Revert "[webcrypto] Add decrypt() for AES-CBC."

This reverts commit r225743

BUG=245025

Review URL: https://codereview.chromium.org/25032003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@225750 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 28 insertions, 133 deletions

diff --git a/content/renderer/webcrypto/webcrypto_impl.cc b/content/renderer/webcrypto/webcrypto_impl.cc
index 6eeb3da..32c0433 100644
--- a/content/renderer/webcrypto/webcrypto_impl.cc
+++ b/content/renderer/webcrypto/webcrypto_impl.cc
@@ -29,20 +29,6 @@ void WebCryptoImpl::encrypt(
   }
 }
 
-void WebCryptoImpl::decrypt(
-    const WebKit::WebCryptoAlgorithm& algorithm,
-    const WebKit::WebCryptoKey& key,
-    const unsigned char* data,
-    unsigned data_size,
-    WebKit::WebCryptoResult result) {
-  WebKit::WebArrayBuffer buffer;
-  if (!DecryptInternal(algorithm, key, data, data_size, &buffer)) {
-    result.completeWithError();
-  } else {
-    result.completeWithBuffer(buffer);
-  }
-}
-
 void WebCryptoImpl::digest(
     const WebKit::WebCryptoAlgorithm& algorithm,
     const unsigned char* data,
diff --git a/content/renderer/webcrypto/webcrypto_impl.h b/content/renderer/webcrypto/webcrypto_impl.h
index 9b2dd3e..e587044 100644
--- a/content/renderer/webcrypto/webcrypto_impl.h
+++ b/content/renderer/webcrypto/webcrypto_impl.h
@@ -24,12 +24,6 @@ class CONTENT_EXPORT WebCryptoImpl
       const unsigned char* data,
       unsigned data_size,
       WebKit::WebCryptoResult result);
-  virtual void decrypt(
-      const WebKit::WebCryptoAlgorithm& algorithm,
-      const WebKit::WebCryptoKey& key,
-      const unsigned char* data,
-      unsigned data_size,
-      WebKit::WebCryptoResult result);
   virtual void digest(
       const WebKit::WebCryptoAlgorithm& algorithm,
       const unsigned char* data,
@@ -69,12 +63,6 @@ class CONTENT_EXPORT WebCryptoImpl
       const unsigned char* data,
       unsigned data_size,
       WebKit::WebArrayBuffer* buffer);
-  bool DecryptInternal(
-      const WebKit::WebCryptoAlgorithm& algorithm,
-      const WebKit::WebCryptoKey& key,
-      const unsigned char* data,
-      unsigned data_size,
-      WebKit::WebArrayBuffer* buffer);
   bool DigestInternal(
       const WebKit::WebCryptoAlgorithm& algorithm,
       const unsigned char* data,
diff --git a/content/renderer/webcrypto/webcrypto_impl_nss.cc b/content/renderer/webcrypto/webcrypto_impl_nss.cc
index 7b8917d..6a62cb8 100644
--- a/content/renderer/webcrypto/webcrypto_impl_nss.cc
+++ b/content/renderer/webcrypto/webcrypto_impl_nss.cc
@@ -84,17 +84,23 @@ void ShrinkBuffer(WebKit::WebArrayBuffer* buffer, unsigned new_size) {
   *buffer = new_buffer;
 }
 
-bool AesCbcEncryptDecrypt(
-    CK_ATTRIBUTE_TYPE operation,
+}  // namespace
+
+void WebCryptoImpl::Init() {
+  crypto::EnsureNSSInit();
+}
+
+bool WebCryptoImpl::EncryptInternal(
     const WebKit::WebCryptoAlgorithm& algorithm,
     const WebKit::WebCryptoKey& key,
     const unsigned char* data,
     unsigned data_size,
     WebKit::WebArrayBuffer* buffer) {
-  DCHECK_EQ(WebKit::WebCryptoAlgorithmIdAesCbc, algorithm.id());
+  if (algorithm.id() != WebKit::WebCryptoAlgorithmIdAesCbc)
+    return false;
+
   DCHECK_EQ(algorithm.id(), key.algorithm().id());
   DCHECK_EQ(WebKit::WebCryptoKeyTypeSecret, key.type());
-  DCHECK(operation == CKA_ENCRYPT || operation == CKA_DECRYPT);
 
   SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle());
 
@@ -112,7 +118,7 @@ bool AesCbcEncryptDecrypt(
     return false;
 
   crypto::ScopedPK11Context context(PK11_CreateContextBySymKey(
-      CKM_AES_CBC_PAD, operation, sym_key->key(), param.get()));
+      CKM_AES_CBC_PAD, CKA_ENCRYPT, sym_key->key(), param.get()));
 
   if (!context.get())
     return false;
@@ -127,8 +133,6 @@ bool AesCbcEncryptDecrypt(
     return false;
   }
 
-  // TODO(eroman): Refine the output buffer size. It can be computed exactly for
-  //               encryption, and can be smaller for decryption.
   unsigned output_max_len = data_size + AES_BLOCK_SIZE;
   CHECK_GT(output_max_len, data_size);
 
@@ -158,40 +162,6 @@ bool AesCbcEncryptDecrypt(
   return true;
 }
 
-}  // namespace
-
-void WebCryptoImpl::Init() {
-  crypto::EnsureNSSInit();
-}
-
-bool WebCryptoImpl::EncryptInternal(
-    const WebKit::WebCryptoAlgorithm& algorithm,
-    const WebKit::WebCryptoKey& key,
-    const unsigned char* data,
-    unsigned data_size,
-    WebKit::WebArrayBuffer* buffer) {
-  if (algorithm.id() == WebKit::WebCryptoAlgorithmIdAesCbc) {
-    return AesCbcEncryptDecrypt(
-        CKA_ENCRYPT, algorithm, key, data, data_size, buffer);
-  }
-
-  return false;
-}
-
-bool WebCryptoImpl::DecryptInternal(
-    const WebKit::WebCryptoAlgorithm& algorithm,
-    const WebKit::WebCryptoKey& key,
-    const unsigned char* data,
-    unsigned data_size,
-    WebKit::WebArrayBuffer* buffer) {
-  if (algorithm.id() == WebKit::WebCryptoAlgorithmIdAesCbc) {
-    return AesCbcEncryptDecrypt(
-        CKA_DECRYPT, algorithm, key, data, data_size, buffer);
-  }
-
-  return false;
-}
-
 bool WebCryptoImpl::DigestInternal(
     const WebKit::WebCryptoAlgorithm& algorithm,
     const unsigned char* data,
diff --git a/content/renderer/webcrypto/webcrypto_impl_openssl.cc b/content/renderer/webcrypto/webcrypto_impl_openssl.cc
index 040c174..47b91ee 100644
--- a/content/renderer/webcrypto/webcrypto_impl_openssl.cc
+++ b/content/renderer/webcrypto/webcrypto_impl_openssl.cc
@@ -18,15 +18,6 @@ bool WebCryptoImpl::EncryptInternal(
   return false;
 }
 
-bool WebCryptoImpl::DecryptInternal(
-    const WebKit::WebCryptoAlgorithm& algorithm,
-    const WebKit::WebCryptoKey& key,
-    const unsigned char* data,
-    unsigned data_size,
-    WebKit::WebArrayBuffer* buffer) {
-  return false;
-}
-
 bool WebCryptoImpl::DigestInternal(
     const WebKit::WebCryptoAlgorithm& algorithm,
     const unsigned char* data,
diff --git a/content/renderer/webcrypto/webcrypto_impl_unittest.cc b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
index 6b197db..a659c7f 100644
--- a/content/renderer/webcrypto/webcrypto_impl_unittest.cc
+++ b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
@@ -138,15 +138,6 @@ class WebCryptoImplTest : public testing::Test {
     return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer);
   }
 
-  bool DecryptInternal(
-      const WebKit::WebCryptoAlgorithm& algorithm,
-      const WebKit::WebCryptoKey& key,
-      const unsigned char* data,
-      unsigned data_size,
-      WebKit::WebArrayBuffer* buffer) {
-    return crypto_.DecryptInternal(algorithm, key, data, data_size, buffer);
-  }
-
  private:
   WebCryptoImpl crypto_;
 };
@@ -375,7 +366,7 @@ TEST_F(WebCryptoImplTest, HMACSampleSets) {
   }
 }
 
-TEST_F(WebCryptoImplTest, AesCbcFailures) {
+TEST_F(WebCryptoImplTest, AesCbcEncryptionFailures) {
   WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString(
       "2b7e151628aed2a6abf7158809cf4f3c",
       CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc),
@@ -385,22 +376,24 @@ TEST_F(WebCryptoImplTest, AesCbcFailures) {
 
   // Use an invalid |iv| (fewer than 16 bytes)
   {
-    std::vector<uint8> input(32);
+    std::vector<uint8> plain_text(33);
     std::vector<uint8> iv;
-    EXPECT_FALSE(EncryptInternal(
-        CreateAesCbcAlgorithm(iv), key, &input[0], input.size(), &output));
-    EXPECT_FALSE(DecryptInternal(
-        CreateAesCbcAlgorithm(iv), key, &input[0], input.size(), &output));
+    EXPECT_FALSE(EncryptInternal(CreateAesCbcAlgorithm(iv),
+                                 key,
+                                 &plain_text[0],
+                                 plain_text.size(),
+                                 &output));
   }
 
   // Use an invalid |iv| (more than 16 bytes)
   {
-    std::vector<uint8> input(32);
+    std::vector<uint8> plain_text(33);
     std::vector<uint8> iv(17);
-    EXPECT_FALSE(EncryptInternal(
-        CreateAesCbcAlgorithm(iv), key, &input[0], input.size(), &output));
-    EXPECT_FALSE(DecryptInternal(
-        CreateAesCbcAlgorithm(iv), key, &input[0], input.size(), &output));
+    EXPECT_FALSE(EncryptInternal(CreateAesCbcAlgorithm(iv),
+                                 key,
+                                 &plain_text[0],
+                                 plain_text.size(),
+                                 &output));
   }
 
   // Give an input that is too large (would cause integer overflow when
@@ -411,13 +404,11 @@ TEST_F(WebCryptoImplTest, AesCbcFailures) {
     // Pretend the input is large. Don't pass data pointer as NULL in case that
     // is special cased; the implementation shouldn't actually dereference the
     // data.
-    const unsigned char* input = &iv[0];
-    unsigned input_len = INT_MAX - 3;
+    const unsigned char* plain_text = &iv[0];
+    unsigned plain_text_len = INT_MAX - 3;
 
     EXPECT_FALSE(EncryptInternal(
-        CreateAesCbcAlgorithm(iv), key, input, input_len, &output));
-    EXPECT_FALSE(DecryptInternal(
-        CreateAesCbcAlgorithm(iv), key, input, input_len, &output));
+        CreateAesCbcAlgorithm(iv), key, plain_text, plain_text_len, &output));
   }
 
   // Fail importing the key (too few bytes specified)
@@ -530,44 +521,13 @@ TEST_F(WebCryptoImplTest, AesCbcSampleSets) {
 
     WebKit::WebArrayBuffer output;
 
-    // Test encryption.
     EXPECT_TRUE(EncryptInternal(CreateAesCbcAlgorithm(iv),
                                 key,
                                 &plain_text[0],
                                 plain_text.size(),
                                 &output));
-    ExpectArrayBufferMatchesHex(test.cipher_text, output);
 
-    // Test decryption.
-    std::vector<uint8> cipher_text = HexStringToBytes(test.cipher_text);
-    EXPECT_TRUE(DecryptInternal(CreateAesCbcAlgorithm(iv),
-                                key,
-                                &cipher_text[0],
-                                cipher_text.size(),
-                                &output));
-    ExpectArrayBufferMatchesHex(test.plain_text, output);
-
-    const unsigned kAesCbcBlockSize = 16;
-
-    // Decrypt with a padding error by stripping the last block. This also ends
-    // up testing decryption over empty cipher text.
-    if (cipher_text.size() >= kAesCbcBlockSize) {
-      EXPECT_FALSE(DecryptInternal(CreateAesCbcAlgorithm(iv),
-                                   key,
-                                   &cipher_text[0],
-                                   cipher_text.size() - kAesCbcBlockSize,
-                                   &output));
-    }
-
-    // Decrypt cipher text which is not block-aligned, by stripping a few bytes
-    // off the cipher text.
-    if (cipher_text.size() > 3) {
-      EXPECT_FALSE(DecryptInternal(CreateAesCbcAlgorithm(iv),
-                                   key,
-                                   &cipher_text[0],
-                                   cipher_text.size() - 3,
-                                   &output));
-    }
+    ExpectArrayBufferMatchesHex(test.cipher_text, output);
   }
 }