Support for the new WebCrypto digest by chunks API.

content/child/webcrypto/platform_crypto_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/platform_crypto.h"
 
 #include <cryptohi.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
 #include <secoid.h>
 
 #include <vector>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/status.h"
 #include "content/child/webcrypto/webcrypto_util.h"
 #include "crypto/nss_util.h"
 #include "crypto/scoped_nss_types.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 
@@ skipping 620 matching lines @@
     SECITEM_FreeItem(&out->prime1, PR_FALSE);
     SECITEM_FreeItem(&out->prime2, PR_FALSE);
     SECITEM_FreeItem(&out->exponent1, PR_FALSE);
     SECITEM_FreeItem(&out->exponent2, PR_FALSE);
     SECITEM_FreeItem(&out->coefficient, PR_FALSE);
   }
 };
 
 }  // namespace
 
+class DigestorNSS : public blink::WebCryptoDigestor {
+ public:
+  DigestorNSS(blink::WebCryptoAlgorithmId algorithm_id)

[eroman, 2014/03/25 23:26:23]

Mark as explicit

+      : hash_context_(0), algorithm_id_(algorithm_id) {}

[eroman, 2014/03/25 23:26:23]

use NULL rather than 0.

[jww, 2014/03/26 00:42:31]

Done.

+
+  virtual ~DigestorNSS() OVERRIDE {
+    if (!hash_context_)
+      return;
+
+    HASH_Destroy(hash_context_);
+    hash_context_ = 0;
+  }
+
+  virtual bool consume(const unsigned char* data, unsigned int size) OVERRIDE {

[eroman, 2014/03/25 23:26:23]

In general we omit OVERRIDE for objects  coming from blink. Otherwise it is
harder to change APIs without 3-sided patches.

[jww, 2014/03/26 00:42:31]

Done.

+    return consumeWithStatus(data, size).IsSuccess();
+  }
+
+  Status consumeWithStatus(const unsigned char* data, unsigned int size) {
+    // Initialize everything if the object hasn't been initialized yet.
+    if (!hash_context_) {
+      Status error = init();
+      if (!error.IsSuccess())
+        return error;
+    }
+
+    HASH_Update(hash_context_, data, size);
+
+    return Status::Success();
+  }
+
+  virtual bool finish(unsigned char*& result_data,
+                      unsigned int& result_data_size) OVERRIDE {

[eroman, 2014/03/25 23:26:23]

ditto here

[jww, 2014/03/26 00:42:31]

Done.

+    Status error = finishInternal(result_, &result_data_size);
+    if (!error.IsSuccess())
+      return false;
+    result_data = result_;
+    return true;
+  }
+
+  Status finishWithWebArrayAndStatus(blink::WebArrayBuffer& result) {

[eroman, 2014/03/25 23:26:23]

FinishWithWebArrayAndStatus. Also make result be a pointer.

[jww, 2014/03/26 00:42:31]

This is meant to be an explicit method to get a WebArrayBuffer result because
the other digest function requires a WebArrayBuffer result. Do you think we
should return an array here and move the WebArrayBuffer creation to those other
methods?

[eroman, 2014/03/26 00:49:08]

What i meant, is in chromium-style an out parameter should not be a non-const
reference. Instead it should be a pointer. So I just want you to change

blink::WebArrayBuffer& result
to
blink::WebArrayBuffer* result

[eroman, 2014/03/26 00:50:13]

And then instead of
result = ...
you do
*result = ...

Nothing much else changes

+    if (!hash_context_)
+      return Status::ErrorUnexpected();
+
+    unsigned int result_length = HASH_ResultLenContext(hash_context_);
+    result = blink::WebArrayBuffer::create(result_length, 1);
+    unsigned char* digest = reinterpret_cast<unsigned char*>(result.data());
+    unsigned int digest_size;  // ignored
+    return finishInternal(digest, &digest_size);
+  }
+
+ private:
+  HASHContext* hash_context_;
+  blink::WebCryptoAlgorithmId algorithm_id_;
+  unsigned char result_[HASH_LENGTH_MAX];
+
+  Status init() {

[eroman, 2014/03/25 23:26:23]

Init

[jww, 2014/03/26 00:42:31]

Done.

+    HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm_id_);
+
+    if (hash_type == HASH_AlgNULL)
+      return Status::ErrorUnsupported();
+
+    hash_context_ = HASH_Create(hash_type);
+    if (!hash_context_)
+      return Status::Error();
+
+    HASH_Begin(hash_context_);
+
+    return Status::Success();
+  }
+
+  Status finishInternal(unsigned char* result, unsigned int* result_size) {

[eroman, 2014/03/25 23:26:23]

FinishInternal

[jww, 2014/03/26 00:42:31]

Done.

+    if (!hash_context_) {
+      Status error = init();
+      if (!error.IsSuccess())
+        return error;
+    }
+
+    unsigned int hash_result_length = HASH_ResultLenContext(hash_context_);
+    DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX));
+
+    HASH_End(hash_context_, result, result_size, hash_result_length);
+
+    if (*result_size != hash_result_length)
+      return Status::ErrorUnexpected();
+    return Status::Success();
+  }
+};
+
 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,
                     const CryptoData& key_data,
                     bool extractable,
                     blink::WebCryptoKeyUsageMask usage_mask,
                     blink::WebCryptoKey* key) {
 
   DCHECK(!algorithm.isNull());
 
   CK_MECHANISM_TYPE mechanism;
   CK_FLAGS flags;
@@ skipping 503 matching lines @@
                                   usage_mask);
 
   return Status::Success();
 }
 
 void Init() { crypto::EnsureNSSInit(); }
 
 Status DigestSha(blink::WebCryptoAlgorithmId algorithm,
                  const CryptoData& data,
                  blink::WebArrayBuffer* buffer) {
-  HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm);
-  if (hash_type == HASH_AlgNULL)
-    return Status::ErrorUnsupported();
+  DigestorNSS digestor(algorithm);
+  Status error = digestor.consumeWithStatus(data.bytes(), data.byte_length());
+  if (!error.IsSuccess())
+    return error;
+  return digestor.finishWithWebArrayAndStatus(*buffer);
+}
 
-  HASHContext* context = HASH_Create(hash_type);
-  if (!context)
-    return Status::Error();
-
-  HASH_Begin(context);
-
-  HASH_Update(context, data.bytes(), data.byte_length());
-
-  unsigned int hash_result_length = HASH_ResultLenContext(context);
-  DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX));
-
-  *buffer = blink::WebArrayBuffer::create(hash_result_length, 1);
-
-  unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data());
-
-  unsigned int result_length = 0;
-  HASH_End(context, digest, &result_length, hash_result_length);
-
-  HASH_Destroy(context);
-
-  if (result_length != hash_result_length)
-    return Status::ErrorUnexpected();
-  return Status::Success();
+blink::WebCryptoDigestor* CreateDigestor(
+    blink::WebCryptoAlgorithmId algorithm_id) {
+  return new DigestorNSS(algorithm_id);
 }
 
 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
                          bool extractable,
                          blink::WebCryptoKeyUsageMask usage_mask,
                          unsigned keylen_bytes,
                          blink::WebCryptoKey* key) {
   CK_MECHANISM_TYPE mech = WebCryptoAlgorithmToGenMechanism(algorithm);
   blink::WebCryptoKeyType key_type = blink::WebCryptoKeyTypeSecret;
 
@@ skipping 257 matching lines @@
                                      key_algorithm,
                                      usage_mask);
   return Status::Success();
 }
 
 }  // namespace platform
 
 }  // namespace webcrypto
 
 }  // namespace content