[webcrypto] Implement structured clone of keys (blink-side).

public/platform/WebCrypto.h

Index: public/platform/WebCrypto.h
diff --git a/public/platform/WebCrypto.h b/public/platform/WebCrypto.h
index 7b56f4ef7bfd391eb1f6af186fb6449b04f3d94d..97953eb49d51d54224a22e98801c8b9ea838e7da 100644
--- a/public/platform/WebCrypto.h
+++ b/public/platform/WebCrypto.h
@@ -35,6 +35,7 @@
 #include "WebCryptoAlgorithm.h"
 #include "WebCryptoKey.h"
 #include "WebPrivatePtr.h"
+#include "WebVector.h"
 
 // FIXME: Remove this once chromium side is updated.
 #define WEBCRYPTO_HMAC_BITS 1
@@ -189,6 +190,68 @@ public:
     // and is not part of the WebCrypto standard.
     virtual bool digestSynchronous(const WebCryptoAlgorithmId algorithmId, const unsigned char* data, unsigned dataSize, WebArrayBuffer& result) { return false; }
 
+    // -----------------------
+    // Structured clone
+    // -----------------------
+    //
+    // deserializeKeyForClone() and serializeKeyForClone() are used for
+    // implementing structured cloning of WebCryptoKey.
+    //
+    // Blink is responsible for saving and restoring all of the attributes of
+    // WebCryptoKey EXCEPT for the actual key data:
+    //
+    // In other words, blink takes care of serializing:

[Ryan Sleevi, 2014/03/12 22:54:35]

s/blink/Blink/

+    //   * Key usages
+    //   * Key extractability
+    //   * Key algorithm
+    //   * Key type (public, private, secret)
+    //
+    // The embedder is responsible for saving the key data itself.
+    //
+    // For instance, an implementation might implement
+    // serializing/deserializing of the key data by reusing
+    // exportKey()/importKey() with an appropriate key format (raw, spki,
+    // pkcs8)
+    //
+    // Visibility of the serialized key data:
+    //
+    // The serialized key data will NOT be visible to web pages. So if the
+    // serialized format were to include key bytes as plain text, this wouldn't
+    // make it available to web pages. However, the serialized key data is
+    // visible to anyone with access to the user account (for instance by
+    // serializing to indexed DB). An implementation that wants to hide the

[Ryan Sleevi, 2014/03/12 22:54:35]

s/indexed DB/IndexedDB/

+    // key data could encrypt it.

[Ryan Sleevi, 2014/03/12 22:54:35]

I'd delete the remainder, starting with "However, the"

+    //
+    // Longevity of the key data:
+    //
+    // The serialized key data is intended to be long lived (years) and MUST
+    // be using a stable format. For instance a key might be persisted to
+    // indexed db and should be able to be deserialized correctly in the
+    // future.

[Ryan Sleevi, 2014/03/12 22:54:35]

s/indexed db/IndexedDB/

+    //
+    // Error handling and asynchronous completion:
+    //
+    // Serialization/deserialization must complete synchronously, and will
+    // block the javascript thread.

[Ryan Sleevi, 2014/03/12 22:54:35]

s/javascript/JavaScript/

+    //
+    // The only reasons for failing serialization/deserialization should be:
+    //   * Key serialization not yet implemented
+    //   * The bytes to deserialize were corrupted
+
+    // Creates a new key given key data which was written using
+    // serializeKeyForClone(). Returns true on success.
+    virtual bool deserializeKeyForClone(const WebCryptoKeyAlgorithm&, WebCryptoKeyType, bool extractable, WebCryptoKeyUsageMask, const unsigned char* keyData, unsigned keyDataSize, WebCryptoKey&)
+    {
+        return false;
+    }
+
+    // Writes the key data into the given WebVector.
+    // Returns true on success.
+    virtual bool serializeKeyForClone(const WebCryptoKey&, WebVector<unsigned char>&)
+    {
+        return false;
+    }
+
 protected:
     virtual ~WebCrypto() { }
 };