Refactor to share more code between OpenSSL and NSS implementations.

content/renderer/webcrypto/jwk.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "content/renderer/webcrypto/webcrypto_impl.h"
-
 #include <algorithm>
 #include <functional>
 #include <map>
 #include "base/json/json_reader.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "base/values.h"
+#include "content/renderer/webcrypto/crypto_data.h"
+#include "content/renderer/webcrypto/platform_crypto.h"
+#include "content/renderer/webcrypto/shared_crypto.h"
 #include "content/renderer/webcrypto/webcrypto_util.h"
-#include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
-#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
-#include "third_party/WebKit/public/platform/WebCryptoKey.h"
-#include "third_party/WebKit/public/platform/WebString.h"
 
 namespace content {
 
-using webcrypto::Status;
+namespace webcrypto {
 
 namespace {
 
-void CompleteWithError(const Status& status, blink::WebCryptoResult* result) {
-  DCHECK(status.IsError());
-  if (status.HasErrorDetails())
-    result->completeWithError(blink::WebString::fromUTF8(status.ToString()));
-  else
-    result->completeWithError();
-}
-
-bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) {
-  // TODO(padolph): include all other asymmetric algorithms once they are
-  // defined, e.g. EC and DH.
-  return (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
-          algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
-          algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep);
-}
-
 typedef blink::WebCryptoAlgorithm (*AlgorithmCreationFunc)();
 
 class JwkAlgorithmInfo {
  public:
   JwkAlgorithmInfo()
       : creation_func_(NULL),
         required_key_length_bytes_(NO_KEY_SIZE_REQUIREMENT) {
 
   }
 
@@ skipping 33 matching lines @@
 typedef std::map<std::string, JwkAlgorithmInfo> JwkAlgorithmInfoMap;
 
 class JwkAlgorithmRegistry {
  public:
   JwkAlgorithmRegistry() {
     // TODO(eroman):
     // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-20
     // says HMAC with SHA-2 should have a key size at least as large as the
     // hash output.
     alg_to_info_["HS256"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateHmacAlgorithmByHashId,
+        &BindAlgorithmId<CreateHmacAlgorithmByHashId,
                         blink::WebCryptoAlgorithmIdSha256>);
     alg_to_info_["HS384"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateHmacAlgorithmByHashId,
+        &BindAlgorithmId<CreateHmacAlgorithmByHashId,
                         blink::WebCryptoAlgorithmIdSha384>);
     alg_to_info_["HS512"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateHmacAlgorithmByHashId,
+        &BindAlgorithmId<CreateHmacAlgorithmByHashId,
                          blink::WebCryptoAlgorithmIdSha512>);
     alg_to_info_["RS256"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateRsaSsaAlgorithm,
+        &BindAlgorithmId<CreateRsaSsaAlgorithm,
                          blink::WebCryptoAlgorithmIdSha256>);
     alg_to_info_["RS384"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateRsaSsaAlgorithm,
+        &BindAlgorithmId<CreateRsaSsaAlgorithm,
                          blink::WebCryptoAlgorithmIdSha384>);
     alg_to_info_["RS512"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateRsaSsaAlgorithm,
+        &BindAlgorithmId<CreateRsaSsaAlgorithm,
                          blink::WebCryptoAlgorithmIdSha512>);
     alg_to_info_["RSA1_5"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateAlgorithm,
+        &BindAlgorithmId<CreateAlgorithm,
                          blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>);
     alg_to_info_["RSA-OAEP"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateRsaOaepAlgorithm,
+        &BindAlgorithmId<CreateRsaOaepAlgorithm,
                          blink::WebCryptoAlgorithmIdSha1>);
     // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 128 yet
     alg_to_info_["A128KW"] =
         JwkAlgorithmInfo(&blink::WebCryptoAlgorithm::createNull, 128);
     // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 256 yet
     alg_to_info_["A256KW"] =
         JwkAlgorithmInfo(&blink::WebCryptoAlgorithm::createNull, 256);
     alg_to_info_["A128GCM"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateAlgorithm,
+        &BindAlgorithmId<CreateAlgorithm,
                          blink::WebCryptoAlgorithmIdAesGcm>, 128);
     alg_to_info_["A256GCM"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateAlgorithm,
+        &BindAlgorithmId<CreateAlgorithm,
                          blink::WebCryptoAlgorithmIdAesGcm>, 256);
     alg_to_info_["A128CBC"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateAlgorithm,
+        &BindAlgorithmId<CreateAlgorithm,
                          blink::WebCryptoAlgorithmIdAesCbc>, 128);
     alg_to_info_["A192CBC"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateAlgorithm,
+        &BindAlgorithmId<CreateAlgorithm,
                          blink::WebCryptoAlgorithmIdAesCbc>, 192);
     alg_to_info_["A256CBC"] = JwkAlgorithmInfo(
-        &BindAlgorithmId<webcrypto::CreateAlgorithm,
+        &BindAlgorithmId<CreateAlgorithm,
                          blink::WebCryptoAlgorithmIdAesCbc>, 256);
   }
 
   // Returns NULL if the algorithm name was not registered.
   const JwkAlgorithmInfo* GetAlgorithmInfo(const std::string& jwk_alg) const {
     const JwkAlgorithmInfoMap::const_iterator pos = alg_to_info_.find(jwk_alg);
     if (pos == alg_to_info_.end())
       return NULL;
     return &pos->second;
   }
@@ skipping 18 matching lines @@
                                    const blink::WebCryptoAlgorithm& alg2) {
   DCHECK(!alg1.isNull());
   DCHECK(!alg2.isNull());
   if (alg1.id() != alg2.id())
     return false;
   switch (alg1.id()) {
     case blink::WebCryptoAlgorithmIdHmac:
     case blink::WebCryptoAlgorithmIdRsaOaep:
     case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
       if (WebCryptoAlgorithmsConsistent(
-              webcrypto::GetInnerHashAlgorithm(alg1),
-              webcrypto::GetInnerHashAlgorithm(alg2))) {
+              GetInnerHashAlgorithm(alg1),
+              GetInnerHashAlgorithm(alg2))) {
         return true;
       }
       break;
     case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
     case blink::WebCryptoAlgorithmIdSha1:
     case blink::WebCryptoAlgorithmIdSha224:
     case blink::WebCryptoAlgorithmIdSha256:
     case blink::WebCryptoAlgorithmIdSha384:
     case blink::WebCryptoAlgorithmIdSha512:
     case blink::WebCryptoAlgorithmIdAesCbc:
@@ skipping 45 matching lines @@
 // the base64-decoded bytes to |*result|. If the property does not exist or is
 // not a string, or could not be base64-decoded, returns an error.
 Status GetJwkBytes(base::DictionaryValue* dict,
                    const std::string& path,
                    std::string* result) {
   std::string base64_string;
   Status status = GetJwkString(dict, path, &base64_string);
   if (status.IsError())
     return status;
 
-  if (!webcrypto::Base64DecodeUrlSafe(base64_string, result))
+  if (!Base64DecodeUrlSafe(base64_string, result))
     return Status::ErrorJwkBase64Decode(path);
 
   return Status::Success();
 }
 
 // Extracts the optional boolean property with key |path| from |dict| and saves
 // the result to |*result| if it was found. If the property exists and is not a
 // boolean, returns an error. Otherwise returns success, and sets
 // |*property_exists| if it was found.
 Status GetOptionalJwkBool(base::DictionaryValue* dict,
                           const std::string& path,
                           bool* result,
                           bool* property_exists) {
   *property_exists = false;
   base::Value* value = NULL;
   if (!dict->Get(path, &value))
     return Status::Success();
 
   if (!value->GetAsBoolean(result))
     return Status::ErrorJwkPropertyWrongType(path, "boolean");
 
   *property_exists = true;
   return Status::Success();
 }
 
 }  // namespace
 
-WebCryptoImpl::WebCryptoImpl() {
-  Init();
-}
-
-void WebCryptoImpl::encrypt(
-    const blink::WebCryptoAlgorithm& algorithm,
-    const blink::WebCryptoKey& key,
-    const unsigned char* data,
-    unsigned int data_size,
-    blink::WebCryptoResult result) {
-  DCHECK(!algorithm.isNull());
-  blink::WebArrayBuffer buffer;
-  Status status = EncryptInternal(algorithm, key, data, data_size, &buffer);
-  if (status.IsError())
-    CompleteWithError(status, &result);
-  else
-    result.completeWithBuffer(buffer);
-}
-
-void WebCryptoImpl::decrypt(
-    const blink::WebCryptoAlgorithm& algorithm,
-    const blink::WebCryptoKey& key,
-    const unsigned char* data,
-    unsigned int data_size,
-    blink::WebCryptoResult result) {
-  DCHECK(!algorithm.isNull());
-  blink::WebArrayBuffer buffer;
-  Status status = DecryptInternal(algorithm, key, data, data_size, &buffer);
-  if (status.IsError())
-    CompleteWithError(status, &result);
-  else
-    result.completeWithBuffer(buffer);
-}
-
-void WebCryptoImpl::digest(
-    const blink::WebCryptoAlgorithm& algorithm,
-    const unsigned char* data,
-    unsigned int data_size,
-    blink::WebCryptoResult result) {
-  DCHECK(!algorithm.isNull());
-  blink::WebArrayBuffer buffer;
-  Status status = DigestInternal(algorithm, data, data_size, &buffer);
-  if (status.IsError())
-    CompleteWithError(status, &result);
-  else
-    result.completeWithBuffer(buffer);
-}
-
-void WebCryptoImpl::generateKey(
-    const blink::WebCryptoAlgorithm& algorithm,
-    bool extractable,
-    blink::WebCryptoKeyUsageMask usage_mask,
-    blink::WebCryptoResult result) {
-  DCHECK(!algorithm.isNull());
-  if (IsAlgorithmAsymmetric(algorithm)) {
-    blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
-    blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
-    Status status = GenerateKeyPairInternal(
-        algorithm, extractable, usage_mask, &public_key, &private_key);
-    if (status.IsError()) {
-      CompleteWithError(status, &result);
-    } else {
-      DCHECK(public_key.handle());
-      DCHECK(private_key.handle());
-      DCHECK_EQ(algorithm.id(), public_key.algorithm().id());
-      DCHECK_EQ(algorithm.id(), private_key.algorithm().id());
-      DCHECK_EQ(true, public_key.extractable());
-      DCHECK_EQ(extractable, private_key.extractable());
-      DCHECK_EQ(usage_mask, public_key.usages());
-      DCHECK_EQ(usage_mask, private_key.usages());
-      result.completeWithKeyPair(public_key, private_key);
-    }
-  } else {
-    blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-    Status status = GenerateSecretKeyInternal(
-        algorithm, extractable, usage_mask, &key);
-    if (status.IsError()) {
-      CompleteWithError(status, &result);
-    } else {
-      DCHECK(key.handle());
-      DCHECK_EQ(algorithm.id(), key.algorithm().id());
-      DCHECK_EQ(extractable, key.extractable());
-      DCHECK_EQ(usage_mask, key.usages());
-      result.completeWithKey(key);
-    }
-  }
-}
-
-void WebCryptoImpl::importKey(
-    blink::WebCryptoKeyFormat format,
-    const unsigned char* key_data,
-    unsigned int key_data_size,
+Status ImportKeyJwk(
+    const CryptoData& key_data,
     const blink::WebCryptoAlgorithm& algorithm_or_null,
     bool extractable,
     blink::WebCryptoKeyUsageMask usage_mask,
-    blink::WebCryptoResult result) {
-  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-  Status status = Status::Error();
-  if (format == blink::WebCryptoKeyFormatJwk) {
-    status = ImportKeyJwk(key_data,
-                          key_data_size,
-                          algorithm_or_null,
-                          extractable,
-                          usage_mask,
-                          &key);
-  } else {
-    status = ImportKeyInternal(format,
-                               key_data,
-                               key_data_size,
-                               algorithm_or_null,
-                               extractable,
-                               usage_mask,
-                               &key);
-  }
-  if (status.IsError()) {
-    CompleteWithError(status, &result);
-  } else {
-    DCHECK(key.handle());
-    DCHECK(!key.algorithm().isNull());
-    DCHECK_EQ(extractable, key.extractable());
-    result.completeWithKey(key);
-  }
-}
-
-void WebCryptoImpl::exportKey(
-    blink::WebCryptoKeyFormat format,
-    const blink::WebCryptoKey& key,
-    blink::WebCryptoResult result) {
-  blink::WebArrayBuffer buffer;
-  Status status = ExportKeyInternal(format, key, &buffer);
-  if (status.IsError())
-    CompleteWithError(status, &result);
-  else
-    result.completeWithBuffer(buffer);
-}
-
-void WebCryptoImpl::sign(
-    const blink::WebCryptoAlgorithm& algorithm,
-    const blink::WebCryptoKey& key,
-    const unsigned char* data,
-    unsigned int data_size,
-    blink::WebCryptoResult result) {
-  DCHECK(!algorithm.isNull());
-  blink::WebArrayBuffer buffer;
-  Status status = SignInternal(algorithm, key, data, data_size, &buffer);
-  if (status.IsError())
-    CompleteWithError(status, &result);
-  else
-    result.completeWithBuffer(buffer);
-}
-
-void WebCryptoImpl::verifySignature(
-    const blink::WebCryptoAlgorithm& algorithm,
-    const blink::WebCryptoKey& key,
-    const unsigned char* signature,
-    unsigned int signature_size,
-    const unsigned char* data,
-    unsigned int data_size,
-    blink::WebCryptoResult result) {
-  DCHECK(!algorithm.isNull());
-  bool signature_match = false;
-  Status status = VerifySignatureInternal(algorithm,
-                                          key,
-                                          signature,
-                                          signature_size,
-                                          data,
-                                          data_size,
-                                          &signature_match);
-  if (status.IsError())
-    CompleteWithError(status, &result);
-  else
-    result.completeWithBoolean(signature_match);
-}
-
-Status WebCryptoImpl::ImportKeyJwk(
-    const unsigned char* key_data,
-    unsigned int key_data_size,
-    const blink::WebCryptoAlgorithm& algorithm_or_null,
-    bool extractable,
-    blink::WebCryptoKeyUsageMask usage_mask,
     blink::WebCryptoKey* key) {
 
   // The goal of this method is to extract key material and meta data from the
   // incoming JWK, combine them with the input parameters, and ultimately import
   // a Web Crypto Key.
   //
   // JSON Web Key Format (JWK)
   // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-16
   // TODO(padolph): Not all possible values are handled by this code right now
   //
@@ skipping 117 matching lines @@
   //   Web Crypto Key non-extractable. Conversely, if the JWK extractable is
   //   false but the input parameter is true, it is an inconsistency. If both
   //   are true or both are false, use that value.
   //
   // usage_mask
   //   The input usage_mask must be a strict subset of the interpreted JWK use
   //   value, else it is judged inconsistent. In all cases the input usage_mask
   //   is used as the final usage_mask.
   //
 
-  if (!key_data_size)
+  if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
   DCHECK(key);
 
   // Parse the incoming JWK JSON.
-  base::StringPiece json_string(reinterpret_cast<const char*>(key_data),
-                                key_data_size);
+  base::StringPiece json_string(reinterpret_cast<const char*>(key_data.bytes()),
+                                key_data.byte_length());
   scoped_ptr<base::Value> value(base::JSONReader::Read(json_string));
   // Note, bare pointer dict_value is ok since it points into scoped value.
   base::DictionaryValue* dict_value = NULL;
   if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value)
     return Status::ErrorJwkNotDictionary();
 
   // JWK "kty". Exit early if this required JWK parameter is missing.
   std::string jwk_kty_value;
   Status status = GetJwkString(dict_value, "kty", &jwk_kty_value);
   if (status.IsError())
@@ skipping 101 matching lines @@
     // string. For example "A128CBC" implies the JWK carries 128 bits
     // of key material. For such keys validate that enough bytes were provided.
     // If this validation is not done, then it would be possible to select a
     // different algorithm by passing a different lengthed key, since that is
     // how WebCrypto interprets things.
     if (algorithm_info &&
         algorithm_info->IsInvalidKeyByteLength(jwk_k_value.size())) {
       return Status::ErrorJwkIncorrectKeyLength();
     }
 
-    return ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
-                             reinterpret_cast<const uint8*>(jwk_k_value.data()),
-                             jwk_k_value.size(),
-                             algorithm,
-                             extractable,
-                             usage_mask,
-                             key);
+    return ImportKey(blink::WebCryptoKeyFormatRaw,
+                     jwk_k_value,
+                     algorithm,
+                     extractable,
+                     usage_mask,
+                     key);
   } else if (jwk_kty_value == "RSA") {
 
     // An RSA public key must have an "n" (modulus) and an "e" (exponent) entry
     // in the JWK, while an RSA private key must have those, plus at least a "d"
     // (private exponent) entry.
     // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18,
     // section 6.3.
 
     // RSA private key import is not currently supported, so fail here if a "d"
     // entry is found.
     // TODO(padolph): Support RSA private key import.
     if (dict_value->HasKey("d"))
       return Status::ErrorJwkRsaPrivateKeyUnsupported();
 
     std::string jwk_n_value;
     status = GetJwkBytes(dict_value, "n", &jwk_n_value);
     if (status.IsError())
       return status;
     std::string jwk_e_value;
     status = GetJwkBytes(dict_value, "e", &jwk_e_value);
     if (status.IsError())
       return status;
 
-    return ImportRsaPublicKeyInternal(
-        reinterpret_cast<const uint8*>(jwk_n_value.data()),
-        jwk_n_value.size(),
-        reinterpret_cast<const uint8*>(jwk_e_value.data()),
-        jwk_e_value.size(),
-        algorithm,
-        extractable,
-        usage_mask,
-        key);
+    return platform::ImportRsaPublicKey(jwk_n_value,
+                                       jwk_e_value,
+                                       algorithm,
+                                       extractable,
+                                       usage_mask,
+                                       key);

[Ryan Sleevi, 2014/02/07 21:26:40]

alignment

[eroman, 2014/02/08 02:23:51]

Done.

 
   } else {
     return Status::ErrorJwkUnrecognizedKty();
   }
 
   return Status::Success();
 }
 
+}  // namespace webcrypto
+
 }  // namespace content
+
+

[Ryan Sleevi, 2014/02/07 21:26:40]

unnecessary newline?

[eroman, 2014/02/08 02:23:51]

Ick git cl format added these.