Revert 284192 due to a failing test.

content/child/webcrypto/shared_crypto.cc

+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/child/webcrypto/shared_crypto.h"
+
+#include "base/logging.h"
+#include "content/child/webcrypto/crypto_data.h"
+#include "content/child/webcrypto/jwk.h"
+#include "content/child/webcrypto/platform_crypto.h"
+#include "content/child/webcrypto/status.h"
+#include "content/child/webcrypto/webcrypto_util.h"
+#include "crypto/secure_util.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
+#include "third_party/WebKit/public/platform/WebCryptoKey.h"
+#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
+
+namespace content {
+
+namespace webcrypto {
+
+// ------------
+// Threading:
+// ------------
+//
+// All functions in this file are called from the webcrypto worker pool except
+// for:
+//
+//   * SerializeKeyForClone()
+//   * DeserializeKeyForClone()
+//   * ImportKey() // TODO(eroman): Change this.
+
+namespace {
+
+// TODO(eroman): Move this helper to WebCryptoKey.
+bool KeyUsageAllows(const blink::WebCryptoKey& key,
+                    const blink::WebCryptoKeyUsage usage) {
+  return ((key.usages() & usage) != 0);
+}
+
+bool IsValidAesKeyLengthBits(unsigned int length_bits) {
+  // 192-bit AES is disallowed.
+  return length_bits == 128 || length_bits == 256;
+}
+
+bool IsValidAesKeyLengthBytes(unsigned int length_bytes) {
+  // 192-bit AES is disallowed.
+  return length_bytes == 16 || length_bytes == 32;
+}
+
+const size_t kAesBlockSizeBytes = 16;
+
+Status EncryptDecryptAesCbc(EncryptOrDecrypt mode,
+                            const blink::WebCryptoAlgorithm& algorithm,
+                            const blink::WebCryptoKey& key,
+                            const CryptoData& data,
+                            std::vector<uint8>* buffer) {
+  platform::SymKey* sym_key;
+  Status status = ToPlatformSymKey(key, &sym_key);
+  if (status.IsError())
+    return status;
+
+  const blink::WebCryptoAesCbcParams* params = algorithm.aesCbcParams();
+  if (!params)
+    return Status::ErrorUnexpected();
+
+  CryptoData iv(params->iv().data(), params->iv().size());
+  if (iv.byte_length() != kAesBlockSizeBytes)
+    return Status::ErrorIncorrectSizeAesCbcIv();
+
+  return platform::EncryptDecryptAesCbc(mode, sym_key, data, iv, buffer);
+}
+
+Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
+                            const blink::WebCryptoAlgorithm& algorithm,
+                            const blink::WebCryptoKey& key,
+                            const CryptoData& data,
+                            std::vector<uint8>* buffer) {
+  platform::SymKey* sym_key;
+  Status status = ToPlatformSymKey(key, &sym_key);
+  if (status.IsError())
+    return status;
+
+  const blink::WebCryptoAesGcmParams* params = algorithm.aesGcmParams();
+  if (!params)
+    return Status::ErrorUnexpected();
+
+  unsigned int tag_length_bits = 128;
+  if (params->hasTagLengthBits())
+    tag_length_bits = params->optionalTagLengthBits();
+
+  if (tag_length_bits != 32 && tag_length_bits != 64 && tag_length_bits != 96 &&
+      tag_length_bits != 104 && tag_length_bits != 112 &&
+      tag_length_bits != 120 && tag_length_bits != 128)
+    return Status::ErrorInvalidAesGcmTagLength();
+
+  return platform::EncryptDecryptAesGcm(
+      mode,
+      sym_key,
+      data,
+      CryptoData(params->iv()),
+      CryptoData(params->optionalAdditionalData()),
+      tag_length_bits,
+      buffer);
+}
+
+Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm,
+                      const blink::WebCryptoKey& key,
+                      const CryptoData& data,
+                      std::vector<uint8>* buffer) {
+  platform::PublicKey* public_key;
+  Status status = ToPlatformPublicKey(key, &public_key);
+  if (status.IsError())
+    return status;
+
+  const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams();
+  if (!params)
+    return Status::ErrorUnexpected();
+
+  return platform::EncryptRsaOaep(public_key,
+                                  key.algorithm().rsaHashedParams()->hash(),
+                                  CryptoData(params->optionalLabel()),
+                                  data,
+                                  buffer);
+}
+
+Status DecryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm,
+                      const blink::WebCryptoKey& key,
+                      const CryptoData& data,
+                      std::vector<uint8>* buffer) {
+  platform::PrivateKey* private_key;
+  Status status = ToPlatformPrivateKey(key, &private_key);
+  if (status.IsError())
+    return status;
+
+  const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams();
+  if (!params)
+    return Status::ErrorUnexpected();
+
+  return platform::DecryptRsaOaep(private_key,
+                                  key.algorithm().rsaHashedParams()->hash(),
+                                  CryptoData(params->optionalLabel()),
+                                  data,
+                                  buffer);
+}
+
+Status SignHmac(const blink::WebCryptoAlgorithm& algorithm,
+                const blink::WebCryptoKey& key,
+                const CryptoData& data,
+                std::vector<uint8>* buffer) {
+  platform::SymKey* sym_key;
+  Status status = ToPlatformSymKey(key, &sym_key);
+  if (status.IsError())
+    return status;
+
+  return platform::SignHmac(
+      sym_key, key.algorithm().hmacParams()->hash(), data, buffer);
+}
+
+Status VerifyHmac(const blink::WebCryptoAlgorithm& algorithm,
+                  const blink::WebCryptoKey& key,
+                  const CryptoData& signature,
+                  const CryptoData& data,
+                  bool* signature_match) {
+  std::vector<uint8> result;
+  Status status = SignHmac(algorithm, key, data, &result);
+  if (status.IsError())
+    return status;
+
+  // Do not allow verification of truncated MACs.
+  *signature_match =
+      result.size() == signature.byte_length() &&
+      crypto::SecureMemEqual(
+          Uint8VectorStart(result), signature.bytes(), signature.byte_length());
+
+  return Status::Success();
+}
+
+Status SignRsaSsaPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
+                           const blink::WebCryptoKey& key,
+                           const CryptoData& data,
+                           std::vector<uint8>* buffer) {
+  platform::PrivateKey* private_key;
+  Status status = ToPlatformPrivateKey(key, &private_key);
+  if (status.IsError())
+    return status;
+
+  return platform::SignRsaSsaPkcs1v1_5(
+      private_key, key.algorithm().rsaHashedParams()->hash(), data, buffer);
+}
+
+Status VerifyRsaSsaPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
+                             const blink::WebCryptoKey& key,
+                             const CryptoData& signature,
+                             const CryptoData& data,
+                             bool* signature_match) {
+  platform::PublicKey* public_key;
+  Status status = ToPlatformPublicKey(key, &public_key);
+  if (status.IsError())
+    return status;
+
+  return platform::VerifyRsaSsaPkcs1v1_5(
+      public_key,
+      key.algorithm().rsaHashedParams()->hash(),
+      signature,
+      data,
+      signature_match);
+}
+
+// Note that this function may be called from the target Blink thread.
+Status ImportKeyRaw(const CryptoData& key_data,
+                    const blink::WebCryptoAlgorithm& algorithm,
+                    bool extractable,
+                    blink::WebCryptoKeyUsageMask usage_mask,
+                    blink::WebCryptoKey* key) {
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesCtr:
+    case blink::WebCryptoAlgorithmIdAesCbc:
+    case blink::WebCryptoAlgorithmIdAesGcm:
+    case blink::WebCryptoAlgorithmIdAesKw:
+      if (!IsValidAesKeyLengthBytes(key_data.byte_length())) {
+        return key_data.byte_length() == 24
+                   ? Status::ErrorAes192BitUnsupported()
+                   : Status::ErrorImportAesKeyLength();
+      }
+    // Fallthrough intentional!
+    case blink::WebCryptoAlgorithmIdHmac:
+      return platform::ImportKeyRaw(
+          algorithm, key_data, extractable, usage_mask, key);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+// Returns the key format to use for structured cloning.
+blink::WebCryptoKeyFormat GetCloneFormatForKeyType(
+    blink::WebCryptoKeyType type) {
+  switch (type) {
+    case blink::WebCryptoKeyTypeSecret:
+      return blink::WebCryptoKeyFormatRaw;
+    case blink::WebCryptoKeyTypePublic:
+      return blink::WebCryptoKeyFormatSpki;
+    case blink::WebCryptoKeyTypePrivate:
+      return blink::WebCryptoKeyFormatPkcs8;
+  }
+
+  NOTREACHED();
+  return blink::WebCryptoKeyFormatRaw;
+}
+
+// Converts a KeyAlgorithm into an equivalent Algorithm for import.
+blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm(
+    const blink::WebCryptoKeyAlgorithm& algorithm) {
+  switch (algorithm.paramsType()) {
+    case blink::WebCryptoKeyAlgorithmParamsTypeAes:
+      return CreateAlgorithm(algorithm.id());
+    case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
+      return CreateHmacImportAlgorithm(algorithm.hmacParams()->hash().id());
+    case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
+      return CreateRsaHashedImportAlgorithm(
+          algorithm.id(), algorithm.rsaHashedParams()->hash().id());
+    case blink::WebCryptoKeyAlgorithmParamsTypeNone:
+      break;
+    default:
+      break;
+  }
+  return blink::WebCryptoAlgorithm::createNull();
+}
+
+// There is some duplicated information in the serialized format used by
+// structured clone (since the KeyAlgorithm is serialized separately from the
+// key data). Use this extra information to further validate what was
+// deserialized from the key data.
+//
+// A failure here implies either a bug in the code, or that the serialized data
+// was corrupted.
+bool ValidateDeserializedKey(const blink::WebCryptoKey& key,
+                             const blink::WebCryptoKeyAlgorithm& algorithm,
+                             blink::WebCryptoKeyType type) {
+  if (algorithm.id() != key.algorithm().id())
+    return false;
+
+  if (key.type() != type)
+    return false;
+
+  switch (algorithm.paramsType()) {
+    case blink::WebCryptoKeyAlgorithmParamsTypeAes:
+      if (algorithm.aesParams()->lengthBits() !=
+          key.algorithm().aesParams()->lengthBits())
+        return false;
+      break;
+    case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
+      if (algorithm.rsaHashedParams()->modulusLengthBits() !=
+          key.algorithm().rsaHashedParams()->modulusLengthBits())
+        return false;
+      if (algorithm.rsaHashedParams()->publicExponent().size() !=
+          key.algorithm().rsaHashedParams()->publicExponent().size())
+        return false;
+      if (memcmp(algorithm.rsaHashedParams()->publicExponent().data(),
+                 key.algorithm().rsaHashedParams()->publicExponent().data(),
+                 key.algorithm().rsaHashedParams()->publicExponent().size()) !=
+          0)
+        return false;
+      break;
+    case blink::WebCryptoKeyAlgorithmParamsTypeNone:
+    case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
+      break;
+    default:
+      return false;
+  }
+
+  return true;
+}
+
+Status EncryptDecryptAesKw(EncryptOrDecrypt mode,
+                           const blink::WebCryptoAlgorithm& algorithm,
+                           const blink::WebCryptoKey& key,
+                           const CryptoData& data,
+                           std::vector<uint8>* buffer) {
+  platform::SymKey* sym_key;
+  Status status = ToPlatformSymKey(key, &sym_key);
+  if (status.IsError())
+    return status;
+
+  unsigned int min_length = mode == ENCRYPT ? 16 : 24;
+
+  if (data.byte_length() < min_length)
+    return Status::ErrorDataTooSmall();
+  if (data.byte_length() % 8)
+    return Status::ErrorInvalidAesKwDataLength();
+
+  if (status.IsError())
+    return status;
+  return platform::EncryptDecryptAesKw(mode, sym_key, data, buffer);
+}
+
+Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm,
+                                const blink::WebCryptoKey& key,
+                                const CryptoData& data,
+                                std::vector<uint8>* buffer) {
+  if (algorithm.id() != key.algorithm().id())
+    return Status::ErrorUnexpected();
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesCbc:
+      return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdAesGcm:
+      return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdRsaOaep:
+      return DecryptRsaOaep(algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdAesKw:
+      return EncryptDecryptAesKw(DECRYPT, algorithm, key, data, buffer);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm,
+                             const blink::WebCryptoKey& key,
+                             const CryptoData& data,
+                             std::vector<uint8>* buffer) {
+  if (algorithm.id() != key.algorithm().id())
+    return Status::ErrorUnexpected();
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesCbc:
+      return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdAesGcm:
+      return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdAesKw:
+      return EncryptDecryptAesKw(ENCRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdRsaOaep:
+      return EncryptRsaOaep(algorithm, key, data, buffer);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+Status UnwrapKeyDecryptAndImport(
+    blink::WebCryptoKeyFormat format,
+    const CryptoData& wrapped_key_data,
+    const blink::WebCryptoKey& wrapping_key,
+    const blink::WebCryptoAlgorithm& wrapping_algorithm,
+    const blink::WebCryptoAlgorithm& algorithm,
+    bool extractable,
+    blink::WebCryptoKeyUsageMask usage_mask,
+    blink::WebCryptoKey* key) {
+  std::vector<uint8> buffer;
+  Status status = DecryptDontCheckKeyUsage(
+      wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer);
+  if (status.IsError())
+    return status;
+  // NOTE that returning the details of ImportKey() failures may leak
+  // information about the plaintext of the encrypted key (for instance the JWK
+  // key_ops). As long as the ImportKey error messages don't describe actual
+  // key bytes however this should be OK. For more discussion see
+  // http://crubg.com/372040
+  return ImportKey(
+      format, CryptoData(buffer), algorithm, extractable, usage_mask, key);
+}
+
+Status WrapKeyExportAndEncrypt(
+    blink::WebCryptoKeyFormat format,
+    const blink::WebCryptoKey& key_to_wrap,
+    const blink::WebCryptoKey& wrapping_key,
+    const blink::WebCryptoAlgorithm& wrapping_algorithm,
+    std::vector<uint8>* buffer) {
+  std::vector<uint8> exported_data;
+  Status status = ExportKey(format, key_to_wrap, &exported_data);
+  if (status.IsError())
+    return status;
+  return EncryptDontCheckUsage(
+      wrapping_algorithm, wrapping_key, CryptoData(exported_data), buffer);
+}
+
+// Returns the internal block size for SHA-*
+unsigned int ShaBlockSizeBytes(blink::WebCryptoAlgorithmId hash_id) {
+  switch (hash_id) {
+    case blink::WebCryptoAlgorithmIdSha1:
+    case blink::WebCryptoAlgorithmIdSha256:
+      return 64;
+    case blink::WebCryptoAlgorithmIdSha384:
+    case blink::WebCryptoAlgorithmIdSha512:
+      return 128;
+    default:
+      NOTREACHED();
+      return 0;
+  }
+}
+
+// Returns the mask of all key usages that are possible for |algorithm| and
+// |key_type|. If the combination of |algorithm| and |key_type| doesn't make
+// sense, then returns 0 (no usages).
+blink::WebCryptoKeyUsageMask GetValidKeyUsagesForKeyType(
+    blink::WebCryptoAlgorithmId algorithm,
+    blink::WebCryptoKeyType key_type) {
+  if (IsAlgorithmAsymmetric(algorithm) ==
+      (key_type == blink::WebCryptoKeyTypeSecret))
+    return 0;
+
+  switch (algorithm) {
+    case blink::WebCryptoAlgorithmIdAesCbc:
+    case blink::WebCryptoAlgorithmIdAesGcm:
+    case blink::WebCryptoAlgorithmIdAesCtr:
+      return blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt |
+             blink::WebCryptoKeyUsageWrapKey |
+             blink::WebCryptoKeyUsageUnwrapKey;
+    case blink::WebCryptoAlgorithmIdAesKw:
+      return blink::WebCryptoKeyUsageWrapKey |
+             blink::WebCryptoKeyUsageUnwrapKey;
+    case blink::WebCryptoAlgorithmIdHmac:
+      return blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
+    case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
+      switch (key_type) {
+        case blink::WebCryptoKeyTypePublic:
+          return blink::WebCryptoKeyUsageVerify;
+        case blink::WebCryptoKeyTypePrivate:
+          return blink::WebCryptoKeyUsageSign;
+        default:
+          return 0;
+      }
+    case blink::WebCryptoAlgorithmIdRsaOaep:
+      switch (key_type) {
+        case blink::WebCryptoKeyTypePublic:
+          return blink::WebCryptoKeyUsageEncrypt |
+                 blink::WebCryptoKeyUsageWrapKey;
+        case blink::WebCryptoKeyTypePrivate:
+          return blink::WebCryptoKeyUsageDecrypt |
+                 blink::WebCryptoKeyUsageUnwrapKey;
+        default:
+          return 0;
+      }
+    default:
+      return 0;
+  }
+}
+
+// Returns Status::Success() if |usages| is a valid set of key usages for
+// |algorithm| and |key_type|. Otherwise returns an error.
+// In the case of JWK format the check is incomplete for asymmetric algorithms.
+Status BestEffortCheckKeyUsagesForImport(blink::WebCryptoAlgorithmId algorithm,
+                                         blink::WebCryptoKeyFormat format,
+                                         blink::WebCryptoKeyUsageMask usages) {
+  if (!IsAlgorithmAsymmetric(algorithm))
+    return CheckKeyUsages(algorithm, blink::WebCryptoKeyTypeSecret, usages);
+
+  // Try to infer the key type given the import format.
+  switch (format) {
+    case blink::WebCryptoKeyFormatRaw:
+      // TODO(eroman): The spec defines Diffie-Hellman raw import for public
+      // keys, so this will need to be updated in the future when DH is
+      // implemented.
+      return Status::ErrorUnexpected();
+    case blink::WebCryptoKeyFormatSpki:
+      return CheckKeyUsages(algorithm, blink::WebCryptoKeyTypePublic, usages);
+    case blink::WebCryptoKeyFormatPkcs8:
+      return CheckKeyUsages(algorithm, blink::WebCryptoKeyTypePrivate, usages);
+    case blink::WebCryptoKeyFormatJwk:
+      break;
+    default:
+      return Status::ErrorUnexpected();
+  }
+
+  // If the key type is not known, then the algorithm is asymmetric. Whether the
+  // key data describes a public or private key isn't known yet. But it must at
+  // least be ONE of those two.
+  DCHECK(IsAlgorithmAsymmetric(algorithm));
+
+  if (CheckKeyUsages(algorithm, blink::WebCryptoKeyTypePublic, usages)
+          .IsError() &&
+      CheckKeyUsages(algorithm, blink::WebCryptoKeyTypePrivate, usages)
+          .IsError()) {
+    return Status::ErrorCreateKeyBadUsages();
+  }
+
+  return Status::Success();
+}
+
+// Returns an error if |combined_usage_mask| is invalid for generating a key
+// pair for |algorithm|. Otherwise returns Status::Success(), and fills
+// |public_key_usages| with the usages for the public key, and
+// |private_key_usages| with those for the private key.
+Status CheckKeyUsagesForGenerateKeyPair(
+    blink::WebCryptoAlgorithmId algorithm,
+    blink::WebCryptoKeyUsageMask combined_usage_mask,
+    blink::WebCryptoKeyUsageMask* public_key_usages,
+    blink::WebCryptoKeyUsageMask* private_key_usages) {
+  DCHECK(IsAlgorithmAsymmetric(algorithm));
+
+  blink::WebCryptoKeyUsageMask all_public_key_usages =
+      GetValidKeyUsagesForKeyType(algorithm, blink::WebCryptoKeyTypePublic);
+  blink::WebCryptoKeyUsageMask all_private_key_usages =
+      GetValidKeyUsagesForKeyType(algorithm, blink::WebCryptoKeyTypePrivate);
+
+  if (!ContainsKeyUsages(all_public_key_usages | all_private_key_usages,
+                         combined_usage_mask))
+    return Status::ErrorCreateKeyBadUsages();
+
+  *public_key_usages = combined_usage_mask & all_public_key_usages;
+  *private_key_usages = combined_usage_mask & all_private_key_usages;
+
+  return Status::Success();
+}
+
+// Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros,
+// to unsigned long.
+bool BigIntegerToLong(const uint8* data,
+                      unsigned int data_size,
+                      unsigned long* result) {
+  // TODO(padolph): Is it correct to say that empty data is an error, or does it
+  // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655
+  if (data_size == 0)
+    return false;
+
+  *result = 0;
+  for (size_t i = 0; i < data_size; ++i) {
+    size_t reverse_i = data_size - i - 1;
+
+    if (reverse_i >= sizeof(unsigned long) && data[i])
+      return false;  // Too large for a long.
+
+    *result |= data[i] << 8 * reverse_i;
+  }
+  return true;
+}
+
+
+}  // namespace
+
+void Init() { platform::Init(); }
+
+Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
+               const blink::WebCryptoKey& key,
+               const CryptoData& data,
+               std::vector<uint8>* buffer) {
+  if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt))
+    return Status::ErrorUnexpected();
+  return EncryptDontCheckUsage(algorithm, key, data, buffer);
+}
+
+Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
+               const blink::WebCryptoKey& key,
+               const CryptoData& data,
+               std::vector<uint8>* buffer) {
+  if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageDecrypt))
+    return Status::ErrorUnexpected();
+  return DecryptDontCheckKeyUsage(algorithm, key, data, buffer);
+}
+
+Status Digest(const blink::WebCryptoAlgorithm& algorithm,
+              const CryptoData& data,
+              std::vector<uint8>* buffer) {
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdSha1:
+    case blink::WebCryptoAlgorithmIdSha256:
+    case blink::WebCryptoAlgorithmIdSha384:
+    case blink::WebCryptoAlgorithmIdSha512:
+      return platform::DigestSha(algorithm.id(), data, buffer);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
+    blink::WebCryptoAlgorithmId algorithm) {
+  return platform::CreateDigestor(algorithm);
+}
+
+Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
+                         bool extractable,
+                         blink::WebCryptoKeyUsageMask usage_mask,
+                         blink::WebCryptoKey* key) {
+  Status status =
+      CheckKeyUsages(algorithm.id(), blink::WebCryptoKeyTypeSecret, usage_mask);
+  if (status.IsError())
+    return status;
+
+  unsigned int keylen_bytes = 0;
+
+  // Get the secret key length in bytes from generation parameters.
+  // This resolves any defaults.
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesCbc:
+    case blink::WebCryptoAlgorithmIdAesGcm:
+    case blink::WebCryptoAlgorithmIdAesKw: {
+      if (!IsValidAesKeyLengthBits(algorithm.aesKeyGenParams()->lengthBits())) {
+        return algorithm.aesKeyGenParams()->lengthBits() == 192
+                   ? Status::ErrorAes192BitUnsupported()
+                   : Status::ErrorGenerateKeyLength();
+      }
+      keylen_bytes = algorithm.aesKeyGenParams()->lengthBits() / 8;
+      break;
+    }
+    case blink::WebCryptoAlgorithmIdHmac: {
+      const blink::WebCryptoHmacKeyGenParams* params =
+          algorithm.hmacKeyGenParams();
+      DCHECK(params);
+      if (params->hasLengthBits()) {
+        if (params->optionalLengthBits() % 8)
+          return Status::ErrorGenerateKeyLength();
+        keylen_bytes = params->optionalLengthBits() / 8;
+      } else {
+        keylen_bytes = ShaBlockSizeBytes(params->hash().id());
+        if (keylen_bytes == 0)
+          return Status::ErrorUnsupported();
+      }
+      break;
+    }
+
+    default:
+      return Status::ErrorUnsupported();
+  }
+
+  // TODO(eroman): Is this correct? HMAC can import zero-length keys, so should
+  //               probably be able to allowed to generate them too.
+  if (keylen_bytes == 0)
+    return Status::ErrorGenerateKeyLength();
+
+  return platform::GenerateSecretKey(
+      algorithm, extractable, usage_mask, keylen_bytes, key);
+}
+
+Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm,
+                       bool extractable,
+                       blink::WebCryptoKeyUsageMask combined_usage_mask,
+                       blink::WebCryptoKey* public_key,
+                       blink::WebCryptoKey* private_key) {
+  blink::WebCryptoKeyUsageMask public_key_usage_mask = 0;
+  blink::WebCryptoKeyUsageMask private_key_usage_mask = 0;
+
+  Status status = CheckKeyUsagesForGenerateKeyPair(algorithm.id(),
+                                                   combined_usage_mask,
+                                                   &public_key_usage_mask,
+                                                   &private_key_usage_mask);
+  if (status.IsError())
+    return status;
+
+  // TODO(padolph): Handle other asymmetric algorithm key generation.
+  switch (algorithm.paramsType()) {
+    case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: {
+      const blink::WebCryptoRsaHashedKeyGenParams* params =
+          algorithm.rsaHashedKeyGenParams();
+
+      if (!params->modulusLengthBits())
+        return Status::ErrorGenerateRsaZeroModulus();
+
+      unsigned long public_exponent = 0;
+      if (!BigIntegerToLong(params->publicExponent().data(),
+                            params->publicExponent().size(),
+                            &public_exponent) ||
+          (public_exponent != 3 && public_exponent != 65537)) {
+        return Status::ErrorGenerateKeyPublicExponent();
+      }
+
+      return platform::GenerateRsaKeyPair(algorithm,
+                                          extractable,
+                                          public_key_usage_mask,
+                                          private_key_usage_mask,
+                                          params->modulusLengthBits(),
+                                          public_exponent,
+                                          public_key,
+                                          private_key);
+    }
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+// Note that this function may be called from the target Blink thread.
+Status ImportKey(blink::WebCryptoKeyFormat format,
+                 const CryptoData& key_data,
+                 const blink::WebCryptoAlgorithm& algorithm,
+                 bool extractable,
+                 blink::WebCryptoKeyUsageMask usage_mask,
+                 blink::WebCryptoKey* key) {
+  // This is "best effort" because it is incomplete for JWK (for which the key
+  // type is not yet known). ImportKeyJwk() does extra checks on key usage once
+  // the key type has been determined.
+  Status status =
+      BestEffortCheckKeyUsagesForImport(algorithm.id(), format, usage_mask);
+  if (status.IsError())
+    return status;
+
+  switch (format) {
+    case blink::WebCryptoKeyFormatRaw:
+      return ImportKeyRaw(key_data, algorithm, extractable, usage_mask, key);
+    case blink::WebCryptoKeyFormatSpki:
+      return platform::ImportKeySpki(
+          algorithm, key_data, extractable, usage_mask, key);
+    case blink::WebCryptoKeyFormatPkcs8:
+      return platform::ImportKeyPkcs8(
+          algorithm, key_data, extractable, usage_mask, key);
+    case blink::WebCryptoKeyFormatJwk:
+      return ImportKeyJwk(key_data, algorithm, extractable, usage_mask, key);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+// TODO(eroman): Move this to anonymous namespace.
+Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format,
+                                        const blink::WebCryptoKey& key,
+                                        std::vector<uint8>* buffer) {
+  switch (format) {
+    case blink::WebCryptoKeyFormatRaw: {
+      platform::SymKey* sym_key;
+      Status status = ToPlatformSymKey(key, &sym_key);
+      if (status.IsError())
+        return status;
+      return platform::ExportKeyRaw(sym_key, buffer);
+    }
+    case blink::WebCryptoKeyFormatSpki: {
+      platform::PublicKey* public_key;
+      Status status = ToPlatformPublicKey(key, &public_key);
+      if (status.IsError())
+        return status;
+      return platform::ExportKeySpki(public_key, buffer);
+    }
+    case blink::WebCryptoKeyFormatPkcs8: {
+      platform::PrivateKey* private_key;
+      Status status = ToPlatformPrivateKey(key, &private_key);
+      if (status.IsError())
+        return status;
+      return platform::ExportKeyPkcs8(private_key, key.algorithm(), buffer);
+    }
+    case blink::WebCryptoKeyFormatJwk:
+      return ExportKeyJwk(key, buffer);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+Status ExportKey(blink::WebCryptoKeyFormat format,
+                 const blink::WebCryptoKey& key,
+                 std::vector<uint8>* buffer) {
+  if (!key.extractable())
+    return Status::ErrorKeyNotExtractable();
+  return ExportKeyDontCheckExtractability(format, key, buffer);
+}
+
+Status Sign(const blink::WebCryptoAlgorithm& algorithm,
+            const blink::WebCryptoKey& key,
+            const CryptoData& data,
+            std::vector<uint8>* buffer) {
+  if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageSign))
+    return Status::ErrorUnexpected();
+  if (algorithm.id() != key.algorithm().id())
+    return Status::ErrorUnexpected();
+
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdHmac:
+      return SignHmac(algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
+      return SignRsaSsaPkcs1v1_5(algorithm, key, data, buffer);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+Status VerifySignature(const blink::WebCryptoAlgorithm& algorithm,
+                       const blink::WebCryptoKey& key,
+                       const CryptoData& signature,
+                       const CryptoData& data,
+                       bool* signature_match) {
+  if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageVerify))
+    return Status::ErrorUnexpected();
+  if (algorithm.id() != key.algorithm().id())
+    return Status::ErrorUnexpected();
+
+  if (!signature.byte_length()) {
+    // None of the algorithms generate valid zero-length signatures so this
+    // will necessarily fail verification. Early return to protect
+    // implementations from dealing with a NULL signature pointer.
+    *signature_match = false;
+    return Status::Success();
+  }
+
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdHmac:
+      return VerifyHmac(algorithm, key, signature, data, signature_match);
+    case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
+      return VerifyRsaSsaPkcs1v1_5(
+          algorithm, key, signature, data, signature_match);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+Status WrapKey(blink::WebCryptoKeyFormat format,
+               const blink::WebCryptoKey& key_to_wrap,
+               const blink::WebCryptoKey& wrapping_key,
+               const blink::WebCryptoAlgorithm& wrapping_algorithm,
+               std::vector<uint8>* buffer) {
+  if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey))
+    return Status::ErrorUnexpected();
+  if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
+    return Status::ErrorUnexpected();
+
+  return WrapKeyExportAndEncrypt(
+      format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
+}
+
+Status UnwrapKey(blink::WebCryptoKeyFormat format,
+                 const CryptoData& wrapped_key_data,
+                 const blink::WebCryptoKey& wrapping_key,
+                 const blink::WebCryptoAlgorithm& wrapping_algorithm,
+                 const blink::WebCryptoAlgorithm& algorithm,
+                 bool extractable,
+                 blink::WebCryptoKeyUsageMask usage_mask,
+                 blink::WebCryptoKey* key) {
+  if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
+    return Status::ErrorUnexpected();
+  if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
+    return Status::ErrorUnexpected();
+
+  // Fail-fast if the key usages don't make sense. This avoids decrypting the
+  // key only to then have import fail. It is "best effort" because when
+  // unwrapping JWK for asymmetric algorithms the key type isn't known yet.
+  Status status =
+      BestEffortCheckKeyUsagesForImport(algorithm.id(), format, usage_mask);
+  if (status.IsError())
+    return status;
+
+  return UnwrapKeyDecryptAndImport(format,
+                                   wrapped_key_data,
+                                   wrapping_key,
+                                   wrapping_algorithm,
+                                   algorithm,
+                                   extractable,
+                                   usage_mask,
+                                   key);
+}
+
+// Note that this function is called from the target Blink thread.
+bool SerializeKeyForClone(const blink::WebCryptoKey& key,
+                          blink::WebVector<uint8>* key_data) {
+  return static_cast<webcrypto::platform::Key*>(key.handle())
+      ->ThreadSafeSerializeForClone(key_data);
+}
+
+// Note that this function is called from the target Blink thread.
+bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
+                            blink::WebCryptoKeyType type,
+                            bool extractable,
+                            blink::WebCryptoKeyUsageMask usage_mask,
+                            const CryptoData& key_data,
+                            blink::WebCryptoKey* key) {
+  // TODO(eroman): This should not call into the platform crypto layer.
+  // Otherwise it runs the risk of stalling while the NSS/OpenSSL global locks
+  // are held.
+  //
+  // An alternate approach is to defer the key import until the key is used.
+  // However this means that any deserialization errors would have to be
+  // surfaced as WebCrypto errors, leading to slightly different behaviors. For
+  // instance you could clone a key which fails to be deserialized.
+  Status status = ImportKey(GetCloneFormatForKeyType(type),
+                            key_data,
+                            KeyAlgorithmToImportAlgorithm(algorithm),
+                            extractable,
+                            usage_mask,
+                            key);
+  if (status.IsError())
+    return false;
+  return ValidateDeserializedKey(*key, algorithm, type);
+}
+
+Status ToPlatformSymKey(const blink::WebCryptoKey& key,
+                        platform::SymKey** out) {
+  *out = static_cast<platform::Key*>(key.handle())->AsSymKey();
+  if (!*out)
+    return Status::ErrorUnexpectedKeyType();
+  return Status::Success();
+}
+
+Status ToPlatformPublicKey(const blink::WebCryptoKey& key,
+                           platform::PublicKey** out) {
+  *out = static_cast<platform::Key*>(key.handle())->AsPublicKey();
+  if (!*out)
+    return Status::ErrorUnexpectedKeyType();
+  return Status::Success();
+}
+
+Status ToPlatformPrivateKey(const blink::WebCryptoKey& key,
+                            platform::PrivateKey** out) {
+  *out = static_cast<platform::Key*>(key.handle())->AsPrivateKey();
+  if (!*out)
+    return Status::ErrorUnexpectedKeyType();
+  return Status::Success();
+}
+
+// Returns Status::Success() if |usages| is a valid set of key usages for
+// |algorithm| and |key_type|. Otherwise returns an error.
+Status CheckKeyUsages(blink::WebCryptoAlgorithmId algorithm,
+                      blink::WebCryptoKeyType key_type,
+                      blink::WebCryptoKeyUsageMask usages) {
+  if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type),
+                         usages))
+    return Status::ErrorCreateKeyBadUsages();
+
+  return Status::Success();
+}
+
+}  // namespace webcrypto
+
+}  // namespace content