[webcrypto] Add JWK symmetric key AES-KW unwrap for NSS.

content/child/webcrypto/platform_crypto.h

Index: content/child/webcrypto/platform_crypto.h
diff --git a/content/child/webcrypto/platform_crypto.h b/content/child/webcrypto/platform_crypto.h
index 340c258ee8dc9328ffec683ff0509c5d4897511d..4b9a853f957a30b0d68403b93a6e1e821e2fe4eb 100644
--- a/content/child/webcrypto/platform_crypto.h
+++ b/content/child/webcrypto/platform_crypto.h
@@ -183,6 +183,10 @@ Status WrapSymKeyAesKw(SymKey* wrapping_key,
                        SymKey* key,
                        blink::WebArrayBuffer* buffer);
 
+// Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in
+// a WebCryptoKey. Raw key data remains inside NSS. This function should be used
+// when the input |wrapped_key_data| is known to result in symmetric raw key
+// data after AES-KW decryption.
 // Preconditions:
 //  * |wrapping_key| is non-null
 //  * |key| is non-null
@@ -195,6 +199,18 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
                          blink::WebCryptoKeyUsageMask usage_mask,
                          blink::WebCryptoKey* key);
 
+// Performs AES-KW decryption on the input |data|, of which no assumptions are

[eroman, 2014/03/17 19:47:47]

Not sure what "of which no assumptions are made" means, since we assume that it
is "at least 24 bytes and a multiple of 8 bytes".

[padolph, 2014/03/17 22:12:49]

Done.

+// made, and returns the result to the caller. This function should be used when
+// the input |data| does not directly represent a key and should instead be
+// interpreted as generic bytes.
+// Preconditions:
+//  * |key| is non-null
+//  * |data| is at least 24 bytes and a multiple of 8 bytes
+//  * |buffer| is non-null.
+Status DecryptAesKw(SymKey* key,
+                    const CryptoData& data,
+                    blink::WebArrayBuffer* buffer);
+
 // Preconditions:
 //  * |wrapping_key| is non-null
 //  * |key| is non-null