Refactor to share more code between OpenSSL and NSS implementations.

content/renderer/webcrypto/shared_crypto.h

Index: content/renderer/webcrypto/shared_crypto.h
diff --git a/content/renderer/webcrypto/shared_crypto.h b/content/renderer/webcrypto/shared_crypto.h
new file mode 100644
index 0000000000000000000000000000000000000000..cb7d5dcf05c07bf5582539694bdf7d9d493a9f3b
--- /dev/null
+++ b/content/renderer/webcrypto/shared_crypto.h
@@ -0,0 +1,107 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_RENDERER_WEBCRYPTO_SHARED_CRYPTO_H_
+#define CONTENT_RENDERER_WEBCRYPTO_SHARED_CRYPTO_H_
+
+#include "base/basictypes.h"
+#include "base/compiler_specific.h"
+#include "content/common/content_export.h"
+#include "third_party/WebKit/public/platform/WebArrayBuffer.h"
+#include "third_party/WebKit/public/platform/WebCrypto.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
+
+namespace content {
+
+namespace webcrypto {
+
+class CryptoData;
+
+class Status;
+
+// Do one-time initialization. It is safe to call this multiple times.
+CONTENT_EXPORT void Init();

[Ryan Sleevi, 2014/02/13 04:24:24]

FTR, I still really dislike this. This is inconsistent with all of our other
patterns of using crypto in Chromium (where it's the impl. responsibility to do
the Ensure* Init)

[eroman, 2014/02/13 23:05:38]

I'll explore this as a followup.

My concern is it is tricky to test correctness when lazy initialization is done
within each of the platform:: functions. An earlier test may do the
initialization and hence the unittests of new functionality passes.

However then in the field it calls things in a different order, and ends up
crashing inside of NSS because things weren't initialized. Being able to
guarantee that initialization is done at a consistent time helps with future
proofing and also means less calls to ensure initialized...

+
+// PlatformCrypto is a wrapper around either NSS or OpenSSL for doing
+// synchronous crypto operations.
+//
+// The common code in platform_crypto.cc does various input validations and
+// extracts the relevant information from the blink data types. It then calls
+// one of the "Platform*()" methods for the platform specific implementation.

[Ryan Sleevi, 2014/02/13 04:24:24]

You should document what PlatformCrypto is within PlatformCrypto. Then document
how this implementation overlays on it.

[eroman, 2014/02/13 23:05:38]

I revamped this documentation by adding an ASCII art diagram.

+//
+// These functions do the work which is common to both NSS and OpenSSL
+// implementations. This involves:
+//
+//  * Validating the key usages
+//  * Validating key exportability
+//  * Validating algorithm with key.algorithm
+//  * Converting the blink key to a more specific platform::{PublicKey,
+//    PrivateKey, SymKey} and making sure it was the right type.
+//  * Validating alogorithm specific parameters (for instance, was the iv for
+//    AES-CBC 16 bytes).
+//  * Parse a JWK
+
+CONTENT_EXPORT Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
+                              const blink::WebCryptoKey& key,
+                              const CryptoData& data,
+                              blink::WebArrayBuffer* buffer);
+
+CONTENT_EXPORT Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
+                              const blink::WebCryptoKey& key,
+                              const CryptoData& data,
+                              blink::WebArrayBuffer* buffer);
+
+CONTENT_EXPORT Status Digest(const blink::WebCryptoAlgorithm& algorithm,
+                             const CryptoData& data,
+                             blink::WebArrayBuffer* buffer);
+
+CONTENT_EXPORT Status
+    GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
+                      bool extractable,
+                      blink::WebCryptoKeyUsageMask usage_mask,
+                      blink::WebCryptoKey* key);
+
+CONTENT_EXPORT Status
+    GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm,
+                    bool extractable,
+                    blink::WebCryptoKeyUsageMask usage_mask,
+                    blink::WebCryptoKey* public_key,
+                    blink::WebCryptoKey* private_key);
+
+CONTENT_EXPORT Status
+    ImportKey(blink::WebCryptoKeyFormat format,
+              const CryptoData& key_data,
+              const blink::WebCryptoAlgorithm& algorithm_or_null,
+              bool extractable,
+              blink::WebCryptoKeyUsageMask usage_mask,
+              blink::WebCryptoKey* key);
+
+CONTENT_EXPORT Status ExportKey(blink::WebCryptoKeyFormat format,
+                                const blink::WebCryptoKey& key,
+                                blink::WebArrayBuffer* buffer);
+
+CONTENT_EXPORT Status Sign(const blink::WebCryptoAlgorithm& algorithm,
+                           const blink::WebCryptoKey& key,
+                           const CryptoData& data,
+                           blink::WebArrayBuffer* buffer);
+
+CONTENT_EXPORT Status
+    VerifySignature(const blink::WebCryptoAlgorithm& algorithm,
+                    const blink::WebCryptoKey& key,
+                    const CryptoData& signature,
+                    const CryptoData& data,
+                    bool* signature_match);
+
+CONTENT_EXPORT Status
+    ImportKeyJwk(const CryptoData& key_data,
+                 const blink::WebCryptoAlgorithm& algorithm_or_null,
+                 bool extractable,
+                 blink::WebCryptoKeyUsageMask usage_mask,
+                 blink::WebCryptoKey* key);
+
+}  // namespace webcrypto
+
+}  // namespace content
+
+#endif  // CONTENT_RENDERER_WEBCRYPTO_SHARED_CRYPTO_H_