OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_RENDERER_WEBCRYPTO_WEBCRYPTO_UTIL_H_ | 5 #ifndef CONTENT_RENDERER_WEBCRYPTO_WEBCRYPTO_UTIL_H_ |
6 #define CONTENT_RENDERER_WEBCRYPTO_WEBCRYPTO_UTIL_H_ | 6 #define CONTENT_RENDERER_WEBCRYPTO_WEBCRYPTO_UTIL_H_ |
7 | 7 |
8 #include <map> | 8 #include <map> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "content/common/content_export.h" | 12 #include "content/common/content_export.h" |
13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
15 | 15 |
16 namespace content { | 16 namespace content { |
17 | 17 |
18 namespace webcrypto { | 18 namespace webcrypto { |
19 | 19 |
20 // Status indicates whether an operation completed successfully, or with an | |
21 // error. The error is used for verification in unit-tests, as well as for | |
22 // display to the user. | |
23 // | |
24 // As such, it is important that errors DO NOT reveal any sensitive material | |
25 // (like key bytes). | |
26 // | |
27 // Care must be taken with what errors are reported back to blink when doing | |
28 // compound operations like unwrapping a JWK key. In this case, errors | |
29 // generated by the JWK import are not appropriate to report since the wrapped | |
30 // JWK is not visible to the caller. | |
31 class CONTENT_EXPORT Status { | |
32 public: | |
33 // Returns true if the Status represents an error (any one of them). | |
34 bool IsError() const; | |
35 | |
36 // Returns true if the Status represent success. | |
37 bool IsSuccess() const; | |
38 | |
39 // Returns a UTF-8 error message (non-localized) describing the error. This | |
40 // message is intended to be displayed in the dev tools console. | |
41 std::string ToString() const; | |
42 | |
43 // Constructs a status representing success. | |
44 static Status Success(); | |
45 | |
46 // Constructs a status representing a generic error. It contains no extra | |
47 // details. | |
48 static Status Error(); | |
49 | |
50 // ------------------------------------ | |
51 // Errors when importing a JWK formatted key | |
52 // ------------------------------------ | |
53 | |
54 // The key bytes could not parsed as JSON dictionary. This either | |
55 // means there was a parsing error, or the JSON was not of a dictionary. | |
Ryan Sleevi
2014/01/28 21:11:58
nit: "JSON was not of a dictionary" - "JSON object
eroman
2014/01/28 22:59:08
Done.
| |
56 static Status ErrorJwkNotDictionary(); | |
57 | |
58 // The required "kty" parameter was missing, or is not a string. | |
59 static Status ErrorJwkMissingKty(); | |
Ryan Sleevi
2014/01/28 21:11:58
This seems to be an overloaded error, especially g
eroman
2014/01/28 22:59:08
I am unaware of any type coercion mandated by JWK
| |
60 | |
61 // The "extractable" parameter was set, however it contradicted the one | |
62 // specified by the Web Crypto call. | |
63 static Status ErrorJwkExtractableInconsistent(); | |
Ryan Sleevi
2014/01/28 21:11:58
nit:
The JWK "extractable" attribute was present,
eroman
2014/01/28 22:59:08
Done.
| |
64 | |
65 // The "alg" parameter could not be converted to an equivalent | |
66 // WebCryptoAlgorithm. Either it was malformed, or unrecognized. | |
Ryan Sleevi
2014/01/28 21:11:58
unnecessary ,
When in a list of two, it's not nec
eroman
2014/01/28 22:59:08
Done.
| |
67 static Status ErrorJwkUnrecognizedAlgorithm(); | |
68 | |
69 // The "alg" parameter contradicts the (optional) Algorithm which was | |
70 // specified by the Web Crypto import operation. | |
Ryan Sleevi
2014/01/28 21:11:58
I'd prefer "inconsistent" or "incompatible" over "
eroman
2014/01/28 22:59:08
Done.
| |
71 static Status ErrorJwkAlgorithmInconsistent(); | |
72 | |
73 // The "alg" parameter was not provided, however neither was an algorithm | |
74 // provided by the Web Crypto import operation. | |
75 static Status ErrorJwkAlgorithmMissing(); | |
76 | |
77 // The "use" parameter was specified, however it couldn't be converted to an | |
78 // equivalent Web Crypto usage. | |
79 static Status ErrorJwkUnrecognizedUsage(); | |
80 | |
81 // The "use" parameter was specified, however it contradicts the one specifed | |
82 // by the Web Crypto import operation. | |
83 static Status ErrorJwkUsageInconsistent(); | |
84 | |
85 // The "k" parameter was either missing, or could not be parsed as a base-64 | |
86 // encoded string, or the decoded bytes were empty. | |
87 static Status ErrorJwkDecodeK(); | |
88 | |
89 // The "n" parameter was either missing, or could not be parsed as a base-64 | |
Ryan Sleevi
2014/01/28 21:11:58
drop the first "or" (missing, could not be parsed
eroman
2014/01/28 22:59:08
Done.
| |
90 // encoded string, or the decoded bytes were empty. | |
91 static Status ErrorJwkDecodeN(); | |
92 | |
93 // The "e" parameter was either missing, or could not be parsed as a base-64 | |
94 // encoded string, or the decoded bytes were empty. | |
95 static Status ErrorJwkDecodeE(); | |
96 | |
97 // TODO(eroman): Private key import through JWK is not yet supported. | |
98 static Status ErrorJwkRsaPrivateKeyUnsupported(); | |
99 | |
100 // The "kty" parameter was given and was a string, however it was | |
101 // unrecognized. | |
102 static Status ErrorJwkUnrecognizedKty(); | |
103 | |
104 // ------------------------------------ | |
105 // Other errors | |
106 // ------------------------------------ | |
107 | |
108 // No key data was provided when importing an spki, pkcs8, or jwk formatted | |
109 // key. This does not apply to raw format, since it is possible to have empty | |
110 // key data there. | |
111 static Status ErrorImportEmptyKeyData(); | |
112 | |
113 // The wrong key was used for the operation. For instance, a public key was | |
114 // used to verify a RsaSsaPkcs1v1_5 signature, or tried exporting a private | |
115 // key using spki format. | |
116 static Status ErrorUnexpectedKeyType(); | |
117 | |
118 // When doing an AES-CBC encryption/decryption, the "iv" parameter was not 16 | |
119 // bytes. | |
120 static Status ErrorIncorrectSizedAesCbcIv(); | |
121 | |
122 // The data provided to an encrypt/decrypt/sign/verify operation was too | |
123 // large. This can either represent an internal limitation (for instance | |
124 // representing buffer lengths as uints), or an algorithm restriction (for | |
125 // instance RSAES can operation on messages relative to the length of the | |
126 // key's modulus). | |
127 static Status ErrorDataTooBig(); | |
Ryan Sleevi
2014/01/28 21:11:58
s/Big/Large, to match both your description and th
eroman
2014/01/28 22:59:08
Done.
| |
128 | |
129 // Something was unsupported or unimplemented. This can mean the algorithm in | |
130 // question was unsupported, some parameter combination was unsupported, or | |
131 // something has not yet been implemented. | |
132 static Status ErrorUnsupported(); | |
133 | |
134 // Something unexpected happened in the code, which implies there is a | |
135 // source-level bug. These should not happen, but safer to fail than simply | |
136 // DCHECK. | |
137 static Status ErrorUnexpected(); | |
138 | |
139 // The authentication tag length specified for AES-GCM encrypt/decrypt was | |
140 // either greater than 128 bits, or it was not a multiple of 8 bits. | |
141 // (zero length is allowed). | |
142 static Status ErrorInvalidAesGcmTagLength(); | |
143 | |
144 // The "publicExponent" used to generate a key was invalid: either no bytes | |
145 // were specified, or the number was too large to fit into an "unsigned long" | |
146 // (implemention limitation), or the exponent was zero. | |
147 static Status ErrorGenerateKeyPublicExponent(); | |
148 | |
149 // The algorithm was null when importing a raw-formatted key. In this case it | |
150 // is required. | |
151 static Status ErrorMissingAlgorithmImportRawKey(); | |
152 | |
153 // The modulus bytes were empty when importing an RSA public key. | |
154 static Status ErrorImportRsaEmptyModulus(); | |
155 | |
156 // The the modulus length was zero bits when generating an RSA public key. | |
157 static Status ErrorGenerateRsaZeroModulus(); | |
158 | |
159 // The exponent bytes were empty when importing an RSA public key. | |
160 static Status ErrorImportRsaEmptyExponent(); | |
161 | |
162 // An unextractable key was used by an operation which exports the key data. | |
163 static Status ErrorKeyNotExtractable(); | |
164 | |
165 // The key length specified when generating a key was invalid. Either it was | |
166 // zero, or it was not a multiple of 8 bits. | |
167 static Status ErrorGenerateKeyLength(); | |
168 | |
169 private: | |
170 // |error_details_utf8| can be NULL to indicate there was no error. | |
171 // Otherwise it is a UTF-8 string literal (the pointer must remain valid). | |
172 explicit Status(const char* error_details_utf8); | |
173 | |
174 const char* error_details_; | |
175 }; | |
176 | |
20 // Returns a pointer to the start of |data|, or NULL if it is empty. This is a | 177 // Returns a pointer to the start of |data|, or NULL if it is empty. This is a |
21 // convenience function for getting the pointer, and should not be used beyond | 178 // convenience function for getting the pointer, and should not be used beyond |
22 // the expected lifetime of |data|. | 179 // the expected lifetime of |data|. |
23 CONTENT_EXPORT const uint8* Uint8VectorStart(const std::vector<uint8>& data); | 180 CONTENT_EXPORT const uint8* Uint8VectorStart(const std::vector<uint8>& data); |
24 | 181 |
25 // Shrinks a WebArrayBuffer to a new size. | 182 // Shrinks a WebArrayBuffer to a new size. |
26 // TODO(eroman): This works by re-allocating a new buffer. It would be better if | 183 // TODO(eroman): This works by re-allocating a new buffer. It would be better if |
27 // the WebArrayBuffer could just be truncated instead. | 184 // the WebArrayBuffer could just be truncated instead. |
28 void ShrinkBuffer(blink::WebArrayBuffer* buffer, unsigned new_size); | 185 void ShrinkBuffer(blink::WebArrayBuffer* buffer, unsigned new_size); |
29 | 186 |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
87 uint8 tag_length_bytes); | 244 uint8 tag_length_bytes); |
88 | 245 |
89 // Returns the internal block size for SHA-* | 246 // Returns the internal block size for SHA-* |
90 unsigned int ShaBlockSizeBytes(blink::WebCryptoAlgorithmId hash_id); | 247 unsigned int ShaBlockSizeBytes(blink::WebCryptoAlgorithmId hash_id); |
91 | 248 |
92 } // namespace webcrypto | 249 } // namespace webcrypto |
93 | 250 |
94 } // namespace content | 251 } // namespace content |
95 | 252 |
96 #endif // CONTENT_RENDERER_WEBCRYPTO_WEBCRYPTO_UTIL_H_ | 253 #endif // CONTENT_RENDERER_WEBCRYPTO_WEBCRYPTO_UTIL_H_ |
OLD | NEW |