Refactor to share more code between OpenSSL and NSS implementations.

content/renderer/webcrypto/platform_crypto.h

Index: content/renderer/webcrypto/platform_crypto.h
diff --git a/content/renderer/webcrypto/platform_crypto.h b/content/renderer/webcrypto/platform_crypto.h
new file mode 100644
index 0000000000000000000000000000000000000000..8f8cbf0f98ed01b5111cc42d09d5f2b302625199
--- /dev/null
+++ b/content/renderer/webcrypto/platform_crypto.h
@@ -0,0 +1,180 @@
+// Copyright (c) 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_
+#define CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_
+
+#include "base/basictypes.h"
+#include "base/compiler_specific.h"
+#include "third_party/WebKit/public/platform/WebArrayBuffer.h"
+#include "third_party/WebKit/public/platform/WebCrypto.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
+
+namespace content {
+
+enum EncryptOrDecrypt {

[eroman, 2014/02/13 23:05:39]

This is new to latest patchset..

+  ENCRYPT,
+  DECRYPT
+};
+
+namespace webcrypto {
+
+class CryptoData;
+class Status;
+
+// Functions in the webcrypto::platform namespace are intended to be those
+// which are OpenSSL/NSS specific.
+//
+// The general purpose code which applies to both OpenSSL and NSS
+// implementations of webcrypto should live in the outter webcrypto namespace,
+// and the crypto library specific bits in the "platform" namespace.
+namespace platform {
+
+class SymKey;
+class PublicKey;
+class PrivateKey;
+
+// Base key class for all platform keys, used to safely cast between types.
+class Key : public blink::WebCryptoKeyHandle {
+ public:
+  virtual SymKey* AsSymKey() = 0;
+  virtual PublicKey* AsPublicKey() = 0;
+  virtual PrivateKey* AsPrivateKey() = 0;
+};
+
+// Do any one-time initialization. Note that this can be called MULTIPLE times
+// (once per instantiation of WebCryptoImpl).
+void Init();
+
+

[Ryan Sleevi, 2014/02/14 00:24:18]

unnecessary new-line

[eroman, 2014/02/14 05:52:42]

Done.

+// Preconditions:
+//  * |key| is a non-null AES-CBC key.
+//  * |iv| is exactly 16 bytes long
+Status EncryptDecryptAesCbc(EncryptOrDecrypt mode,
+                            SymKey* key,
+                            const CryptoData& iv,
+                            const CryptoData& data,

[Ryan Sleevi, 2014/02/14 00:24:18]

Ordering: Compare with lines 65-66, where |iv| and |data| are passed in a
different order.

[eroman, 2014/02/14 05:52:42]

Done.

+                            blink::WebArrayBuffer* buffer);
+
+// Preconditions:
+//  * |key| is a non-null AES-GCM key.
+//  * |tag_length_bits| is in the range [0, 128].
+Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
+                            SymKey* key,
+                            const CryptoData& data,
+                            const CryptoData& iv,
+                            const CryptoData& additional_data,
+                            unsigned int tag_length_bits,
+                            blink::WebArrayBuffer* buffer);
+
+// Preconditions:
+//  * |key| is non-null.
+Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
+                             const CryptoData& data,
+                             blink::WebArrayBuffer* buffer);
+
+// Preconditions:
+//  * |key| is non-null.
+Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
+                             const CryptoData& data,
+                             blink::WebArrayBuffer* buffer);
+
+// Preconditions:
+//  * |key| is a non-null HMAC key.
+//  * |hash| is a digest algorithm.
+Status SignHmac(SymKey* key,
+                const blink::WebCryptoAlgorithm& hash,
+                const CryptoData& data,
+                blink::WebArrayBuffer* buffer);
+
+// Preconditions:
+//  * |algorithm| is a SHA function.
+Status DigestSha(blink::WebCryptoAlgorithmId algorithm,
+                 const CryptoData& data,
+                 blink::WebArrayBuffer* buffer);
+
+// Preconditions:
+//  * |key| is non-null.
+//  * |hash| is a digest algorithm.
+Status SignRsaSsaPkcs1v1_5(PrivateKey* key,
+                           const blink::WebCryptoAlgorithm& hash,
+                           const CryptoData& data,
+                           blink::WebArrayBuffer* buffer);
+
+// Preconditions:
+//  * |key| is non-null.
+//  * |hash| is a digest algorithm.
+Status VerifyRsaSsaPkcs1v1_5(PublicKey* key,
+                             const blink::WebCryptoAlgorithm& hash,
+                             const CryptoData& signature,
+                             const CryptoData& data,
+                             bool* signature_match);
+
+// |keylen_bytes| is the desired length of the key in bits.
+//
+// Preconditions:
+//  * algorithm.id() is for a symmetric key algorithm.
+//  * keylen_bytes is non-zero (TODO(eroman): revisit this).
+//  * If the algorithm is AES-CBC, the key length is either 128 bits, 192
+//    bits, 256 bits.

[Ryan Sleevi, 2014/02/14 00:24:18]

AES-GCM too, oui?

[eroman, 2014/02/14 05:52:42]

Done for all of the AES-*

+Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
+                         bool extractable,
+                         blink::WebCryptoKeyUsageMask usage_mask,
+                         unsigned keylen_bytes,
+                         blink::WebCryptoKey* key);
+
+// Preconditions:
+//  * algorithm.id() is for an RSA algorithm.
+//  * algorithm.rsaKeyGenParams() is non-null.
+Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
+                          bool extractable,
+                          blink::WebCryptoKeyUsageMask usage_mask,
+                          blink::WebCryptoKey* public_key,
+                          blink::WebCryptoKey* private_key);
+
+// Preconditions:
+//  * |key| is non-null.
+//  * |algorithm.id()| is for a symmetric key algorithm.
+Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,
+                    const CryptoData& key_data,
+                    bool extractable,
+                    blink::WebCryptoKeyUsageMask usage_mask,
+                    blink::WebCryptoKey* key);
+
+// Preconditions:
+//  * algorithm.id() is for an RSA algorithm.
+Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm,
+                          bool extractable,
+                          blink::WebCryptoKeyUsageMask usage_mask,
+                          const CryptoData& modulus_data,
+                          const CryptoData& exponent_data,
+                          blink::WebCryptoKey* key);
+
+Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm_or_null,
+                     const CryptoData& key_data,
+                     bool extractable,
+                     blink::WebCryptoKeyUsageMask usage_mask,
+                     blink::WebCryptoKey* key);
+
+Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm_or_null,
+                      const CryptoData& key_data,
+                      bool extractable,
+                      blink::WebCryptoKeyUsageMask usage_mask,
+                      blink::WebCryptoKey* key);
+
+// Preconditions:
+//  * |key| is non-null.
+Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer);
+
+// Preconditions:
+//  * |key| is non-null.
+Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer);
+
+}  // namespace platform
+
+}  // namespace webcrypto
+
+}  // namespace content
+
+#endif  // CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_