[webcrypto] Remove support for AES 192-bit keys (2 of 2)

content/child/webcrypto/platform_crypto_nss.cc

Index: content/child/webcrypto/platform_crypto_nss.cc
diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc
index dab8582753cf2329dedec349bba9e40e92c160f3..b653fa2b53f84937a1b0d9a3521a391b21d70b91 100644
--- a/content/child/webcrypto/platform_crypto_nss.cc
+++ b/content/child/webcrypto/platform_crypto_nss.cc
@@ -1853,9 +1853,17 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
   if (status.IsError())
     return status;
 
+  unsigned int unwrapped_key_length_bytes =
+      PK11_GetKeyLength(unwrapped_key.get());
+
+  if (unwrapped_key_length_bytes == 24 &&
+      algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm) {

[Ryan Sleevi, 2014/06/10 23:44:21]

Adam's comments were about AES as a whole.

if (IsAesAlgorithm(algorithm.id()) && !IsValidAesKeyLengthBytes(...)), reject

However, that you need to update this file makes me a bit nervous that we're not
being consistent in handling - that is, this isn't being treated as an Import
operation, we're instead going to create it directly, right? If it was import,
we would only need the single path to update.

[eroman, 2014/06/11 01:15:26]

I see, I'll rework this change to apply to all of AES then.

The reason there is a change in platform_crypto_nss.cc is because of how AES-KW
unwrapping is implemented -- it doesn't go through the import codepath.

[eroman, 2014/06/12 01:01:30]

I sent you another CL which remove the special case for AES-KW, and have based
this on top of that (so this check is gone).

+    return Status::ErrorAesGcm192Unsupported();
+  }
+
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreateSecretKeyAlgorithm(
-          algorithm, PK11_GetKeyLength(unwrapped_key.get()), &key_algorithm))
+          algorithm, unwrapped_key_length_bytes, &key_algorithm))
     return Status::ErrorUnexpected();
 
   scoped_ptr<SymKey> key_handle;