Revert 266798 "[webcrypto] Make operations run on a background t..."

> [webcrypto] Make operations run on a background thread so they don't block the blink thread. > > More details on threading strategy provided in webcrypto_impl.cc. > > BUG=245025 > > Review URL: https://codereview.chromium.org/233733004 TBR=eroman@chromium.org Review URL: https://codereview.chromium.org/252213003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266903 0039d316-1c4b-4281-b951-d872f2087c98

Revert 266798 "[webcrypto] Make operations run on a background t..."
> [webcrypto] Make operations run on a background thread so they don't block the blink thread. > > More details on threading strategy provided in webcrypto_impl.cc. > > BUG=245025 > > Review URL: https://codereview.chromium.org/233733004 TBR=eroman@chromium.org Review URL: https://codereview.chromium.org/252213003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266903 0039d316-1c4b-4281-b951-d872f2087c98
04a5dfa9 · jsbell@chromium.org · 850812dd · 04a5dfa9 · 04a5dfa9 · 04a5dfa9
Commit 04a5dfa9 authored Apr 29, 2014 by jsbell@chromium.org
13 changed files
--- a/content/child/webcrypto/jwk.cc
+++ b/content/child/webcrypto/jwk.cc
@@ -2,16 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
-#include "jwk.h"
 #include <algorithm>
 #include <functional>
 #include <map>
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/lazy_instance.h"
-#include "base/strings/string_piece.h"
 #include "base/strings/stringprintf.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/platform_crypto.h"
@@ -303,14 +299,18 @@ bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a,
 }
 // Writes a secret/symmetric key to a JWK dictionary.
-void WriteSecretKey(const std::vector<uint8>& raw_key,
+void WriteSecretKey(const blink::WebArrayBuffer& raw_key,
                    base::DictionaryValue* jwk_dict) {
  DCHECK(jwk_dict);
  jwk_dict->SetString("kty", "oct");
  // For a secret/symmetric key, the only extra JWK field is 'k', containing the
  // base64url encoding of the raw key.
-  const base::StringPiece key_str(
+  DCHECK(!raw_key.isNull());
-      reinterpret_cast<const char*>(Uint8VectorStart(raw_key)), raw_key.size());
+  DCHECK(raw_key.data());
+  DCHECK(raw_key.byteLength());
+  unsigned int key_length_bytes = raw_key.byteLength();
+  const base::StringPiece key_str(static_cast<const char*>(raw_key.data()),
+                                  key_length_bytes);
  jwk_dict->SetString("k", Base64EncodeUrlSafe(key_str));
 }
@@ -791,14 +791,14 @@ Status ImportKeyJwk(const CryptoData& key_data,
 }
 Status ExportKeyJwk(const blink::WebCryptoKey& key,
-                    std::vector<uint8>* buffer) {
+                    blink::WebArrayBuffer* buffer) {
  DCHECK(key.extractable());
  base::DictionaryValue jwk_dict;
  Status status = Status::OperationError();
  switch (key.type()) {
    case blink::WebCryptoKeyTypeSecret: {
-      std::vector<uint8> exported_key;
+      blink::WebArrayBuffer exported_key;
      status = ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key);
      if (status.IsError())
        return status;
@@ -835,7 +835,8 @@ Status ExportKeyJwk(const blink::WebCryptoKey& key,
  std::string json;
  base::JSONWriter::Write(&jwk_dict, &json);
-  buffer->assign(json.data(), json.data() + json.size());
+  *buffer = CreateArrayBuffer(reinterpret_cast<const uint8*>(json.data()),
+                              json.size());
  return Status::Success();
 }

--- a/content/child/webcrypto/jwk.h
+++ b/content/child/webcrypto/jwk.h
@@ -5,9 +5,6 @@
 #ifndef CONTENT_CHILD_WEBCRYPTO_JWK_H_
 #define CONTENT_CHILD_WEBCRYPTO_JWK_H_
-#include <vector>
-#include "base/basictypes.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCrypto.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
@@ -25,7 +22,8 @@ Status ImportKeyJwk(const CryptoData& key_data,
                    blink::WebCryptoKeyUsageMask usage_mask,
                    blink::WebCryptoKey* key);
-Status ExportKeyJwk(const blink::WebCryptoKey& key, std::vector<uint8>* buffer);
+Status ExportKeyJwk(const blink::WebCryptoKey& key,
+                    blink::WebArrayBuffer* buffer);
 }  // namespace webcrypto

--- a/content/child/webcrypto/platform_crypto.h
+++ b/content/child/webcrypto/platform_crypto.h
@@ -6,18 +6,13 @@
 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_
 #include <vector>
 #include "base/basictypes.h"
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
+#include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCrypto.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
-namespace blink {
-template <typename T>
-class WebVector;
-}
 namespace content {
 enum EncryptOrDecrypt { ENCRYPT, DECRYPT };
@@ -33,28 +28,6 @@ class Status;
 // The general purpose code which applies to both OpenSSL and NSS
 // implementations of webcrypto should live in the outter webcrypto namespace,
 // and the crypto library specific bits in the "platform" namespace.
-//
-// -----------------
-// Threading:
-// -----------------
-//
-// Unless otherwise noted, functions in webcrypto::platform are called
-// exclusively from a sequenced worker pool.
-//
-// This means that operations using a given key cannot occur in
-// parallel and it is not necessary to guard against concurrent usage.
-//
-// The exceptions are:
-//
-//   * Key::ThreadSafeSerializeForClone(), which is called from the
-//     target Blink thread during structured clone.
-//
-//   * ImportKeyRaw(), ImportKeySpki(), ImportKeyPkcs8(), which can be
-//     called from the target Blink thread during structured clone
-//     deserialization, as well as from the webcrypto worker pool.
-//
-//     TODO(eroman): Change it so import happens in worker pool too.
-//                   http://crbug.com/366834
 namespace platform {
 class SymKey;
@@ -67,9 +40,6 @@ class Key : public blink::WebCryptoKeyHandle {
  virtual SymKey* AsSymKey() = 0;
  virtual PublicKey* AsPublicKey() = 0;
  virtual PrivateKey* AsPrivateKey() = 0;
-  virtual bool ThreadSafeSerializeForClone(
-      blink::WebVector<uint8>* key_data) = 0;
 };
 // Do any one-time initialization. Note that this can be called MULTIPLE times
@@ -83,7 +53,7 @@ Status EncryptDecryptAesCbc(EncryptOrDecrypt mode,
                            SymKey* key,
                            const CryptoData& data,
                            const CryptoData& iv,
-                            std::vector<uint8>* buffer);
+                            blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |key| is a non-null AES-GCM key.
@@ -94,20 +64,20 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
                            const CryptoData& iv,
                            const CryptoData& additional_data,
                            unsigned int tag_length_bits,
-                            std::vector<uint8>* buffer);
+                            blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |key| is non-null.
 //  * |data| is not empty.
 Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
                             const CryptoData& data,
-                             std::vector<uint8>* buffer);
+                             blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |key| is non-null.
 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
                             const CryptoData& data,
-                             std::vector<uint8>* buffer);
+                             blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |key| is a non-null HMAC key.
@@ -115,13 +85,13 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
 Status SignHmac(SymKey* key,
                const blink::WebCryptoAlgorithm& hash,
                const CryptoData& data,
-                std::vector<uint8>* buffer);
+                blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |algorithm| is a SHA function.
 Status DigestSha(blink::WebCryptoAlgorithmId algorithm,
                 const CryptoData& data,
-                 std::vector<uint8>* buffer);
+                 blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |algorithm| is a SHA function.
@@ -134,7 +104,7 @@ scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
 Status SignRsaSsaPkcs1v1_5(PrivateKey* key,
                           const blink::WebCryptoAlgorithm& hash,
                           const CryptoData& data,
-                           std::vector<uint8>* buffer);
+                           blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |key| is non-null.
@@ -178,7 +148,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
 //  * |key| is non-null.
 //  * |algorithm.id()| is for a symmetric key algorithm.
 //  * For AES algorithms |key_data| is either 16, 24, or 32 bytes long.
-// Note that this may be called from target Blink thread.
 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,
                    const CryptoData& key_data,
                    bool extractable,
@@ -194,14 +163,12 @@ Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm,
                          const CryptoData& exponent_data,
                          blink::WebCryptoKey* key);
-// Note that this may be called from target Blink thread.
 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm,
                     const CryptoData& key_data,
                     bool extractable,
                     blink::WebCryptoKeyUsageMask usage_mask,
                     blink::WebCryptoKey* key);
-// Note that this may be called from target Blink thread.
 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
                      const CryptoData& key_data,
                      bool extractable,
@@ -210,11 +177,11 @@ Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
 // Preconditions:
 //  * |key| is non-null.
-Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer);
+Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |key| is non-null.
-Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer);
+Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |key| is non-null.
@@ -226,14 +193,14 @@ Status ExportRsaPublicKey(PublicKey* key,
 //  * |key| is non-null.
 Status ExportKeyPkcs8(PrivateKey* key,
                      const blink::WebCryptoKeyAlgorithm& key_algorithm,
-                      std::vector<uint8>* buffer);
+                      blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |wrapping_key| is non-null
 //  * |key| is non-null
 Status WrapSymKeyAesKw(SymKey* wrapping_key,
                       SymKey* key,
-                       std::vector<uint8>* buffer);
+                       blink::WebArrayBuffer* buffer);
 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in
 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used
@@ -260,14 +227,14 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
 //  * |buffer| is non-null.
 Status DecryptAesKw(SymKey* key,
                    const CryptoData& data,
-                    std::vector<uint8>* buffer);
+                    blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |wrapping_key| is non-null
 //  * |key| is non-null
 Status WrapSymKeyRsaEs(PublicKey* wrapping_key,
                       SymKey* key,
-                       std::vector<uint8>* buffer);
+                       blink::WebArrayBuffer* buffer);
 // Preconditions:
 //  * |wrapping_key| is non-null

--- a/content/child/webcrypto/platform_crypto_nss.cc
+++ b/content/child/webcrypto/platform_crypto_nss.cc
--- a/content/child/webcrypto/platform_crypto_openssl.cc
+++ b/content/child/webcrypto/platform_crypto_openssl.cc
@@ -36,11 +36,6 @@ class SymKey : public Key {
  virtual SymKey* AsSymKey() OVERRIDE { return this; }
  virtual PublicKey* AsPublicKey() OVERRIDE { return NULL; }
  virtual PrivateKey* AsPrivateKey() OVERRIDE { return NULL; }
-  virtual bool ThreadSafeSerializeForClone(
-      blink::WebVector<uint8>* key_data) OVERRIDE {
-    key_data->assign(Uint8VectorStart(key_), key_.size());
-    return true;
-  }
  const std::vector<unsigned char>& key() const { return key_; }
@@ -88,7 +83,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
                            SymKey* key,
                            const CryptoData& iv,
                            const CryptoData& data,
-                            std::vector<uint8>* buffer) {
+                            blink::WebArrayBuffer* buffer) {
  CipherOperation cipher_operation =
      (mode == ENCRYPT) ? kDoEncrypt : kDoDecrypt;
@@ -127,9 +122,10 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
    output_max_len += AES_BLOCK_SIZE - remainder;
  DCHECK_GT(output_max_len, data.byte_length());
-  buffer->resize(output_max_len);
+  *buffer = blink::WebArrayBuffer::create(output_max_len, 1);
-  unsigned char* const buffer_data = Uint8VectorStart(buffer);
+  unsigned char* const buffer_data =
+      reinterpret_cast<unsigned char*>(buffer->data());
  int output_len = 0;
  if (!EVP_CipherUpdate(context.get(),
@@ -149,7 +145,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
      static_cast<unsigned int>(final_output_chunk_len);
  DCHECK_LE(final_output_len, output_max_len);
-  buffer->resize(final_output_len);
+  ShrinkBuffer(buffer, final_output_len);
  return Status::Success();
 }
@@ -188,12 +184,16 @@ class DigestorOpenSSL : public blink::WebCryptoDigestor {
    return true;
  }
-  Status FinishWithVectorAndStatus(std::vector<uint8>* result) {
+  Status FinishWithWebArrayAndStatus(blink::WebArrayBuffer* result) {
    const int hash_expected_size = EVP_MD_CTX_size(digest_context_.get());
-    result->resize(hash_expected_size);
+    *result = blink::WebArrayBuffer::create(hash_expected_size, 1);
-    unsigned char* const hash_buffer = Uint8VectorStart(result);
+    unsigned char* const hash_buffer =
+        static_cast<unsigned char* const>(result->data());
    unsigned int hash_buffer_size;  // ignored
-    return FinishInternal(hash_buffer, &hash_buffer_size);
+    Status error = FinishInternal(hash_buffer, &hash_buffer_size);
+    if (!error.IsSuccess())
+      result->reset();
+    return error;
  }
 private:
@@ -239,8 +239,8 @@ class DigestorOpenSSL : public blink::WebCryptoDigestor {
  unsigned char result_[EVP_MAX_MD_SIZE];
 };
-Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer) {
+Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) {
-  *buffer = key->key();
+  *buffer = CreateArrayBuffer(Uint8VectorStart(key->key()), key->key().size());
  return Status::Success();
 }
@@ -250,19 +250,19 @@ Status EncryptDecryptAesCbc(EncryptOrDecrypt mode,
                            SymKey* key,
                            const CryptoData& data,
                            const CryptoData& iv,
-                            std::vector<uint8>* buffer) {
+                            blink::WebArrayBuffer* buffer) {
  // TODO(eroman): inline the function here.
  return AesCbcEncryptDecrypt(mode, key, iv, data, buffer);
 }
 Status DigestSha(blink::WebCryptoAlgorithmId algorithm,
                 const CryptoData& data,
-                 std::vector<uint8>* buffer) {
+                 blink::WebArrayBuffer* buffer) {
  DigestorOpenSSL digestor(algorithm);
  Status error = digestor.ConsumeWithStatus(data.bytes(), data.byte_length());
  if (!error.IsSuccess())
    return error;
-  return digestor.FinishWithVectorAndStatus(buffer);
+  return digestor.FinishWithWebArrayAndStatus(buffer);
 }
 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
@@ -335,7 +335,9 @@ Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,
 Status SignHmac(SymKey* key,
                const blink::WebCryptoAlgorithm& hash,
                const CryptoData& data,
-                std::vector<uint8>* buffer) {
+                blink::WebArrayBuffer* buffer) {
+  blink::WebArrayBuffer result;
  const EVP_MD* digest_algorithm = GetDigest(hash.id());
  if (!digest_algorithm)
    return Status::ErrorUnsupported();
@@ -351,9 +353,9 @@ Status SignHmac(SymKey* key,
  const unsigned char null_key[] = {};
  const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key;
-  buffer->resize(hmac_expected_length);
+  result = blink::WebArrayBuffer::create(hmac_expected_length, 1);
  crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result(
-      Uint8VectorStart(buffer), hmac_expected_length);
+      reinterpret_cast<unsigned char*>(result.data()), hmac_expected_length);
  crypto::OpenSSLErrStackTracer(FROM_HERE);
@@ -368,6 +370,7 @@ Status SignHmac(SymKey* key,
  if (!success || hmac_actual_length != hmac_expected_length)
    return Status::OperationError();
+  *buffer = result;
  return Status::Success();
 }
@@ -388,7 +391,7 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
                            const CryptoData& iv,
                            const CryptoData& additional_data,
                            unsigned int tag_length_bits,
-                            std::vector<uint8>* buffer) {
+                            blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
@@ -396,14 +399,14 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
 // Guaranteed that key is valid.
 Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
                             const CryptoData& data,
-                             std::vector<uint8>* buffer) {
+                             blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
                             const CryptoData& data,
-                             std::vector<uint8>* buffer) {
+                             blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
@@ -411,7 +414,7 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
 Status SignRsaSsaPkcs1v1_5(PrivateKey* key,
                           const blink::WebCryptoAlgorithm& hash,
                           const CryptoData& data,
-                           std::vector<uint8>* buffer) {
+                           blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
@@ -444,14 +447,14 @@ Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
  return Status::ErrorUnsupported();
 }
-Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer) {
+Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
 Status ExportKeyPkcs8(PrivateKey* key,
                      const blink::WebCryptoKeyAlgorithm& key_algorithm,
-                      std::vector<uint8>* buffer) {
+                      blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
@@ -465,7 +468,7 @@ Status ExportRsaPublicKey(PublicKey* key,
 Status WrapSymKeyAesKw(SymKey* wrapping_key,
                       SymKey* key,
-                       std::vector<uint8>* buffer) {
+                       blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
@@ -482,14 +485,14 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
 Status DecryptAesKw(SymKey* key,
                    const CryptoData& data,
-                    std::vector<uint8>* buffer) {
+                    blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
 Status WrapSymKeyRsaEs(PublicKey* wrapping_key,
                       SymKey* key,
-                       std::vector<uint8>* buffer) {
+                       blink::WebArrayBuffer* buffer) {
  // TODO(eroman): http://crbug.com/267888
  return Status::ErrorUnsupported();
 }
@@ -504,17 +507,6 @@ Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data,
  return Status::ErrorUnsupported();
 }
-bool ThreadSafeDeserializeKeyForClone(
-    const blink::WebCryptoKeyAlgorithm& algorithm,
-    blink::WebCryptoKeyType type,
-    bool extractable,
-    blink::WebCryptoKeyUsageMask usages,
-    const CryptoData& key_data,
-    blink::WebCryptoKey* key) {
-  // TODO(eroman): http://crbug.com/267888
-  return false;
-}
 }  // namespace platform
 }  // namespace webcrypto

--- a/content/child/webcrypto/shared_crypto.cc
+++ b/content/child/webcrypto/shared_crypto.cc
--- a/content/child/webcrypto/shared_crypto.h
+++ b/content/child/webcrypto/shared_crypto.h
@@ -5,8 +5,6 @@
 #ifndef CONTENT_CHILD_WEBCRYPTO_SHARED_CRYPTO_H_
 #define CONTENT_CHILD_WEBCRYPTO_SHARED_CRYPTO_H_
-#include <vector>
 #include "base/basictypes.h"
 #include "base/compiler_specific.h"
 #include "base/memory/scoped_ptr.h"
@@ -39,9 +37,7 @@ CONTENT_EXPORT void Init();
 //                |
 //                v
 //          WebCryptoImpl     (Implements the blink::WebCrypto interface for
-//                |            asynchronous completions; posts tasks to
+//                |            asynchronous completions)
-//                |            the webcrypto worker pool to fulfill the request
-//                             using the synchronous methods of shared_crypto.h)
 //                |
 //                |      [shared_crypto_unittest.cc]
 //                |           /
@@ -71,7 +67,7 @@ CONTENT_EXPORT void Init();
 //  * Inferring default parameters when not specified
 //  * Validating key exportability
 //  * Validating algorithm with key.algorithm
-//  * Converting the Blink key to a more specific platform::{PublicKey,
+//  * Converting the blink key to a more specific platform::{PublicKey,
 //    PrivateKey, SymKey} and making sure it was the right type.
 //  * Validating alogorithm specific parameters (for instance, was the iv for
 //    AES-CBC 16 bytes).
@@ -80,16 +76,16 @@ CONTENT_EXPORT void Init();
 CONTENT_EXPORT Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
                              const blink::WebCryptoKey& key,
                              const CryptoData& data,
-                              std::vector<uint8>* buffer);
+                              blink::WebArrayBuffer* buffer);
 CONTENT_EXPORT Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
                              const blink::WebCryptoKey& key,
                              const CryptoData& data,
-                              std::vector<uint8>* buffer);
+                              blink::WebArrayBuffer* buffer);
 CONTENT_EXPORT Status Digest(const blink::WebCryptoAlgorithm& algorithm,
                             const CryptoData& data,
-                             std::vector<uint8>* buffer);
+                             blink::WebArrayBuffer* buffer);
 CONTENT_EXPORT scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
    blink::WebCryptoAlgorithmId algorithm);
@@ -116,12 +112,12 @@ CONTENT_EXPORT Status ImportKey(blink::WebCryptoKeyFormat format,
 CONTENT_EXPORT Status ExportKey(blink::WebCryptoKeyFormat format,
                                const blink::WebCryptoKey& key,
-                                std::vector<uint8>* buffer);
+                                blink::WebArrayBuffer* buffer);
 CONTENT_EXPORT Status Sign(const blink::WebCryptoAlgorithm& algorithm,
                           const blink::WebCryptoKey& key,
                           const CryptoData& data,
-                           std::vector<uint8>* buffer);
+                           blink::WebArrayBuffer* buffer);
 CONTENT_EXPORT Status
    VerifySignature(const blink::WebCryptoAlgorithm& algorithm,
@@ -135,7 +131,7 @@ CONTENT_EXPORT Status
            const blink::WebCryptoKey& wrapping_key,
            const blink::WebCryptoKey& key_to_wrap,
            const blink::WebCryptoAlgorithm& wrapping_algorithm,
-            std::vector<uint8>* buffer);
+            blink::WebArrayBuffer* buffer);
 CONTENT_EXPORT Status
    UnwrapKey(blink::WebCryptoKeyFormat format,
@@ -147,18 +143,17 @@ CONTENT_EXPORT Status
              blink::WebCryptoKeyUsageMask usage_mask,
              blink::WebCryptoKey* key);
-// Called on the target Blink thread.
+CONTENT_EXPORT Status
-CONTENT_EXPORT bool SerializeKeyForClone(const blink::WebCryptoKey& key,
+    SerializeKeyForClone(const blink::WebCryptoKey& key,
-                                         blink::WebVector<uint8>* key_data);
+                         blink::WebVector<unsigned char>* data);
-// Called on the target Blink thread.
+CONTENT_EXPORT Status
-CONTENT_EXPORT bool DeserializeKeyForClone(
+    DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
-    const blink::WebCryptoKeyAlgorithm& algorithm,
+                           blink::WebCryptoKeyType type,
-    blink::WebCryptoKeyType type,
+                           bool extractable,
-    bool extractable,
+                           blink::WebCryptoKeyUsageMask usage_mask,
-    blink::WebCryptoKeyUsageMask usage_mask,
+                           const CryptoData& key_data,
-    const CryptoData& key_data,
+                           blink::WebCryptoKey* key);
-    blink::WebCryptoKey* key);
 }  // namespace webcrypto

--- a/content/child/webcrypto/shared_crypto_unittest.cc
+++ b/content/child/webcrypto/shared_crypto_unittest.cc
@@ -67,89 +67,6 @@ bool operator!=(const content::webcrypto::Status& a,
 namespace {
-// -----------------------------------------------------------------------------
-// TODO(eroman): Remove these helpers and convert all of the tests to using the
-//               std::vector<> flavor of functions directly.
-// -----------------------------------------------------------------------------
-blink::WebArrayBuffer CreateArrayBuffer(const uint8* data,
-                                        unsigned int data_size) {
-  blink::WebArrayBuffer buffer = blink::WebArrayBuffer::create(data_size, 1);
-  DCHECK(!buffer.isNull());
-  if (data_size)  // data_size == 0 might mean the data pointer is invalid
-    memcpy(buffer.data(), data, data_size);
-  return buffer;
-}
-void AssignWebArrayBuffer(const std::vector<uint8>& in,
-                          blink::WebArrayBuffer* out) {
-  *out = CreateArrayBuffer(Uint8VectorStart(in), in.size());
-}
-Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
-               const blink::WebCryptoKey& key,
-               const CryptoData& data,
-               blink::WebArrayBuffer* web_buffer) {
-  std::vector<uint8> buffer;
-  Status status = Encrypt(algorithm, key, data, &buffer);
-  AssignWebArrayBuffer(buffer, web_buffer);
-  return status;
-}
-Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
-               const blink::WebCryptoKey& key,
-               const CryptoData& data,
-               blink::WebArrayBuffer* web_buffer) {
-  std::vector<uint8> buffer;
-  Status status = Decrypt(algorithm, key, data, &buffer);
-  AssignWebArrayBuffer(buffer, web_buffer);
-  return status;
-}
-Status Digest(const blink::WebCryptoAlgorithm& algorithm,
-              const CryptoData& data,
-              blink::WebArrayBuffer* web_buffer) {
-  std::vector<uint8> buffer;
-  Status status = Digest(algorithm, data, &buffer);
-  AssignWebArrayBuffer(buffer, web_buffer);
-  return status;
-}
-Status ExportKey(blink::WebCryptoKeyFormat format,
-                 const blink::WebCryptoKey& key,
-                 blink::WebArrayBuffer* web_buffer) {
-  std::vector<uint8> buffer;
-  Status status = webcrypto::ExportKey(format, key, &buffer);
-  AssignWebArrayBuffer(buffer, web_buffer);
-  return status;
-}
-Status Sign(const blink::WebCryptoAlgorithm& algorithm,
-            const blink::WebCryptoKey& key,
-            const CryptoData& data,
-            blink::WebArrayBuffer* web_buffer) {
-  std::vector<uint8> buffer;
-  Status status = Sign(algorithm, key, data, &buffer);
-  AssignWebArrayBuffer(buffer, web_buffer);
-  return status;
-}
-Status WrapKey(blink::WebCryptoKeyFormat format,
-               const blink::WebCryptoKey& wrapping_key,
-               const blink::WebCryptoKey& key_to_wrap,
-               const blink::WebCryptoAlgorithm& wrapping_algorithm,
-               blink::WebArrayBuffer* web_buffer) {
-  std::vector<uint8> buffer;
-  Status status = webcrypto::WrapKey(
-      format, wrapping_key, key_to_wrap, wrapping_algorithm, &buffer);
-  AssignWebArrayBuffer(buffer, web_buffer);
-  return status;
-}
-// -----------------------------------------------------------------------------
 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
 // runtime dependency. Test it by trying to import a key.
 // TODO(padolph): Consider caching the result of the import key test.
@@ -1958,45 +1875,6 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) {
  }
 }
-TEST_F(SharedCryptoTest, MAYBE(ExportJwkEmptySymmetricKey)) {
-  const blink::WebCryptoAlgorithm import_algorithm =
-      webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1);
-  blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
-  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-  // Import a zero-byte HMAC key.
-  const char key_data_hex[] = "";
-  key = ImportSecretKeyFromRaw(
-      HexStringToBytes(key_data_hex), import_algorithm, usages);
-  EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits());
-  // Export the key in JWK format and validate.
-  blink::WebArrayBuffer json;
-  ASSERT_EQ(Status::Success(),
-            ExportKey(blink::WebCryptoKeyFormatJwk, key, &json));
-  EXPECT_TRUE(VerifySecretJwk(json, "HS1", key_data_hex, usages));
-  // Now try re-importing the JWK key.
-  key = blink::WebCryptoKey::createNull();
-  EXPECT_EQ(Status::Success(),
-            ImportKey(blink::WebCryptoKeyFormatJwk,
-                      CryptoData(json),
-                      import_algorithm,
-                      true,
-                      usages,
-                      &key));
-  EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
-  EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits());
-  blink::WebArrayBuffer exported_key_data;
-  EXPECT_EQ(Status::Success(),
-            ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data));
-  EXPECT_EQ(0u, exported_key_data.byteLength());
-}
 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
  // Passing case: Import a valid RSA key in SPKI format.
  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
@@ -2250,12 +2128,11 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
  EXPECT_EQ(usage_mask, public_key.usages());
  EXPECT_EQ(usage_mask, private_key.usages());
-  // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256)
+  // Successful WebCryptoAlgorithmIdRsaOaep key generation.
-  algorithm =
+  algorithm = CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep,
-      CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                             blink::WebCryptoAlgorithmIdSha256,
-                                     blink::WebCryptoAlgorithmIdSha256,
+                                             modulus_length,
-                                     modulus_length,
+                                             public_exponent);
-                                     public_exponent);
  EXPECT_EQ(Status::Success(),
            GenerateKeyPair(
                algorithm, extractable, usage_mask, &public_key, &private_key));

--- a/content/child/webcrypto/status.h
+++ b/content/child/webcrypto/status.h
@@ -40,14 +40,12 @@ namespace webcrypto {
 // As such, it is important that errors DO NOT reveal any sensitive material
 // (like key bytes).
 //
-// Care must be taken with what errors are reported back to Blink when doing
+// Care must be taken with what errors are reported back to blink when doing
 // compound operations like unwrapping a JWK key. In this case, errors
 // generated by the JWK import are not appropriate to report since the wrapped
 // JWK is not visible to the caller.
 class CONTENT_EXPORT Status {
 public:
-  Status() : type_(TYPE_ERROR) {}
  // Returns true if the Status represents an error (any one of them).
  bool IsError() const;

--- a/content/child/webcrypto/webcrypto_impl.cc
+++ b/content/child/webcrypto/webcrypto_impl.cc
--- a/content/child/webcrypto/webcrypto_impl.h
+++ b/content/child/webcrypto/webcrypto_impl.h
@@ -13,7 +13,7 @@
 namespace content {
-// Wrapper around the Blink WebCrypto asynchronous interface, which forwards to
+// Wrapper around the blink WebCrypto asynchronous interface, which forwards to
 // the synchronous platfrom (NSS or OpenSSL) implementation.
 //
 // TODO(eroman): Post the synchronous work to a background thread.
@@ -77,7 +77,12 @@ class WebCryptoImpl : public blink::WebCrypto {
      bool extractable,
      blink::WebCryptoKeyUsageMask usages,
      blink::WebCryptoResult result);
+  // This method synchronously computes a digest for the given data, returning
+  // |true| if successful and |false| otherwise.
+  virtual bool digestSynchronous(const blink::WebCryptoAlgorithmId algorithm_id,
+                                 const unsigned char* data,
+                                 unsigned int data_size,
+                                 blink::WebArrayBuffer& result);
  // This method returns a digestor object that can be used to synchronously
  // compute a digest one chunk at a time. Thus, the consume does not need to
  // hold onto a large buffer with all the data to digest. Chunks can be given

--- a/content/child/webcrypto/webcrypto_util.cc
+++ b/content/child/webcrypto/webcrypto_util.cc
@@ -22,10 +22,25 @@ const uint8* Uint8VectorStart(const std::vector<uint8>& data) {
  return &data[0];
 }
-uint8* Uint8VectorStart(std::vector<uint8>* data) {
+void ShrinkBuffer(blink::WebArrayBuffer* buffer, unsigned int new_size) {
-  if (data->empty())
+  DCHECK_LE(new_size, buffer->byteLength());
-    return NULL;
-  return &(*data)[0];
+  if (new_size == buffer->byteLength())
+    return;
+  blink::WebArrayBuffer new_buffer = blink::WebArrayBuffer::create(new_size, 1);
+  DCHECK(!new_buffer.isNull());
+  memcpy(new_buffer.data(), buffer->data(), new_size);
+  *buffer = new_buffer;
+}
+blink::WebArrayBuffer CreateArrayBuffer(const uint8* data,
+                                        unsigned int data_size) {
+  blink::WebArrayBuffer buffer = blink::WebArrayBuffer::create(data_size, 1);
+  DCHECK(!buffer.isNull());
+  if (data_size)  // data_size == 0 might mean the data pointer is invalid
+    memcpy(buffer.data(), data, data_size);
+  return buffer;
 }
 // This function decodes unpadded 'base64url' encoded data, as described in

--- a/content/child/webcrypto/webcrypto_util.h
+++ b/content/child/webcrypto/webcrypto_util.h
@@ -11,6 +11,7 @@
 #include "base/strings/string_piece.h"
 #include "base/values.h"
 #include "content/common/content_export.h"
+#include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
@@ -24,7 +25,15 @@ class Status;
 // convenience function for getting the pointer, and should not be used beyond
 // the expected lifetime of |data|.
 CONTENT_EXPORT const uint8* Uint8VectorStart(const std::vector<uint8>& data);
-CONTENT_EXPORT uint8* Uint8VectorStart(std::vector<uint8>* data);
+// Shrinks a WebArrayBuffer to a new size.
+// TODO(eroman): This works by re-allocating a new buffer. It would be better if
+//               the WebArrayBuffer could just be truncated instead.
+void ShrinkBuffer(blink::WebArrayBuffer* buffer, unsigned int new_size);
+// Creates a WebArrayBuffer from a uint8 byte array
+blink::WebArrayBuffer CreateArrayBuffer(const uint8* data,
+                                        unsigned int data_size);
 // This function decodes unpadded 'base64url' encoded data, as described in
 // RFC4648 (http://www.ietf.org/rfc/rfc4648.txt) Section 5.