WebCrypto: Implement digest() using NSS

content/renderer/webcrypto_sha_digest_nss.cc

Index: content/renderer/webcrypto_sha_digest_nss.cc
diff --git a/content/renderer/webcrypto_sha_digest_nss.cc b/content/renderer/webcrypto_sha_digest_nss.cc
new file mode 100644
index 0000000000000000000000000000000000000000..fd9e7e1ed178cef535fa5ea7c6bae8e4d91c6d82
--- /dev/null
+++ b/content/renderer/webcrypto_sha_digest_nss.cc
@@ -0,0 +1,139 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/renderer/webcrypto_sha_digest.h"
+
+#include <pk11pub.h>
+
+#include "base/logging.h"
+#include "crypto/nss_util.h"
+#include "third_party/WebKit/public/platform/WebArrayBuffer.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+
+namespace content {
+
+WebCryptoSHADigest::WebCryptoSHADigest(
+    const WebKit::WebCryptoAlgorithmId algorithm_id)
+    : context_(NULL),
+      hash_algorithm_(SEC_OID_UNKNOWN) {
+  crypto::EnsureNSSInit();

[eroman, 2013/07/19 01:11:13]

Seems this could go in InitializeContext() instead.

[Bryan Eyler, 2013/07/24 00:33:53]

Done.

+
+  switch (algorithm_id) {
+    case WebKit::WebCryptoAlgorithmIdSha1:
+      hash_algorithm_ = SEC_OID_SHA1;
+      break;
+    case WebKit::WebCryptoAlgorithmIdSha224:
+      hash_algorithm_ = SEC_OID_SHA224;
+      break;
+    case WebKit::WebCryptoAlgorithmIdSha256:
+      hash_algorithm_ = SEC_OID_SHA256;
+      break;
+    case WebKit::WebCryptoAlgorithmIdSha384:
+      hash_algorithm_ = SEC_OID_SHA384;
+      break;
+    case WebKit::WebCryptoAlgorithmIdSha512:
+      hash_algorithm_ = SEC_OID_SHA512;
+      break;
+    default:
+      hash_algorithm_ = SEC_OID_UNKNOWN;
+  }
+}
+
+WebCryptoSHADigest::~WebCryptoSHADigest() {
+  if (context_) {
+    PK11_DestroyContext(context_, PR_TRUE);
+  }
+}
+
+bool WebCryptoSHADigest::InitializeContext() {
+  context_ = PK11_CreateDigestContext(hash_algorithm_);
+  if (!context_) {
+    LOG(ERROR) << "Could not create digest context for hash algorithm: "
+               << hash_algorithm_;
+    // TODO(bryaneyler): Error out.
+    return false;
+  }
+
+  if (PK11_DigestBegin(context_) != SECSuccess) {
+    LOG(ERROR) << "Could not initialize digest context.";
+    // TODO(bryaneyler): Error out.
+    return false;
+  }
+
+  return true;
+}
+
+void WebCryptoSHADigest::process(const unsigned char* bytes, size_t size) {
+  // If this is the first process request, need to setup the context.
+  if (!context_ && !InitializeContext()) {

[eroman, 2013/07/19 01:11:13]

[after my API change]

I suggest doing the InitializeContext() at the start (WebCryptoImpl::digest),
and signalling the failure using result->initializationFailed()

[Bryan Eyler, 2013/07/24 00:33:53]

Done.

+    LOG(ERROR) << "Could not initialize context.";
+    // TODO(bryaneyler): Error out.
+    return;
+  }
+
+  if (PK11_DigestOp(context_, bytes, size) != SECSuccess) {
+    LOG(ERROR) << "Could not process digest contents of size: " << size;
+    // TODO(bryaneyler): Error out.
+  }
+}
+
+void WebCryptoSHADigest::abort() {
+  delete this;
+}
+
+void WebCryptoSHADigest::finish(WebKit::WebCryptoOperationResult* result) {
+  // If no context yet created; create an empty one.
+  if (!context_ && !InitializeContext()) {
+    LOG(ERROR) << "Could not initialize context.";
+    // TODO(bryaneyler): Error out.
+    return;
+  }
+
+  unsigned char* digest = NULL;
+  unsigned int length = 0;
+
+  switch (hash_algorithm_) {
+    case SEC_OID_SHA1:
+      length = 20;
+      break;
+    case SEC_OID_SHA224:
+      length = 28;
+      break;
+    case SEC_OID_SHA256:
+      length = 32;
+      break;
+    case SEC_OID_SHA384:
+      length = 48;
+      break;
+    case SEC_OID_SHA512:
+      length = 64;
+      break;
+    default:
+      length = 0;

[eroman, 2013/07/19 01:11:13]

[optional] Rather than running the risk of the two switches getting out of sync,
I suggest adding the length codings to the earlier switch statement on
|algorithm_id|. You could then save it to a member variable, or create the
WebArrayBuffer at that point.

[Bryan Eyler, 2013/07/24 00:33:53]

Done.

+  }
+
+  WebKit::WebArrayBuffer buffer(
+      WebKit::WebArrayBuffer::create(length, 1));
+
+  digest = reinterpret_cast<unsigned char*>(buffer.data());
+  if (!digest) {
+    LOG(ERROR) << "Could not allocate digest data.";
+    // TODO(bryaneyler): Error out.
+    return;
+  }
+
+  unsigned int result_length = 0;
+  if (PK11_DigestFinal(context_, digest, &result_length, length)
+      != SECSuccess || result_length != length) {
+    LOG(ERROR) << "Could not finalize digest data.";
+    // TODO(bryaneyler): Error out.
+    return;
+  }
+
+  result->setArrayBuffer(buffer);
+
+  delete this;
+}
+
+}  // namespace content