content/renderer/webcrypto_impl.cc - Issue 19757011: WebCrypto: Implement digest() using NSS

Side by Side Diff: content/renderer/webcrypto_impl.cc

Issue 19757011: WebCrypto: Implement digest() using NSS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Rebase: removal of partial processing. Created 7 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/renderer/webcrypto_impl.h"	5 #include "content/renderer/webcrypto_impl.h"

6	6

	7 #if defined(USE_NSS)

	8 #include <sechash.h>

	9 #endif

	10

	11 #include "base/logging.h"

	12 #include "base/memory/scoped_ptr.h"
	eroman 2013/08/22 02:25:05 unused; remove unused; remove Bryan Eyler 2013/08/22 18:51:03 Done. Show quoted text On 2013/08/22 02:25:05, eroman wrote: > unused; remove Done.
	13 #include "crypto/nss_util.h"

	14 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"

7 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"	15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"

8	16

9 namespace content {	17 namespace content {

10	18

11 WebKit::WebCryptoOperation* WebCryptoImpl::digest(	19 void WebCryptoImpl::digest(

12 const WebKit::WebCryptoAlgorithm& algorithm) {	20 const WebKit::WebCryptoAlgorithm& algorithm,

	21 const unsigned char* data,

	22 size_t data_size,

	23 WebKit::WebCryptoResult result) {

	24 // TODO(bryaneyler): Also include these in OpenSSL build. Issue 267888.

	25 #if defined(USE_NSS)
	eroman 2013/08/22 02:25:05 Because this is quickly going to turn into a lot o Because this is quickly going to turn into a lot of defines, I suggest splitting it into a separate file from the get-go * webcrypto_impl.h defines the class * webcrypto_impl_nss.cc has the method definitions (for NSS) * webcrypto_impl_openssl.cc has the method definitions (for OpenSSL) * webcrypto_impl_unittest.cc has the tests which apply to WebCryptoImpl (shared by both NSS and openssl). Bryan Eyler 2013/08/22 18:51:03 Done. Show quoted text On 2013/08/22 02:25:05, eroman wrote: > Because this is quickly going to turn into a lot of defines, I suggest splitting > it into a separate file from the get-go > > * webcrypto_impl.h defines the class > * webcrypto_impl_nss.cc has the method definitions (for NSS) > * webcrypto_impl_openssl.cc has the method definitions (for OpenSSL) > * webcrypto_impl_unittest.cc has the tests which apply to WebCryptoImpl (shared > by both NSS and openssl). > Done.
	26 HASH_HashType hash_type = HASH_AlgNULL;

	27

13 switch (algorithm.id()) {	28 switch (algorithm.id()) {

14 case WebKit::WebCryptoAlgorithmIdSha1:	29 case WebKit::WebCryptoAlgorithmIdSha1:

	30 hash_type = HASH_AlgSHA1;

	31 break;

15 case WebKit::WebCryptoAlgorithmIdSha224:	32 case WebKit::WebCryptoAlgorithmIdSha224:

	33 hash_type = HASH_AlgSHA224;

	34 break;

16 case WebKit::WebCryptoAlgorithmIdSha256:	35 case WebKit::WebCryptoAlgorithmIdSha256:

	36 hash_type = HASH_AlgSHA256;

	37 break;

17 case WebKit::WebCryptoAlgorithmIdSha384:	38 case WebKit::WebCryptoAlgorithmIdSha384:

	39 hash_type = HASH_AlgSHA384;

	40 break;

18 case WebKit::WebCryptoAlgorithmIdSha512:	41 case WebKit::WebCryptoAlgorithmIdSha512:

19 // TODO(eroman): Implement.	42 hash_type = HASH_AlgSHA512;

20 return NULL;	43 break;

21 default:	44 default:

22 // Not a digest algorithm.	45 // Not a digest algorithm.

23 return NULL;	46 result.completeWithError();

	47 return;

24 }	48 }

	49

	50 crypto::EnsureNSSInit();

	51

	52 HASHContext* context = HASH_Create(hash_type);

	53 if (!context) {

	54 LOG(ERROR) << "Could not create digest context for hash algorithm: "
	eroman 2013/08/22 02:25:05 I don't think there is value to having these LOG(E I don't think there is value to having these LOG(ERROR) and suggest deleting them. (In a future update of the API I will add a string parameter to completeWithError() so any relevant information can be stuffed into the javascript's exception message.) Bryan Eyler 2013/08/22 18:51:03 Done. Show quoted text On 2013/08/22 02:25:05, eroman wrote: > I don't think there is value to having these LOG(ERROR) and suggest deleting > them. > > (In a future update of the API I will add a string parameter to > completeWithError() so any relevant information can be stuffed into the > javascript's exception message.) Done.
	55 << hash_type;

	56 result.completeWithError();

	57 return;

	58 }

	59

	60 HASH_Begin(context);

	61

	62 HASH_Update(context, data, data_size);

	63

	64 unsigned int hash_result_length = HASH_ResultLenContext(context);
	jamesr 2013/08/22 02:31:01 i think size_t is a better type, but you don't wan i think size_t is a better type, but you don't want that at least use an explicitly sized type Bryan Eyler 2013/08/22 18:51:03 Changed to size_t. FWIW, I was trying to match th Show quoted text On 2013/08/22 02:31:01, jamesr wrote: > i think size_t is a better type, but you don't want that at least use an > explicitly sized type Changed to size_t. FWIW, I was trying to match the return type of HASH_ResultLenContext().
	65 WebKit::WebArrayBuffer buffer(

	66 WebKit::WebArrayBuffer::create(hash_result_length, 1));

	67

	68 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer.data());

	69 DCHECK(digest);
	eroman 2013/08/22 02:25:05 I think the only situation when buffer.data() can I think the only situation when buffer.data() can be NULL is if (length * size) in the call to WebArrayBuffer::create() above causes 32-bit integer overflow. Probably safest to handle it explicitly instead of the DCHECK: if (!digest) { result.completeWithError(); return; } jamesr 2013/08/22 02:31:01 I'm not sure this DCHECK makes sense. WebArrayBuff I'm not sure this DCHECK makes sense. WebArrayBuffer::create() will only return a null buffer if you request it to allocate > 2^32 bytes of data, which seems crazy for the length of a hash result. I think it'd be better to DCHECK that your inputs are sane if you aren't sure Bryan Eyler 2013/08/22 18:51:03 DCHECK changed to sanity check hash_result_length. Show quoted text On 2013/08/22 02:31:01, jamesr wrote: > I'm not sure this DCHECK makes sense. WebArrayBuffer::create() will only return > a null buffer if you request it to allocate > 2^32 bytes of data, which seems > crazy for the length of a hash result. I think it'd be better to DCHECK that > your inputs are sane if you aren't sure DCHECK changed to sanity check hash_result_length.
	70

	71 unsigned int result_length = 0;
	jamesr 2013/08/22 02:31:01 please use a better type please use a better type Bryan Eyler 2013/08/22 18:51:03 I've made this uint32 for lack of a better type. Show quoted text On 2013/08/22 02:31:01, jamesr wrote: > please use a better type I've made this uint32 for lack of a better type. size_t won't typecast properly to be passed into HASH_End().
	72 HASH_End(context, digest, &result_length, hash_result_length);

	73 if (result_length != hash_result_length) {

	74 LOG(ERROR) << "Result length invalid; expected " << hash_result_length
	eroman 2013/08/22 02:25:05 LOG(ERROR) have very little usefulness in my exper LOG(ERROR) have very little usefulness in my experience, I suggest deleting (and we will pass the details to completeWithError in the future). Bryan Eyler 2013/08/22 18:51:03 Done. Show quoted text On 2013/08/22 02:25:05, eroman wrote: > LOG(ERROR) have very little usefulness in my experience, I suggest deleting (and > we will pass the details to completeWithError in the future). Done.
	75 << ", got " << result_length;

	76 result.completeWithError();

	77 return;

	78 }

	79

	80 result.completeWithBuffer(buffer);

	81

	82 #else

	83 // No way to process.

	84 result.completeWithError();

	85 #endif

25 }	86 }

26	87

27 } // namespace content	88 } // namespace content

OLD	NEW

« no previous file with comments | « content/renderer/webcrypto_impl.h ('k') | content/renderer/webcrypto_impl_unittest.cc » ('j') | content/renderer/webcrypto_impl_unittest.cc » ('J')