHMACMechanism(
+CK_MECHANISM_TYPE WebCryptoHashToHMACMechanism(
     const blink::WebCryptoAlgorithm& algorithm) {
   switch (algorithm.id()) {
     case blink::WebCryptoAlgorithmIdSha1:
       return CKM_SHA_1_HMAC;
+    case blink::WebCryptoAlgorithmIdSha224:
+      return CKM_SHA224_HMAC;
     case blink::WebCryptoAlgorithmIdSha256:
       return CKM_SHA256_HMAC;
+    case blink::WebCryptoAlgorithmIdSha384:
+      return CKM_SHA384_HMAC;
+    case blink::WebCryptoAlgorithmIdSha512:
+      return CKM_SHA512_HMAC;
     default:
       // Not a supported algorithm.
       return CKM_INVALID_MECHANISM;
@@ -175,49 +181,18 @@ bool AesCbcEncryptDecrypt(
   return true;
 }
 
-CK_MECHANISM_TYPE HmacAlgorithmToGenMechanism(
-    const blink::WebCryptoAlgorithm& algorithm) {
-  DCHECK_EQ(algorithm.id(), blink::WebCryptoAlgorithmIdHmac);
-  const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams();
-  DCHECK(params);
-  switch (params->hash().id()) {
-    case blink::WebCryptoAlgorithmIdSha1:
-      return CKM_SHA_1_HMAC;
-    case blink::WebCryptoAlgorithmIdSha256:
-      return CKM_SHA256_HMAC;
-    default:
-      return CKM_INVALID_MECHANISM;
-  }
-}
-
 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism(
     const blink::WebCryptoAlgorithm& algorithm) {
   switch (algorithm.id()) {
     case blink::WebCryptoAlgorithmIdAesCbc:
       return CKM_AES_KEY_GEN;
     case blink::WebCryptoAlgorithmIdHmac:
-      return HmacAlgorithmToGenMechanism(algorithm);
+      return WebCryptoHashToHMACMechanism(algorithm.hmacKeyParams()->hash());
     default:
       return CKM_INVALID_MECHANISM;
   }
 }
 
-// TODO(eroman): This is duplicated in OpenSSL version.
-unsigned int WebCryptoHmacAlgorithmToBlockSizeBits(
-    const blink::WebCryptoAlgorithm& algorithm) {
-  DCHECK_EQ(algorithm.id(), blink::WebCryptoAlgorithmIdHmac);
-  const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams();
-  DCHECK(params);
-  switch (params->hash().id()) {
-    case blink::WebCryptoAlgorithmIdSha1:
-      return 512;
-    case blink::WebCryptoAlgorithmIdSha256:
-      return 512;
-    default:
-      return 0;
-  }
-}
-
 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros,
 // to unsigned long.
 bool BigIntegerToLong(const uint8* data,
@@ -281,7 +256,7 @@ bool ImportKeyInternalRaw(
         return false;
       }
 
-      mechanism = WebCryptoAlgorithmToHMACMechanism(params->hash());
+      mechanism = WebCryptoHashToHMACMechanism(params->hash());
       if (mechanism == CKM_INVALID_MECHANISM) {
         return false;
       }
@@ -681,7 +656,7 @@ bool WebCryptoImpl::GenerateKeyInternal(
       if (params->hasLengthBytes()) {
         keylen_bytes = params->optionalLengthBytes();
       } else {
-        keylen_bytes = WebCryptoHmacAlgorithmToBlockSizeBits(algorithm) / 8;
+        keylen_bytes = webcrypto::ShaBlockSizeBytes(params->hash().id());
       }
 
       key_type = blink::WebCryptoKeyTypeSecret;
@@ -876,7 +851,7 @@ bool WebCryptoImpl::SignInternal(
       SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle());
 
       DCHECK_EQ(PK11_GetMechanism(sym_key->key()),
-                WebCryptoAlgorithmToHMACMechanism(params->hash()));
+                WebCryptoHashToHMACMechanism(params->hash()));
       DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign);
 
       SECItem param_item = { siBuffer, NULL, 0 };