Add a WebCrypto API for getting digests by chunk.

public/platform/WebCrypto.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 16 matching lines @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #ifndef WebCrypto_h
 #define WebCrypto_h
 
 #include "WebCommon.h"
 #include "WebCryptoAlgorithm.h"
 #include "WebCryptoKey.h"
+#include "WebPrivateOwnPtr.h"
 #include "WebPrivatePtr.h"
 
 // FIXME: Remove this once chromium side is updated.
 #define WEBCRYPTO_HMAC_BITS 1
 
 namespace WebCore { class CryptoResult; }
 
 #if INSIDE_BLINK
 namespace WTF { template <typename T> class PassRefPtr; }
 #endif
@@ skipping 43 matching lines @@
     BLINK_PLATFORM_EXPORT explicit WebCryptoResult(const WTF::PassRefPtr<WebCore::CryptoResult>&);
 #endif
 
 private:
     BLINK_PLATFORM_EXPORT void reset();
     BLINK_PLATFORM_EXPORT void assign(const WebCryptoResult&);
 
     WebPrivatePtr<WebCore::CryptoResult> m_impl;
 };
 
+class WebCryptoDigestor {
+public:
+    WebCryptoDigestor(blink::WebCryptoAlgorithmId algorithmId) { }

[eroman, 2014/03/19 19:06:21]

Remove this constructor

[jww, 2014/03/20 23:02:50]

This is actually the constructor that the implementation wants to use; why
should we remove it?

More specifically, I want to make the default constructor private because any
implementation needs to specific a WebCryptoAlgorithmId at creation time to
function. Thus we need some other constructor to be specified in the superclass
so the subclass can be created.

[eroman, 2014/03/20 23:14:02]

This is just an interface class, there doesn't need to be any public
constructor.
Just add a dummy protected constructor.

Only the Chromium side will be allocating WebCryptoDigestor, in response to the
digestorSynchronous() call.

There shouldn't be an algorithId parameter in this base class constructor, since
it does nothing with it. In fact the Chromium side might just allocate a
different class for the various digest algorithms, and have a fixed size array
for the output.

+    virtual ~WebCryptoDigestor() { }
+
+    virtual bool consume(const unsigned char* data, unsigned dataSize) { return false; }

[eroman, 2014/03/19 19:06:21]

I think it is worth describing what the return value is. For instance, is it
expected that consume() can be called again after it returns false?

[jww, 2014/03/20 23:02:50]

Done.

+    virtual bool finish(WebArrayBuffer& result) { return false; }

[eroman, 2014/03/19 19:06:21]

I actually think that rather than filling a WebArrayBuffer, it would be
advantageous to have this:

  // The data is valid until the WebCryptoDigestor is destroyed.
  // consume should not be called after calling finish.
  virtual bool finish(unsigned char*& resultData, unsigned int& resultDataSize);


This way the implementation can stack-allocate the digest result (the digest
output size is known once the operation is started), and saves copying around,
and the inconvenience of having to return a WebArrayBuffer type.

In the modules/crypto wrapper (which will adopt the raw pointer), it can provide
helpers to return the result into a WTF::Vector or whatever too.

[jww, 2014/03/20 23:02:50]

In my new version, I've implemented it pretty much as you suggest. I think it's
a bit ugly on the the platform_crypto_[nss/openssl] side, but let me know.

+
+private:
+    WebCryptoDigestor() { }
+};
+
 class WebCrypto {
 public:
     // WebCrypto is the interface for starting one-shot cryptographic
     // operations.
     //
     // -----------------------
     // Completing the request
     // -----------------------
     //
     // Implementations signal completion by calling one of the methods on
@@ skipping 65 matching lines @@
     virtual void verifySignature(const WebCryptoAlgorithm&, const WebCryptoKey&, const unsigned char* signature, unsigned signatureSize, const unsigned char* data, unsigned dataSize, WebCryptoResult result) { result.completeWithError(); }
     virtual void digest(const WebCryptoAlgorithm&, const unsigned char* data, unsigned dataSize, WebCryptoResult result) { result.completeWithError(); }
     virtual void generateKey(const WebCryptoAlgorithm&, bool extractable, WebCryptoKeyUsageMask, WebCryptoResult result) { result.completeWithError(); }
     // It is possible for the WebCryptoAlgorithm to be "isNull()"
     virtual void importKey(WebCryptoKeyFormat, const unsigned char* keyData, unsigned keyDataSize, const WebCryptoAlgorithm&, bool extractable, WebCryptoKeyUsageMask, WebCryptoResult result) { result.completeWithError(); }
     virtual void exportKey(WebCryptoKeyFormat, const WebCryptoKey&, WebCryptoResult result) { result.completeWithError(); }
     virtual void wrapKey(WebCryptoKeyFormat, const WebCryptoKey& key, const WebCryptoKey& wrappingKey, const WebCryptoAlgorithm&, WebCryptoResult result) { result.completeWithError(); }
     // It is possible that unwrappedKeyAlgorithm.isNull()
     virtual void unwrapKey(WebCryptoKeyFormat, const unsigned char* wrappedKey, unsigned wrappedKeySize, const WebCryptoKey&, const WebCryptoAlgorithm& unwrapAlgorithm, const WebCryptoAlgorithm& unwrappedKeyAlgorithm, bool extractable, WebCryptoKeyUsageMask, WebCryptoResult result) { result.completeWithError(); }
 
-    // This is the one exception to the "Completing the request" guarantees
+    // These are the exceptions to the "Completing the request" guarantees
     // outlined above. digestSynchronous must provide the result into result
     // synchronously. It must return |true| on successful calculation of the
     // digest and |false| otherwise. This is useful for Blink internal crypto
-    // and is not part of the WebCrypto standard.
+    // and is not part of the WebCrypto standard. digestorSynchronous returns a
+    // WebCryptoDigestor object that consumes chunks synchronously and returns
+    // a result synchronously.
     virtual bool digestSynchronous(const WebCryptoAlgorithmId algorithmId, const unsigned char* data, unsigned dataSize, WebArrayBuffer& result) { return false; }

[eroman, 2014/03/19 19:06:21]

Is this version already in use, or can it be deleted?

[jww, 2014/03/20 23:02:50]

This is in use. Of course, it's not that hard to rewrite the other call sites to
use the Digestor version, so I'll go ahead and do that if you prefer; let me
know either way.

+    virtual WebCryptoDigestor* digestorSynchronous(const WebCryptoAlgorithmId algorithmId) { return 0; }

[eroman, 2014/03/19 19:06:21]

I would say drop the const.

[jww, 2014/03/20 23:02:50]

Done.

 
 protected:
     virtual ~WebCrypto() { }
 };
 
 } // namespace blink
 
 #endif