[webcrypto] Set the error type for failures.

content/child/webcrypto/platform_crypto_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/platform_crypto.h"
 
 #include <cryptohi.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
@@ skipping 207 matching lines @@
                             SymKey* key,
                             const CryptoData& iv,
                             const CryptoData& data,
                             blink::WebArrayBuffer* buffer) {
   CK_ATTRIBUTE_TYPE operation = (mode == ENCRYPT) ? CKA_ENCRYPT : CKA_DECRYPT;
 
   SECItem iv_item = MakeSECItemForBuffer(iv);
 
   crypto::ScopedSECItem param(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));
   if (!param)
-    return Status::Error();
+    return Status::OperationError();
 
   crypto::ScopedPK11Context context(PK11_CreateContextBySymKey(
       CKM_AES_CBC_PAD, operation, key->key(), param.get()));
 
   if (!context.get())
-    return Status::Error();
+    return Status::OperationError();
 
   // Oddly PK11_CipherOp takes input and output lengths as "int" rather than
   // "unsigned int". Do some checks now to avoid integer overflowing.
   if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) {
     // TODO(eroman): Handle this by chunking the input fed into NSS. Right now
     // it doesn't make much difference since the one-shot API would end up
     // blowing out the memory and crashing anyway.
     return Status::ErrorDataTooLarge();
   }
 
   // PK11_CipherOp does an invalid memory access when given empty decryption
   // input, or input which is not a multiple of the block size. See also
   // https://bugzilla.mozilla.com/show_bug.cgi?id=921687.
   if (operation == CKA_DECRYPT &&
       (data.byte_length() == 0 || (data.byte_length() % AES_BLOCK_SIZE != 0))) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   // TODO(eroman): Refine the output buffer size. It can be computed exactly for
   //               encryption, and can be smaller for decryption.
   unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE;
   CHECK_GT(output_max_len, data.byte_length());
 
   *buffer = blink::WebArrayBuffer::create(output_max_len, 1);
 
   unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data());
 
   int output_len;
   if (SECSuccess != PK11_CipherOp(context.get(),
                                   buffer_data,
                                   &output_len,
                                   buffer->byteLength(),
                                   data.bytes(),
                                   data.byte_length())) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   unsigned int final_output_chunk_len;
   if (SECSuccess != PK11_DigestFinal(context.get(),
                                      buffer_data + output_len,
                                      &final_output_chunk_len,
                                      output_max_len - output_len)) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   ShrinkBuffer(buffer, final_output_chunk_len + output_len);
   return Status::Success();
 }
 
 // Helper to either encrypt or decrypt for AES-GCM. The result of encryption is
 // the concatenation of the ciphertext and the authentication tag. Similarly,
 // this is the expectation for the input to decryption.
 Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode,
@@ skipping 56 matching lines @@
   SECStatus result = func(key->key(),
                           CKM_AES_GCM,
                           &param,
                           buffer_data,
                           &output_len,
                           buffer->byteLength(),
                           data.bytes(),
                           data.byte_length());
 
   if (result != SECSuccess)
-    return Status::Error();
+    return Status::OperationError();
 
   // Unfortunately the buffer needs to be shrunk for decryption (see the NSS bug
   // above).
   ShrinkBuffer(buffer, output_len);
 
   return Status::Success();
 }
 
 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism(
     const blink::WebCryptoAlgorithm& algorithm) {
@@ skipping 153 matching lines @@
                                                      CKM_NSS_AES_KEY_WRAP,
                                                      param_item.get(),
                                                      &cipher_text,
                                                      mechanism,
                                                      flags,
                                                      plaintext_length));
   // TODO(padolph): Use NSS PORT_GetError() and friends to report a more
   // accurate error, providing if doesn't leak any information to web pages
   // about other web crypto users, key details, etc.
   if (!new_key)
-    return Status::Error();
+    return Status::OperationError();
 
 #if defined(USE_NSS)
   // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=981170
   // which was fixed in NSS 3.16.0.
   // If unwrap fails, NSS nevertheless returns a valid-looking PK11SymKey,
   // with a reasonable length but with key data pointing to uninitialized
   // memory.
   // To understand this workaround see the fix for 981170:
   // https://hg.mozilla.org/projects/nss/rev/753bb69e543c
   if (!NSS_VersionCheck("3.16") && PORT_GetError() == SEC_ERROR_BAD_DATA)
-    return Status::Error();
+    return Status::OperationError();
 #endif
 
   *unwrapped_key = new_key.Pass();
   return Status::Success();
 }
 
 void CopySECItemToVector(const SECItem& item, std::vector<uint8>* out) {
   out->assign(item.data, item.data + item.len);
 }
 
@@ skipping 166 matching lines @@
 
  private:
   Status Init() {
     HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm_id_);
 
     if (hash_type == HASH_AlgNULL)
       return Status::ErrorUnsupported();
 
     hash_context_ = HASH_Create(hash_type);
     if (!hash_context_)
-      return Status::Error();
+      return Status::OperationError();
 
     HASH_Begin(hash_context_);
 
     return Status::Success();
   }
 
   Status FinishInternal(unsigned char* result, unsigned int* result_size) {
     if (!hash_context_) {
       Status error = Init();
       if (!error.IsSuccess())
@@ skipping 36 matching lines @@
   crypto::ScopedPK11SymKey pk11_sym_key(
       PK11_ImportSymKeyWithFlags(slot.get(),
                                  mechanism,
                                  PK11_OriginUnwrap,
                                  CKA_FLAGS_ONLY,
                                  &key_item,
                                  flags,
                                  false,
                                  NULL));
   if (!pk11_sym_key.get())
-    return Status::Error();
+    return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreateSecretKeyAlgorithm(
           algorithm, key_data.byte_length(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new SymKey(pk11_sym_key.Pass()),
                                      blink::WebCryptoKeyTypeSecret,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
   return Status::Success();
 }
 
 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) {
   if (PK11_ExtractKeyValue(key->key()) != SECSuccess)
-    return Status::Error();
+    return Status::OperationError();
 
   const SECItem* key_data = PK11_GetKeyData(key->key());
   if (!key_data)
-    return Status::Error();
+    return Status::OperationError();
 
   *buffer = CreateArrayBuffer(key_data->data, key_data->len);
 
   return Status::Success();
 }
 
 namespace {
 
 typedef scoped_ptr<CERTSubjectPublicKeyInfo,
                    crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
@@ skipping 32 matching lines @@
   if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
   DCHECK(key_data.bytes());
 
   // The binary blob 'key_data' is expected to be a DER-encoded ASN.1 Subject
   // Public Key Info. Decode this to a CERTSubjectPublicKeyInfo.
   SECItem spki_item = MakeSECItemForBuffer(key_data);
   const ScopedCERTSubjectPublicKeyInfo spki(
       SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
   if (!spki)
-    return Status::Error();
+    return Status::OperationError();

[Ryan Sleevi, 2014/04/22 23:45:50]

DataError - Note that this handling is not defined in a generic sense, but in
each of the representative sections

18.4.5 (RSAES-PKCS1-v1.5 importKey)
18.5.6 (RSASSA-PKCS1-v1_5 importKey)
18.6.4 (RSA-PSS importKey)
18.7.4 (RSA-OAEP importKey)
18.8.7 (ECDSA importKey)
18.9.4 (ECDH importKey)

Note that ECDH is bugged - filed
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25419

[eroman, 2014/04/23 00:11:30]

Done.

 
   crypto::ScopedSECKEYPublicKey sec_public_key(
       SECKEY_ExtractPublicKey(spki.get()));
   if (!sec_public_key)
-    return Status::Error();
+    return Status::OperationError();

[Ryan Sleevi, 2014/04/22 23:45:50]

DataError

 
   const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get());
   if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
-    return Status::Error();
+    return Status::OperationError();

[Ryan Sleevi, 2014/04/22 23:45:50]

DataError

 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(
           algorithm, sec_public_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()),
                                      blink::WebCryptoKeyTypePublic,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
 
   return Status::Success();
 }
 
 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) {
   const crypto::ScopedSECItem spki_der(
       SECKEY_EncodeDERSubjectPublicKeyInfo(key->key()));

[Ryan Sleevi, 2014/04/22 23:45:50]

FWIW, this doesn't match what the spec says - or at least, this function is not
guaranteed to.

[eroman, 2014/04/23 00:11:30]

Can you explain? As in the OID is not guaranteed to be the same as what spec
says?

[Ryan Sleevi, 2014/04/23 00:17:56]

Correct. You have no guarantee that the OID - or that the associated parameters
- are being encoded consistently.

I would actually be surprised if it's "doing the right thing" for RSA keys of
all types, since the export format calls for a particular OID that is uncommon
in the X.509 case.

[eroman, 2014/04/23 00:36:14]

I will document it for now. How do you suggest proceeding here? Do I need to set
up a template and do the encoding manually?

   if (!spki_der)
-    return Status::Error();
+    return Status::OperationError();

[Ryan Sleevi, 2014/04/22 23:45:50]

Not a valid return from this function.

[eroman, 2014/04/23 00:11:30]

Can you explain?

[Ryan Sleevi, 2014/04/23 00:17:56]

This operation is not allowed to fail.

[eroman, 2014/04/23 00:36:14]

I will add a note.

 
   DCHECK(spki_der->data);
   DCHECK(spki_der->len);
 
   *buffer = CreateArrayBuffer(spki_der->data, spki_der->len);
 
   return Status::Success();
 }
 
 Status ExportRsaPublicKey(PublicKey* key,
@@ skipping 22 matching lines @@
   // PK11_ExportDERPrivateKeyInfo isn't available. Use our fallback code.
   const SECOidTag algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
   const int kPrivateKeyInfoVersion = 0;
 
   SECKEYPrivateKeyInfo private_key_info = {};
   RSAPrivateKey rsa_private_key = {};
   scoped_ptr<RSAPrivateKey, FreeRsaPrivateKey> free_private_key(
       &rsa_private_key);
 
   if (!InitRSAPrivateKey(key->key(), &rsa_private_key))
-    return Status::Error();
+    return Status::OperationError();
 
   crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
   if (!arena.get())
-    return Status::Error();
+    return Status::OperationError();
 
   if (!SEC_ASN1EncodeItem(arena.get(),
                           &private_key_info.privateKey,
                           &rsa_private_key,
                           RSAPrivateKeyTemplate))
-    return Status::Error();
+    return Status::OperationError();
 
   if (SECSuccess !=
       SECOID_SetAlgorithmID(
           arena.get(), &private_key_info.algorithm, algorithm, NULL))
-    return Status::Error();
+    return Status::OperationError();
 
   if (!SEC_ASN1EncodeInteger(
           arena.get(), &private_key_info.version, kPrivateKeyInfoVersion))
-    return Status::Error();
+    return Status::OperationError();
 
   crypto::ScopedSECItem encoded_key(
       SEC_ASN1EncodeItem(NULL,
                          NULL,
                          &private_key_info,
                          SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate)));
 #else  // defined(USE_NSS)
   crypto::ScopedSECItem encoded_key(
       PK11_ExportDERPrivateKeyInfo(key->key(), NULL));
 #endif  // defined(USE_NSS)
 
   if (!encoded_key.get())
-    return Status::Error();
+    return Status::OperationError();

[Ryan Sleevi, 2014/04/22 23:45:50]

None of these are spec-compliant return values.

[eroman, 2014/04/23 00:11:30]

Not sure what you mean by this. Is your concern that the spec doesn't allow
these operations to fail, and yet failures are possible here? Or that the error
type is not correct.

[Ryan Sleevi, 2014/04/23 00:17:56]

That they're not allowed to fail.

I agree, it's a spec/implementation skew, but it's just worth calling out here.
Either we make the implementation unfailable (eww), or we document how it can
fail. Suggestions welcome from implementors ;)

[eroman, 2014/04/23 00:36:14]

I think the spec should allow for such failures.

Most of the other operations have an escape hatch that reads something like:

"""If the key generation step fails, then return an error named
OperationError."""

Which leads me to believe that OperationError is the catch all for anything else
that goes wrong while executing an operation. I think the wording should be
updated so it more clearly applies to both exportKey() and digest().

I will file a bug.

 
   *buffer = CreateArrayBuffer(encoded_key->data, encoded_key->len);
   return Status::Success();
 }
 
 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
                       const CryptoData& key_data,
                       bool extractable,
                       blink::WebCryptoKeyUsageMask usage_mask,
                       blink::WebCryptoKey* key) {
@@ skipping 12 matching lines @@
   crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
   if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot.get(),
                                                &pki_der,
                                                NULL,    // nickname
                                                NULL,    // publicValue
                                                false,   // isPerm
                                                false,   // isPrivate
                                                KU_ALL,  // usage
                                                &seckey_private_key,
                                                NULL) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();

[Ryan Sleevi, 2014/04/22 23:45:50]

DataError

[eroman, 2014/04/23 00:11:30]

Done.

   }
   DCHECK(seckey_private_key);
   crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key);
 
   const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get());
   if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
-    return Status::Error();
+    return Status::OperationError();

[Ryan Sleevi, 2014/04/22 23:45:50]

DataError

[eroman, 2014/04/23 00:11:30]

Done.

 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()),
                                      blink::WebCryptoKeyTypePrivate,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
@@ skipping 14 matching lines @@
   SECItem param_item = {siBuffer, NULL, 0};
   SECItem data_item = MakeSECItemForBuffer(data);
   // First call is to figure out the length.
   SECItem signature_item = {siBuffer, NULL, 0};
 
   if (PK11_SignWithSymKey(key->key(),
                           PK11_GetMechanism(key->key()),
                           &param_item,
                           &signature_item,
                           &data_item) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   DCHECK_NE(0u, signature_item.len);
 
   *buffer = blink::WebArrayBuffer::create(signature_item.len, 1);
   signature_item.data = reinterpret_cast<unsigned char*>(buffer->data());
 
   if (PK11_SignWithSymKey(key->key(),
                           PK11_GetMechanism(key->key()),
                           &param_item,
                           &signature_item,
                           &data_item) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   DCHECK_EQ(buffer->byteLength(), signature_item.len);
   return Status::Success();
 }
 
 // -----------------------------------
 // RsaEsPkcs1v1_5
 // -----------------------------------
 
@@ skipping 11 matching lines @@
 
   *buffer = blink::WebArrayBuffer::create(encrypted_length_bytes, 1);
   unsigned char* const buffer_data =
       reinterpret_cast<unsigned char*>(buffer->data());
 
   if (PK11_PubEncryptPKCS1(key->key(),
                            buffer_data,
                            const_cast<unsigned char*>(data.bytes()),
                            data.byte_length(),
                            NULL) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
   return Status::Success();
 }
 
 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
                              const CryptoData& data,
                              blink::WebArrayBuffer* buffer) {
   const int modulus_length_bytes = PK11_GetPrivateModulusLen(key->key());
   if (modulus_length_bytes <= 0)
     return Status::ErrorUnexpected();
   const unsigned int max_output_length_bytes = modulus_length_bytes;
 
   *buffer = blink::WebArrayBuffer::create(max_output_length_bytes, 1);
   unsigned char* const buffer_data =
       reinterpret_cast<unsigned char*>(buffer->data());
 
   unsigned int output_length_bytes = 0;
   if (PK11_PrivDecryptPKCS1(key->key(),
                             buffer_data,
                             &output_length_bytes,
                             max_output_length_bytes,
                             const_cast<unsigned char*>(data.bytes()),
                             data.byte_length()) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
   DCHECK_LE(output_length_bytes, max_output_length_bytes);
   ShrinkBuffer(buffer, output_length_bytes);
   return Status::Success();
 }
 
 // -----------------------------------
 // RsaSsaPkcs1v1_5
 // -----------------------------------
 
@@ skipping 20 matching lines @@
     default:
       return Status::ErrorUnsupported();
   }
 
   crypto::ScopedSECItem signature_item(SECITEM_AllocItem(NULL, NULL, 0));
   if (SEC_SignData(signature_item.get(),
                    data.bytes(),
                    data.byte_length(),
                    key->key(),
                    sign_alg_tag) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   *buffer = CreateArrayBuffer(signature_item->data, signature_item->len);
   return Status::Success();
 }
 
 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key,
                              const blink::WebCryptoAlgorithm& hash,
                              const CryptoData& signature,
                              const CryptoData& data,
@@ skipping 58 matching lines @@
 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
                           bool extractable,
                           blink::WebCryptoKeyUsageMask usage_mask,
                           unsigned int modulus_length_bits,
                           const CryptoData& public_exponent,
                           const blink::WebCryptoAlgorithm& hash_or_null,
                           blink::WebCryptoKey* public_key,
                           blink::WebCryptoKey* private_key) {
   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
   if (!slot)
-    return Status::Error();
+    return Status::OperationError();
 
   unsigned long public_exponent_long;
   if (!BigIntegerToLong(public_exponent.bytes(),
                         public_exponent.byte_length(),
                         &public_exponent_long) ||
       !public_exponent_long) {
     return Status::ErrorGenerateKeyPublicExponent();
   }
 
   PK11RSAGenParams rsa_gen_params;
@@ skipping 29 matching lines @@
   crypto::ScopedSECKEYPrivateKey scoped_sec_private_key(
       PK11_GenerateKeyPairWithOpFlags(slot.get(),
                                       CKM_RSA_PKCS_KEY_PAIR_GEN,
                                       &rsa_gen_params,
                                       &sec_public_key,
                                       attribute_flags,
                                       operation_flags,
                                       operation_flags_mask,
                                       NULL));
   if (!private_key)
-    return Status::Error();
+    return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm))
     return Status::ErrorUnexpected();
 
   *public_key = blink::WebCryptoKey::create(
       new PublicKey(crypto::ScopedSECKEYPublicKey(sec_public_key)),
       blink::WebCryptoKeyTypePublic,
       true,
       key_algorithm,
@@ skipping 31 matching lines @@
                          unsigned keylen_bytes,
                          blink::WebCryptoKey* key) {
   CK_MECHANISM_TYPE mech = WebCryptoAlgorithmToGenMechanism(algorithm);
   blink::WebCryptoKeyType key_type = blink::WebCryptoKeyTypeSecret;
 
   if (mech == CKM_INVALID_MECHANISM)
     return Status::ErrorUnsupported();
 
   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
   if (!slot)
-    return Status::Error();
+    return Status::OperationError();
 
   crypto::ScopedPK11SymKey pk11_key(
       PK11_KeyGen(slot.get(), mech, NULL, keylen_bytes, NULL));
 
   if (!pk11_key)
-    return Status::Error();
+    return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreateSecretKeyAlgorithm(algorithm, keylen_bytes, &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new SymKey(pk11_key.Pass()),
                                      key_type,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
@@ skipping 36 matching lines @@
   const SEC_ASN1Template rsa_public_key_template[] = {
       {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RsaPublicKeyData)},
       {SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, modulus), },
       {SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, exponent), },
       {0, }};
 
   // DER-encode the public key.
   crypto::ScopedSECItem pubkey_der(
       SEC_ASN1EncodeItem(NULL, NULL, &pubkey_in, rsa_public_key_template));
   if (!pubkey_der)
-    return Status::Error();
+    return Status::OperationError();
 
   // Import the DER-encoded public key to create an RSA SECKEYPublicKey.
   crypto::ScopedSECKEYPublicKey pubkey(
       SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA));
   if (!pubkey)
-    return Status::Error();
+    return Status::OperationError();

[Ryan Sleevi, 2014/04/22 23:45:50]

Not spec compliant return values

 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(algorithm, pubkey.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new PublicKey(pubkey.Pass()),
                                      blink::WebCryptoKeyTypePublic,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
@@ skipping 24 matching lines @@
 
   const unsigned int output_length = input_length + 8;
   *buffer = blink::WebArrayBuffer::create(output_length, 1);
   SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer));
 
   if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP,
                                     param_item.get(),
                                     wrapping_key->key(),
                                     key->key(),
                                     &wrapped_key_item)) {
-    return Status::Error();
+    return Status::OperationError();
   }
   if (output_length != wrapped_key_item.len)
     return Status::ErrorUnexpected();
 
   return Status::Success();
 }
 
 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
                          SymKey* wrapping_key,
                          const blink::WebCryptoAlgorithm& algorithm,
@@ skipping 34 matching lines @@
   // temporarily viewed as a symmetric key to be unwrapped (decrypted).
   crypto::ScopedPK11SymKey decrypted;
   Status status = DoUnwrapSymKeyAesKw(
       data, wrapping_key, CKK_GENERIC_SECRET, CKA_ENCRYPT, &decrypted);
   if (status.IsError())
     return status;
 
   // Once the decrypt is complete, extract the resultant raw bytes from NSS and
   // return them to the caller.
   if (PK11_ExtractKeyValue(decrypted.get()) != SECSuccess)
-    return Status::Error();
+    return Status::OperationError();
   const SECItem* const key_data = PK11_GetKeyData(decrypted.get());
   if (!key_data)
-    return Status::Error();
+    return Status::OperationError();
   *buffer = webcrypto::CreateArrayBuffer(key_data->data, key_data->len);
 
   return Status::Success();
 }
 
 Status WrapSymKeyRsaEs(PublicKey* wrapping_key,
                        SymKey* key,
                        blink::WebArrayBuffer* buffer) {
   // Check the raw length of the key to be wrapped against the max size allowed
   // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function,
   // the maximum data length that can be encrypted is the wrapping_key's modulus
   // byte length minus eleven bytes.
   const unsigned int input_length_bytes = PK11_GetKeyLength(key->key());
   const unsigned int modulus_length_bytes =
       SECKEY_PublicKeyStrength(wrapping_key->key());
   if (modulus_length_bytes < 11 ||
       modulus_length_bytes - 11 < input_length_bytes)
     return Status::ErrorDataTooLarge();
 
   *buffer = blink::WebArrayBuffer::create(modulus_length_bytes, 1);
   SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer));
 
   if (SECSuccess !=
       PK11_PubWrapSymKey(
           CKM_RSA_PKCS, wrapping_key->key(), key->key(), &wrapped_key_item)) {
-    return Status::Error();
+    return Status::OperationError();
   }
   if (wrapped_key_item.len != modulus_length_bytes)
     return Status::ErrorUnexpected();
 
   return Status::Success();
 }
 
 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data,
                          PrivateKey* wrapping_key,
                          const blink::WebCryptoAlgorithm& algorithm,
@@ skipping 22 matching lines @@
 
   crypto::ScopedPK11SymKey unwrapped_key(
       PK11_PubUnwrapSymKeyWithFlagsPerm(wrapping_key->key(),
                                         &wrapped_key_item,
                                         mechanism,
                                         CKA_DECRYPT,
                                         0,
                                         flags,
                                         false));
   if (!unwrapped_key)
-    return Status::Error();
+    return Status::OperationError();
 
   const unsigned int key_length = PK11_GetKeyLength(unwrapped_key.get());
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreateSecretKeyAlgorithm(algorithm, key_length, &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()),
                                      blink::WebCryptoKeyTypeSecret,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
   return Status::Success();
 }
 
 }  // namespace platform
 
 }  // namespace webcrypto
 
 }  // namespace content