[webcrypto] Make operations run on worker threads.

content/child/webcrypto/platform_crypto.h

Index: content/child/webcrypto/platform_crypto.h
diff --git a/content/child/webcrypto/platform_crypto.h b/content/child/webcrypto/platform_crypto.h
index e3329206d9ecfa6b94ec3e48a4cf085c7e914e29..8cb2cb320591ce4ca0869cc636118fa7b0bd46bb 100644
--- a/content/child/webcrypto/platform_crypto.h
+++ b/content/child/webcrypto/platform_crypto.h
@@ -9,10 +9,14 @@
 #include "base/basictypes.h"

[Ryan Sleevi, 2014/04/24 02:10:41]

nit: newline between 8 and 9

[eroman, 2014/04/24 20:59:38]

Done.

 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
-#include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCrypto.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 
+namespace blink {
+template <typename T>
+class WebVector;
+}
+
 namespace content {
 
 enum EncryptOrDecrypt { ENCRYPT, DECRYPT };
@@ -28,6 +32,27 @@ class Status;
 // The general purpose code which applies to both OpenSSL and NSS
 // implementations of webcrypto should live in the outter webcrypto namespace,
 // and the crypto library specific bits in the "platform" namespace.
+//
+// -----------------
+// Threading:
+// -----------------
+//
+// Unless otherwise noted, functions in webcrypto::platform are called
+// exclusively from a sequenced worker pool.
+//
+// This means that operations using a given key cannot occur in
+// parallel and it is not necessary to guard against concurrent usage.
+//
+// The exceptions are:
+//
+//   * Key::ThreadSafeSerializeForClone(), which is called from the
+//     target Blink thread during structured clone.
+//
+//   * ImportKeyRaw(), ImportKeySpki(), ImportKeyPkcs8(), which can be
+//     called from the target Blink thread during structured clone
+//     deserialization, as well as from the webcrypto worker pool.
+//
+//     TODO(eroman): Change it so import happens in worker pool too.

[Ryan Sleevi, 2014/04/24 02:10:41]

File a bug to track this?

[eroman, 2014/04/24 20:59:38]

Done.

 namespace platform {
 
 class SymKey;
@@ -40,6 +65,9 @@ class Key : public blink::WebCryptoKeyHandle {
   virtual SymKey* AsSymKey() = 0;
   virtual PublicKey* AsPublicKey() = 0;
   virtual PrivateKey* AsPrivateKey() = 0;
+
+  virtual bool ThreadSafeSerializeForClone(
+      blink::WebVector<uint8>* key_data) = 0;
 };
 
 // Do any one-time initialization. Note that this can be called MULTIPLE times
@@ -53,7 +81,7 @@ Status EncryptDecryptAesCbc(EncryptOrDecrypt mode,
                             SymKey* key,
                             const CryptoData& data,
                             const CryptoData& iv,
-                            blink::WebArrayBuffer* buffer);
+                            std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |key| is a non-null AES-GCM key.
@@ -64,20 +92,20 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
                             const CryptoData& iv,
                             const CryptoData& additional_data,
                             unsigned int tag_length_bits,
-                            blink::WebArrayBuffer* buffer);
+                            std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |key| is non-null.
 //  * |data| is not empty.
 Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
                              const CryptoData& data,
-                             blink::WebArrayBuffer* buffer);
+                             std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |key| is non-null.
 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
                              const CryptoData& data,
-                             blink::WebArrayBuffer* buffer);
+                             std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |key| is a non-null HMAC key.
@@ -85,13 +113,13 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
 Status SignHmac(SymKey* key,
                 const blink::WebCryptoAlgorithm& hash,
                 const CryptoData& data,
-                blink::WebArrayBuffer* buffer);
+                std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |algorithm| is a SHA function.
 Status DigestSha(blink::WebCryptoAlgorithmId algorithm,
                  const CryptoData& data,
-                 blink::WebArrayBuffer* buffer);
+                 std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |algorithm| is a SHA function.
@@ -104,7 +132,7 @@ scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
 Status SignRsaSsaPkcs1v1_5(PrivateKey* key,
                            const blink::WebCryptoAlgorithm& hash,
                            const CryptoData& data,
-                           blink::WebArrayBuffer* buffer);
+                           std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |key| is non-null.
@@ -148,6 +176,7 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
 //  * |key| is non-null.
 //  * |algorithm.id()| is for a symmetric key algorithm.
 //  * For AES algorithms |key_data| is either 16, 24, or 32 bytes long.
+// Note that this may be called from target Blink thread.
 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,
                     const CryptoData& key_data,
                     bool extractable,
@@ -163,12 +192,14 @@ Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm,
                           const CryptoData& exponent_data,
                           blink::WebCryptoKey* key);
 
+// Note that this may be called from target Blink thread.
 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm,
                      const CryptoData& key_data,
                      bool extractable,
                      blink::WebCryptoKeyUsageMask usage_mask,
                      blink::WebCryptoKey* key);
 
+// Note that this may be called from target Blink thread.
 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
                       const CryptoData& key_data,
                       bool extractable,
@@ -177,11 +208,11 @@ Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
 
 // Preconditions:
 //  * |key| is non-null.
-Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer);
+Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |key| is non-null.
-Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer);
+Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |key| is non-null.
@@ -193,14 +224,14 @@ Status ExportRsaPublicKey(PublicKey* key,
 //  * |key| is non-null.
 Status ExportKeyPkcs8(PrivateKey* key,
                       const blink::WebCryptoKeyAlgorithm& key_algorithm,
-                      blink::WebArrayBuffer* buffer);
+                      std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |wrapping_key| is non-null
 //  * |key| is non-null
 Status WrapSymKeyAesKw(SymKey* wrapping_key,
                        SymKey* key,
-                       blink::WebArrayBuffer* buffer);
+                       std::vector<uint8>* buffer);
 
 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in
 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used
@@ -227,14 +258,14 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
 //  * |buffer| is non-null.
 Status DecryptAesKw(SymKey* key,
                     const CryptoData& data,
-                    blink::WebArrayBuffer* buffer);
+                    std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |wrapping_key| is non-null
 //  * |key| is non-null
 Status WrapSymKeyRsaEs(PublicKey* wrapping_key,
                        SymKey* key,
-                       blink::WebArrayBuffer* buffer);
+                       std::vector<uint8>* buffer);
 
 // Preconditions:
 //  * |wrapping_key| is non-null