Index: content/renderer/webcrypto/webcrypto_util.h |
diff --git a/content/renderer/webcrypto/webcrypto_util.h b/content/renderer/webcrypto/webcrypto_util.h |
index e3ea94b865ecce0d1dd84aa6c67265059fcad7b4..e1abe17856384e55e830748fb1eb8644f957d184 100644 |
--- a/content/renderer/webcrypto/webcrypto_util.h |
+++ b/content/renderer/webcrypto/webcrypto_util.h |
@@ -17,6 +17,164 @@ namespace content { |
namespace webcrypto { |
+// Status indicates whether an operation completed successfully, or with an |
+// error. The error is used for verification in unit-tests, as well as for |
+// display to the user. |
+// |
+// As such, it is important that errors DO NOT reveal any sensitive material |
+// (like key bytes). |
+// |
+// Care must be taken with what errors are reported back to blink when doing |
+// compound operations like unwrapping a JWK key. In this case, errors |
+// generated by the JWK import are not appropriate to report since the wrapped |
+// JWK is not visible to the caller. |
+class CONTENT_EXPORT Status { |
+ public: |
+ // Returns true if the Status represents an error (any one of them). |
+ bool IsError() const; |
+ |
+ // Returns true if the Status represent success. |
+ bool IsSuccess() const; |
+ |
+ // Returns a UTF-8 error message (non-localized) describing the error. This |
+ // message is intended to be displayed in the dev tools console. |
+ std::string ToString() const; |
+ |
+ // Constructs a status representing success. |
+ static Status Success(); |
+ |
+ // Constructs a status representing a generic error. It contains no extra |
+ // details. |
+ static Status Error(); |
+ |
+ // ------------------------------------ |
+ // Errors when importing a JWK formatted key |
+ // ------------------------------------ |
+ |
+ // The key bytes could not parsed as JSON dictionary. This either |
+ // means there was a parsing error, or the JSON object was not |
+ // convertable to a dictionary. |
+ static Status ErrorJwkNotDictionary(); |
+ |
+ // The required "kty" parameter was missing, or is not a string. |
+ static Status ErrorJwkMissingKty(); |
+ |
+ // The "extractable" parameter was specified and was a boolean, but was |
+ // incompatible with the value requested by the Web Crypto call. |
+ static Status ErrorJwkExtractableInconsistent(); |
+ |
+ // The "alg" parameter could not be converted to an equivalent |
+ // WebCryptoAlgorithm. Either it was malformed or unrecognized. |
+ static Status ErrorJwkUnrecognizedAlgorithm(); |
+ |
+ // The "alg" parameter is incompatible with the (optional) Algorithm |
+ // specified by the Web Crypto import operation. |
+ static Status ErrorJwkAlgorithmInconsistent(); |
+ |
+ // The "alg" parameter was not provided, however neither was an algorithm |
+ // provided by the Web Crypto import operation. |
+ static Status ErrorJwkAlgorithmMissing(); |
+ |
+ // The "use" parameter was specified, however it couldn't be converted to an |
+ // equivalent Web Crypto usage. |
+ static Status ErrorJwkUnrecognizedUsage(); |
+ |
+ // The "use" parameter was specified, however it is incompatible with that |
+ // specified by the Web Crypto import operation. |
+ static Status ErrorJwkUsageInconsistent(); |
+ |
+ // The "k" parameter was either missing, could not be parsed as a base-64 |
+ // encoded string, or the decoded bytes were empty. |
+ static Status ErrorJwkDecodeK(); |
+ |
+ // The "n" parameter was either missing, could not be parsed as a base-64 |
+ // encoded string, or the decoded bytes were empty. |
+ static Status ErrorJwkDecodeN(); |
+ |
+ // The "e" parameter was either missing, could not be parsed as a base-64 |
+ // encoded string, or the decoded bytes were empty. |
+ static Status ErrorJwkDecodeE(); |
+ |
+ // TODO(eroman): Private key import through JWK is not yet supported. |
+ static Status ErrorJwkRsaPrivateKeyUnsupported(); |
+ |
+ // The "kty" parameter was given and was a string, however it was |
+ // unrecognized. |
+ static Status ErrorJwkUnrecognizedKty(); |
+ |
+ // ------------------------------------ |
+ // Other errors |
+ // ------------------------------------ |
+ |
+ // No key data was provided when importing an spki, pkcs8, or jwk formatted |
+ // key. This does not apply to raw format, since it is possible to have empty |
+ // key data there. |
+ static Status ErrorImportEmptyKeyData(); |
+ |
+ // The wrong key was used for the operation. For instance, a public key was |
+ // used to verify a RsaSsaPkcs1v1_5 signature, or tried exporting a private |
+ // key using spki format. |
+ static Status ErrorUnexpectedKeyType(); |
+ |
+ // When doing an AES-CBC encryption/decryption, the "iv" parameter was not 16 |
+ // bytes. |
+ static Status ErrorIncorrectSizeAesCbcIv(); |
+ |
+ // The data provided to an encrypt/decrypt/sign/verify operation was too |
+ // large. This can either represent an internal limitation (for instance |
+ // representing buffer lengths as uints), or an algorithm restriction (for |
+ // instance RSAES can operation on messages relative to the length of the |
+ // key's modulus). |
+ static Status ErrorDataTooLarge(); |
+ |
+ // Something was unsupported or unimplemented. This can mean the algorithm in |
+ // question was unsupported, some parameter combination was unsupported, or |
+ // something has not yet been implemented. |
+ static Status ErrorUnsupported(); |
+ |
+ // Something unexpected happened in the code, which implies there is a |
+ // source-level bug. These should not happen, but safer to fail than simply |
+ // DCHECK. |
+ static Status ErrorUnexpected(); |
+ |
+ // The authentication tag length specified for AES-GCM encrypt/decrypt was |
+ // either greater than 128 bits, or it was not a multiple of 8 bits. |
+ // (zero length is allowed). |
+ static Status ErrorInvalidAesGcmTagLength(); |
+ |
+ // The "publicExponent" used to generate a key was invalid: either no bytes |
+ // were specified, or the number was too large to fit into an "unsigned long" |
+ // (implemention limitation), or the exponent was zero. |
+ static Status ErrorGenerateKeyPublicExponent(); |
+ |
+ // The algorithm was null when importing a raw-formatted key. In this case it |
+ // is required. |
+ static Status ErrorMissingAlgorithmImportRawKey(); |
+ |
+ // The modulus bytes were empty when importing an RSA public key. |
+ static Status ErrorImportRsaEmptyModulus(); |
+ |
+ // The the modulus length was zero bits when generating an RSA public key. |
+ static Status ErrorGenerateRsaZeroModulus(); |
+ |
+ // The exponent bytes were empty when importing an RSA public key. |
+ static Status ErrorImportRsaEmptyExponent(); |
+ |
+ // An unextractable key was used by an operation which exports the key data. |
+ static Status ErrorKeyNotExtractable(); |
+ |
+ // The key length specified when generating a key was invalid. Either it was |
+ // zero, or it was not a multiple of 8 bits. |
+ static Status ErrorGenerateKeyLength(); |
+ |
+ private: |
+ // |error_details_utf8| can be NULL to indicate there was no error. |
+ // Otherwise it is a UTF-8 string literal (the pointer must remain valid). |
+ explicit Status(const char* error_details_utf8); |
+ |
+ const char* error_details_; |
+}; |
+ |
// Returns a pointer to the start of |data|, or NULL if it is empty. This is a |
// convenience function for getting the pointer, and should not be used beyond |
// the expected lifetime of |data|. |