Support for the new WebCrypto digest by chunks API.

content/child/webcrypto/platform_crypto_openssl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/platform_crypto.h"
 
 #include <vector>
 #include <openssl/aes.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
 #include "base/logging.h"
+#include "base/memory/scoped_ptr.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/status.h"
 #include "content/child/webcrypto/webcrypto_util.h"
 #include "crypto/openssl_util.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 
 namespace content {
@@ skipping 119 matching lines @@
       static_cast<unsigned int>(final_output_chunk_len);
   DCHECK_LE(final_output_len, output_max_len);
 
   ShrinkBuffer(buffer, final_output_len);
 
   return Status::Success();
 }
 
 }  // namespace
 
+class DigestorOpenSSL : public blink::WebCryptoDigestor {
+ public:
+  DigestorOpenSSL(blink::WebCryptoAlgorithmId algorithm_id)

[eroman, 2014/03/25 23:26:23]

explicit

[jww, 2014/03/26 00:42:31]

Done.

+      : initialized_(false),
+        digest_context_(EVP_MD_CTX_create()),
+        algorithm_id_(algorithm_id) {}
+
+  virtual bool consume(const unsigned char* data, unsigned int size) OVERRIDE {

[eroman, 2014/03/25 23:26:23]

ditto on OVERRIDE. I expect this will be pretty stable so shouldn't be an issue,
but just in case.

[jww, 2014/03/26 00:42:31]

Done.

+    return consumeWithStatus(data, size).IsSuccess();
+  }
+
+  Status consumeWithStatus(const unsigned char* data, unsigned int size) {

[eroman, 2014/03/25 23:26:23]

For ConsumeWithStatus (should use chromium style for non-virtual methods)

[jww, 2014/03/26 00:42:31]

Done.

+    crypto::OpenSSLErrStackTracer(FROM_HERE);
+    Status error = init();
+    if (!error.IsSuccess())
+      return error;
+
+    if (!EVP_DigestUpdate(digest_context_.get(), data, size))
+      return Status::Error();
+
+    return Status::Success();
+  }
+
+  virtual bool finish(unsigned char*& result_data,
+                      unsigned int& result_data_size) OVERRIDE {
+    Status error = finishInternal(result_, &result_data_size);
+    if (!error.IsSuccess())
+      return false;
+    result_data = result_;
+    return true;
+  }
+
+  virtual Status finishWithWebArrayAndStatus(blink::WebArrayBuffer& result) {

[eroman, 2014/03/25 23:26:23]

Make this non-virtual. Also use chromium-style function name. Also take pointer
to WebArrayBuffer rather than reference.

[jww, 2014/03/26 00:42:31]

See my question in platform_crypto_nss.cc about the result arg.

+    const int hash_expected_size = EVP_MD_CTX_size(digest_context_.get());
+    result = blink::WebArrayBuffer::create(hash_expected_size, 1);
+    unsigned char* const hash_buffer =
+        static_cast<unsigned char* const>(result.data());
+    unsigned int hash_buffer_size;  // ignored
+    Status error = finishInternal(hash_buffer, &hash_buffer_size);
+    if (!error.IsSuccess())
+      result.reset();
+    return error;
+  }
+
+ private:
+  bool initialized_;
+  crypto::ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> digest_context_;
+  blink::WebCryptoAlgorithmId algorithm_id_;
+  unsigned char result_[EVP_MAX_MD_SIZE];
+
+  DigestorOpenSSL() {}

[eroman, 2014/03/25 23:26:23]

Is this necessary?

[jww, 2014/03/26 00:42:31]

Removed.

+
+  Status init() {
+    if (initialized_)
+      return Status::Success();
+
+    const EVP_MD* digest_algorithm = GetDigest(algorithm_id_);
+    if (!digest_algorithm)
+      return Status::ErrorUnexpected();
+
+    if (!digest_context_.get())
+      return Status::Error();
+
+    if (!EVP_DigestInit_ex(digest_context_.get(), digest_algorithm, NULL))
+      return Status::Error();
+
+    initialized_ = true;
+    return Status::Success();
+  }
+
+  Status finishInternal(unsigned char* result, unsigned int* result_size) {
+    crypto::OpenSSLErrStackTracer(FROM_HERE);
+    Status error = init();
+    if (!error.IsSuccess())
+      return error;
+
+    const int hash_expected_size = EVP_MD_CTX_size(digest_context_.get());
+    if (hash_expected_size <= 0)
+      return Status::ErrorUnexpected();
+    DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE);
+
+    if (!EVP_DigestFinal_ex(digest_context_.get(), result, result_size) ||
+        static_cast<int>(*result_size) != hash_expected_size)
+      return Status::Error();
+
+    return Status::Success();
+  }
+};
+
 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) {
   *buffer = CreateArrayBuffer(Uint8VectorStart(key->key()), key->key().size());
   return Status::Success();
 }
 
 void Init() { crypto::EnsureOpenSSLInit(); }
 
 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode,
                             SymKey* key,
                             const CryptoData& data,
                             const CryptoData& iv,
                             blink::WebArrayBuffer* buffer) {
   // TODO(eroman): inline the function here.
   return AesCbcEncryptDecrypt(mode, key, iv, data, buffer);
 }
 
 Status DigestSha(blink::WebCryptoAlgorithmId algorithm,
                  const CryptoData& data,
                  blink::WebArrayBuffer* buffer) {
-  crypto::OpenSSLErrStackTracer(FROM_HERE);
+  DigestorOpenSSL digestor(algorithm);
+  Status error = digestor.consumeWithStatus(data.bytes(), data.byte_length());
+  if (!error.IsSuccess())
+    return error;
+  return digestor.finishWithWebArrayAndStatus(*buffer);
+}
 
-  const EVP_MD* digest_algorithm = GetDigest(algorithm);
-  if (!digest_algorithm)
-    return Status::ErrorUnexpected();
-
-  crypto::ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> digest_context(
-      EVP_MD_CTX_create());
-  if (!digest_context.get())
-    return Status::Error();
-
-  if (!EVP_DigestInit_ex(digest_context.get(), digest_algorithm, NULL) ||
-      !EVP_DigestUpdate(
-          digest_context.get(), data.bytes(), data.byte_length())) {
-    return Status::Error();
-  }
-
-  const int hash_expected_size = EVP_MD_CTX_size(digest_context.get());
-  if (hash_expected_size <= 0)
-    return Status::ErrorUnexpected();
-  DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE);
-
-  *buffer = blink::WebArrayBuffer::create(hash_expected_size, 1);
-  unsigned char* const hash_buffer =
-      reinterpret_cast<unsigned char* const>(buffer->data());
-
-  unsigned int hash_size = 0;
-  if (!EVP_DigestFinal_ex(digest_context.get(), hash_buffer, &hash_size) ||
-      static_cast<int>(hash_size) != hash_expected_size) {
-    buffer->reset();
-    return Status::Error();
-  }
-
-  return Status::Success();
+blink::WebCryptoDigestor* CreateDigestor(
+    blink::WebCryptoAlgorithmId algorithm_id) {
+  return new DigestorOpenSSL(algorithm_id);
 }
 
 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
                          bool extractable,
                          blink::WebCryptoKeyUsageMask usage_mask,
                          unsigned keylen_bytes,
                          blink::WebCryptoKey* key) {
   // TODO(eroman): Is this right?
   if (keylen_bytes == 0)
     return Status::ErrorGenerateKeyLength();
@@ skipping 216 matching lines @@
                          blink::WebCryptoKey* key) {
   // TODO(eroman): http://crbug.com/267888
   return Status::ErrorUnsupported();
 }
 
 }  // namespace platform
 
 }  // namespace webcrypto
 
 }  // namespace content