[webcrypto] Remove support for null import algorithms.

content/child/webcrypto/platform_crypto_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/platform_crypto.h"
 
 #include <cryptohi.h>
 #include <pk11pub.h>
 #include <sechash.h>
 
@@ skipping 537 matching lines @@
   return Status::Success();
 }
 
 namespace {
 
 typedef scoped_ptr<CERTSubjectPublicKeyInfo,
                    crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
                                         SECKEY_DestroySubjectPublicKeyInfo> >
     ScopedCERTSubjectPublicKeyInfo;
 
-// Validates an NSS KeyType against a WebCrypto algorithm. Some NSS KeyTypes
-// contain enough information to fabricate a Web Crypto algorithm, which is
-// returned if the input algorithm isNull(). This function indicates failure by
-// returning a Null algorithm.
-blink::WebCryptoAlgorithm ResolveNssKeyTypeWithInputAlgorithm(
+// Validates an NSS KeyType against a WebCrypto import algorithm.
+bool ValidateNssKeyTypeAgainstInputAlgorithm(
     KeyType key_type,
-    const blink::WebCryptoAlgorithm& algorithm_or_null) {
+    const blink::WebCryptoAlgorithm& algorithm) {
   switch (key_type) {
     case rsaKey:
-      // NSS's rsaKey KeyType maps to keys with SEC_OID_PKCS1_RSA_ENCRYPTION and
-      // according to RFCs 4055/5756 this can be used for both encryption and
-      // signatures. However, this is not specific enough to build a compatible
-      // Web Crypto algorithm, since in Web Crypto, RSA encryption and signature
-      // algorithms are distinct. So if the input algorithm isNull() here, we
-      // have to fail.
-      if (!algorithm_or_null.isNull() && IsAlgorithmRsa(algorithm_or_null))
-        return algorithm_or_null;
-      break;
+      return IsAlgorithmRsa(algorithm);
     case dsaKey:
     case ecKey:
     case rsaPssKey:
     case rsaOaepKey:
       // TODO(padolph): Handle other key types.
       break;
     default:
       break;
   }
-  return blink::WebCryptoAlgorithm::createNull();
+  return false;
 }
 
 }  // namespace
 
-Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm_or_null,
+Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm,
                      const CryptoData& key_data,
                      bool extractable,
                      blink::WebCryptoKeyUsageMask usage_mask,
                      blink::WebCryptoKey* key) {
 
   DCHECK(key);
 
   if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
   DCHECK(key_data.bytes());
 
   // The binary blob 'key_data' is expected to be a DER-encoded ASN.1 Subject
   // Public Key Info. Decode this to a CERTSubjectPublicKeyInfo.
   SECItem spki_item = MakeSECItemForBuffer(key_data);
   const ScopedCERTSubjectPublicKeyInfo spki(
       SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
   if (!spki)
     return Status::Error();
 
   crypto::ScopedSECKEYPublicKey sec_public_key(
       SECKEY_ExtractPublicKey(spki.get()));
   if (!sec_public_key)
     return Status::Error();
 
   const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get());
-  blink::WebCryptoAlgorithm algorithm =
-      ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null);
-  if (algorithm.isNull())
+  if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
     return Status::Error();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(
           algorithm, sec_public_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()),
                                      blink::WebCryptoKeyTypePublic,
                                      extractable,
@@ skipping 10 matching lines @@
     return Status::Error();
 
   DCHECK(spki_der->data);
   DCHECK(spki_der->len);
 
   *buffer = CreateArrayBuffer(spki_der->data, spki_der->len);
 
   return Status::Success();
 }
 
-Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm_or_null,
+Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
                       const CryptoData& key_data,
                       bool extractable,
                       blink::WebCryptoKeyUsageMask usage_mask,
                       blink::WebCryptoKey* key) {
 
   DCHECK(key);
 
   if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
   DCHECK(key_data.bytes());
@@ skipping 12 matching lines @@
                                                false,   // isPrivate
                                                KU_ALL,  // usage
                                                &seckey_private_key,
                                                NULL) != SECSuccess) {
     return Status::Error();
   }
   DCHECK(seckey_private_key);
   crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key);
 
   const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get());
-  blink::WebCryptoAlgorithm algorithm =
-      ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null);
-  if (algorithm.isNull())
+  if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
     return Status::Error();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()),
                                      blink::WebCryptoKeyTypePrivate,
                                      extractable,
                                      key_algorithm,
@@ skipping 535 matching lines @@
                                      key_algorithm,
                                      usage_mask);
   return Status::Success();
 }
 
 }  // namespace platform
 
 }  // namespace webcrypto
 
 }  // namespace content