[webcrypto] Remove support for null import algorithms.

content/child/webcrypto/jwk.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <algorithm>
 #include <functional>
 #include <map>
 #include "base/json/json_reader.h"
 #include "base/lazy_instance.h"
 #include "base/logging.h"
@@ skipping 219 matching lines @@
   if (!value->GetAsBoolean(result))
     return Status::ErrorJwkPropertyWrongType(path, "boolean");
 
   *property_exists = true;
   return Status::Success();
 }
 
 }  // namespace
 
 Status ImportKeyJwk(const CryptoData& key_data,
-                    const blink::WebCryptoAlgorithm& algorithm_or_null,
+                    const blink::WebCryptoAlgorithm& algorithm,
                     bool extractable,
                     blink::WebCryptoKeyUsageMask usage_mask,
                     blink::WebCryptoKey* key) {
 
   // The goal of this method is to extract key material and meta data from the
   // incoming JWK, combine them with the input parameters, and ultimately import
   // a Web Crypto Key.
   //
   // JSON Web Key Format (JWK)
   // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-16
@@ skipping 93 matching lines @@
   //   | "n"   | Contains the modulus value for the RSA public key.  It is    |
   //   |       | represented as the base64url encoding of the value's         |
   //   |       | unsigned big endian representation as an octet sequence.     |
   //   +-------+--------------------------------------------------------------+
   //   | "e"   | Contains the exponent value for the RSA public key.  It is   |
   //   |       | represented as the base64url encoding of the value's         |
   //   |       | unsigned big endian representation as an octet sequence.     |
   //   +-------+--------------------------------------------------------------+
   //
   // Consistency and conflict resolution
-  // The 'algorithm_or_null', 'extractable', and 'usage_mask' input parameters
+  // The 'algorithm', 'extractable', and 'usage_mask' input parameters
   // may be different than the corresponding values inside the JWK. The Web
   // Crypto spec says that if a JWK value is present but is inconsistent with
   // the input value, it is an error and the operation must fail. If no
-  // inconsistency is found, the input and JWK values are combined as follows:
+  // inconsistency is found then the input parameters are used.
   //
   // algorithm
-  //   If an algorithm is provided by both the input parameter and the JWK,
-  //   consistency between the two is based only on algorithm ID's (including an
-  //   inner hash algorithm if present). In this case if the consistency
-  //   check is passed, the input algorithm is used. If only one of either the
-  //   input algorithm and JWK alg is provided, it is used as the final
-  //   algorithm.
+  //   If the JWK algorithm is provided, it must match the web crypto input
+  //   algorithm (both the algorithm ID and inner hash if applicable).
   //
   // extractable
   //   If the JWK extractable is true but the input parameter is false, make the
   //   Web Crypto Key non-extractable. Conversely, if the JWK extractable is
   //   false but the input parameter is true, it is an inconsistency. If both
   //   are true or both are false, use that value.
   //
   // usage_mask
   //   The input usage_mask must be a strict subset of the interpreted JWK use
   //   value, else it is judged inconsistent. In all cases the input usage_mask
@@ skipping 26 matching lines @@
     status = GetOptionalJwkBool(dict_value,
                                 "extractable",
                                 &jwk_extractable_value,
                                 &has_jwk_extractable);
     if (status.IsError())
       return status;
     if (has_jwk_extractable && !jwk_extractable_value && extractable)
       return Status::ErrorJwkExtractableInconsistent();
   }
 
-  // JWK "alg" (optional) --> algorithm parameter
-  // Note: input algorithm is also optional, so we have six cases to handle.
-  // 1. JWK alg present but unrecognized: error
-  // 2. JWK alg valid AND input algorithm isNull: use JWK value
-  // 3. JWK alg valid AND input algorithm specified, but JWK value
-  //      inconsistent with input: error
-  // 4. JWK alg valid AND input algorithm specified, both consistent: use
-  //      input value (because it has potentially more details)
-  // 5. JWK alg missing AND input algorithm isNull: error
-  // 6. JWK alg missing AND input algorithm specified: use input value
-  blink::WebCryptoAlgorithm algorithm = blink::WebCryptoAlgorithm::createNull();
+  // JWK "alg" --> algorithm parameter

[Ryan Sleevi, 2014/03/14 21:31:50]

JWK "alg" remains optional

So you still have several cases to handle/document
1. JWK alg present but unrecognized: error
2. JWK alg valid and inconsistent with input algorithm: error
3. JWK alg valid and consistent with input algorithm: use input value
4. JWK alg is missing: use input value

[eroman, 2014/03/18 01:25:29]

Done.

   const JwkAlgorithmInfo* algorithm_info = NULL;
   std::string jwk_alg_value;
   bool has_jwk_alg;
   status =
       GetOptionalJwkString(dict_value, "alg", &jwk_alg_value, &has_jwk_alg);
   if (status.IsError())
     return status;
 
   if (has_jwk_alg) {
     // JWK alg present
 
     // TODO(padolph): Validate alg vs kty. For example kty="RSA" implies alg can
     // only be from the RSA family.
 
     blink::WebCryptoAlgorithm jwk_algorithm =
         blink::WebCryptoAlgorithm::createNull();
     algorithm_info = jwk_alg_registry.Get().GetAlgorithmInfo(jwk_alg_value);
     if (!algorithm_info ||
         !algorithm_info->CreateImportAlgorithm(&jwk_algorithm))
-      return Status::ErrorJwkUnrecognizedAlgorithm();  // case 1
+      return Status::ErrorJwkUnrecognizedAlgorithm();
 
-    // JWK alg valid
-    if (algorithm_or_null.isNull()) {
-      // input algorithm not specified
-      algorithm = jwk_algorithm;  // case 2
-    } else {
-      // input algorithm specified
-      if (!ImportAlgorithmsConsistent(jwk_algorithm, algorithm_or_null))
-        return Status::ErrorJwkAlgorithmInconsistent();  // case 3
-      algorithm = algorithm_or_null;                     // case 4
-    }
-  } else {
-    // JWK alg missing
-    if (algorithm_or_null.isNull())
-      return Status::ErrorJwkAlgorithmMissing();  // case 5
-    algorithm = algorithm_or_null;                // case 6
+    // input algorithm specified

[Ryan Sleevi, 2014/03/14 21:31:50]

unnecessary comment?

[eroman, 2014/03/18 01:25:29]

Done.

+    if (!ImportAlgorithmsConsistent(jwk_algorithm, algorithm))
+      return Status::ErrorJwkAlgorithmInconsistent();
   }
   DCHECK(!algorithm.isNull());
 
   // JWK "use" (optional) --> usage_mask parameter
   std::string jwk_use_value;
   bool has_jwk_use;
   status =
       GetOptionalJwkString(dict_value, "use", &jwk_use_value, &has_jwk_use);
   if (status.IsError())
     return status;
@@ skipping 75 matching lines @@
   } else {
     return Status::ErrorJwkUnrecognizedKty();
   }
 
   return Status::Success();
 }
 
 }  // namespace webcrypto
 
 }  // namespace content