[webcrypto] Add RSA key generation using NSS.

content/renderer/webcrypto/webcrypto_impl.cc

Index: content/renderer/webcrypto/webcrypto_impl.cc
diff --git a/content/renderer/webcrypto/webcrypto_impl.cc b/content/renderer/webcrypto/webcrypto_impl.cc
index 9275783bab77ce6fcec25fb69656a4203c834a7d..3612fce8862f1f95cf81ddc6e1c5f1ac67f2b86f 100644
--- a/content/renderer/webcrypto/webcrypto_impl.cc
+++ b/content/renderer/webcrypto/webcrypto_impl.cc
@@ -12,6 +12,19 @@
 
 namespace content {
 
+namespace {
+
+bool IsAlgorithmAsymmetric(const WebKit::WebCryptoAlgorithm& algorithm) {
+  const WebKit::WebCryptoAlgorithmId algorithm_id = algorithm.id();

[eroman, 2013/10/31 22:18:36]

[optional]: seems equally short to inline.

[padolph, 2013/11/01 20:35:31]

Done.

+  // TODO(padolph): include all other asymmetric algorithms once they are
+  // defined, e.g. EC and DH.
+  return (algorithm_id == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
+          algorithm_id == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
+          algorithm_id == WebKit::WebCryptoAlgorithmIdRsaOaep);
+}
+
+}  // namespace
+
 WebCryptoImpl::WebCryptoImpl() {
   Init();
 }
@@ -94,15 +107,34 @@ void WebCryptoImpl::generateKey(
     WebKit::WebCryptoKeyUsageMask usage_mask,
     WebKit::WebCryptoResult result) {
   DCHECK(!algorithm.isNull());
-  WebKit::WebCryptoKey key = NullKey();
-  if (!GenerateKeyInternal(algorithm, extractable, usage_mask, &key)) {
-    result.completeWithError();
+  if (IsAlgorithmAsymmetric(algorithm)) {
+    WebKit::WebCryptoKey public_key = NullKey();

[eroman, 2013/10/31 22:18:36]

[optional]: I recommend using WebKit::WebCryptoKey::createNull() in place of
NullKey(). That way if my changelist lands before yours (which removes
NullKey()) you won't have to rebase.

[padolph, 2013/11/01 20:35:31]

Done.

+    WebKit::WebCryptoKey private_key = NullKey();
+    if (!GenerateKeyPairInternal(
+             algorithm, extractable, usage_mask, &public_key, &private_key)) {
+      result.completeWithError();
+    } else {
+      DCHECK(public_key.handle());
+      DCHECK(private_key.handle());
+      DCHECK_EQ(algorithm.id(), public_key.algorithm().id());
+      DCHECK_EQ(algorithm.id(), private_key.algorithm().id());
+      DCHECK_EQ(true, public_key.extractable());

[eroman, 2013/10/31 22:18:36]

Shouldn't this be comparing against "extractable" not "true"?

[padolph, 2013/11/01 20:35:31]

This is related to the spec bug you and Ryan discussed in the comments in this
CL in webcrypto_impl_nss.cc. I'll switch it to the (IMO errant) behavior and add
a comment referencing the bug.

+      DCHECK_EQ(extractable, private_key.extractable());
+      DCHECK_EQ(usage_mask, public_key.usages());
+      DCHECK_EQ(usage_mask, private_key.usages());
+      result.completeWithKeyPair(public_key, private_key);
+    }
   } else {
-    DCHECK(key.handle());
-    DCHECK_EQ(algorithm.id(), key.algorithm().id());
-    DCHECK_EQ(extractable, key.extractable());
-    DCHECK_EQ(usage_mask, key.usages());
-    result.completeWithKey(key);
+    WebKit::WebCryptoKey key = NullKey();
+    if (!GenerateKeyInternal(algorithm, extractable, usage_mask, &key)) {
+      result.completeWithError();
+    } else {
+      DCHECK(key.handle());
+      DCHECK_EQ(algorithm.id(), key.algorithm().id());
+      DCHECK_EQ(extractable, key.extractable());
+      DCHECK_EQ(usage_mask, key.usages());
+      result.completeWithKey(key);
+    }
   }
 }