[webcrypto] Set the error type for failures.

content/child/webcrypto/platform_crypto_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/platform_crypto.h"
 
 #include <cryptohi.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
@@ skipping 207 matching lines @@
                             SymKey* key,
                             const CryptoData& iv,
                             const CryptoData& data,
                             blink::WebArrayBuffer* buffer) {
   CK_ATTRIBUTE_TYPE operation = (mode == ENCRYPT) ? CKA_ENCRYPT : CKA_DECRYPT;
 
   SECItem iv_item = MakeSECItemForBuffer(iv);
 
   crypto::ScopedSECItem param(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));
   if (!param)
-    return Status::Error();
+    return Status::OperationError();
 
   crypto::ScopedPK11Context context(PK11_CreateContextBySymKey(
       CKM_AES_CBC_PAD, operation, key->key(), param.get()));
 
   if (!context.get())
-    return Status::Error();
+    return Status::OperationError();
 
   // Oddly PK11_CipherOp takes input and output lengths as "int" rather than
   // "unsigned int". Do some checks now to avoid integer overflowing.
   if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) {
     // TODO(eroman): Handle this by chunking the input fed into NSS. Right now
     // it doesn't make much difference since the one-shot API would end up
     // blowing out the memory and crashing anyway.
     return Status::ErrorDataTooLarge();
   }
 
   // PK11_CipherOp does an invalid memory access when given empty decryption
   // input, or input which is not a multiple of the block size. See also
   // https://bugzilla.mozilla.com/show_bug.cgi?id=921687.
   if (operation == CKA_DECRYPT &&
       (data.byte_length() == 0 || (data.byte_length() % AES_BLOCK_SIZE != 0))) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   // TODO(eroman): Refine the output buffer size. It can be computed exactly for
   //               encryption, and can be smaller for decryption.
   unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE;
   CHECK_GT(output_max_len, data.byte_length());
 
   *buffer = blink::WebArrayBuffer::create(output_max_len, 1);
 
   unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data());
 
   int output_len;
   if (SECSuccess != PK11_CipherOp(context.get(),
                                   buffer_data,
                                   &output_len,
                                   buffer->byteLength(),
                                   data.bytes(),
                                   data.byte_length())) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   unsigned int final_output_chunk_len;
   if (SECSuccess != PK11_DigestFinal(context.get(),
                                      buffer_data + output_len,
                                      &final_output_chunk_len,
                                      output_max_len - output_len)) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   ShrinkBuffer(buffer, final_output_chunk_len + output_len);
   return Status::Success();
 }
 
 // Helper to either encrypt or decrypt for AES-GCM. The result of encryption is
 // the concatenation of the ciphertext and the authentication tag. Similarly,
 // this is the expectation for the input to decryption.
 Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode,
@@ skipping 56 matching lines @@
   SECStatus result = func(key->key(),
                           CKM_AES_GCM,
                           &param,
                           buffer_data,
                           &output_len,
                           buffer->byteLength(),
                           data.bytes(),
                           data.byte_length());
 
   if (result != SECSuccess)
-    return Status::Error();
+    return Status::OperationError();
 
   // Unfortunately the buffer needs to be shrunk for decryption (see the NSS bug
   // above).
   ShrinkBuffer(buffer, output_len);
 
   return Status::Success();
 }
 
 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism(
     const blink::WebCryptoAlgorithm& algorithm) {
@@ skipping 153 matching lines @@
                                                      CKM_NSS_AES_KEY_WRAP,
                                                      param_item.get(),
                                                      &cipher_text,
                                                      mechanism,
                                                      flags,
                                                      plaintext_length));
   // TODO(padolph): Use NSS PORT_GetError() and friends to report a more
   // accurate error, providing if doesn't leak any information to web pages
   // about other web crypto users, key details, etc.
   if (!new_key)
-    return Status::Error();
+    return Status::OperationError();
 
 #if defined(USE_NSS)
   // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=981170
   // which was fixed in NSS 3.16.0.
   // If unwrap fails, NSS nevertheless returns a valid-looking PK11SymKey,
   // with a reasonable length but with key data pointing to uninitialized
   // memory.
   // To understand this workaround see the fix for 981170:
   // https://hg.mozilla.org/projects/nss/rev/753bb69e543c
   if (!NSS_VersionCheck("3.16") && PORT_GetError() == SEC_ERROR_BAD_DATA)
-    return Status::Error();
+    return Status::OperationError();
 #endif
 
   *unwrapped_key = new_key.Pass();
   return Status::Success();
 }
 
 void CopySECItemToVector(const SECItem& item, std::vector<uint8>* out) {
   out->assign(item.data, item.data + item.len);
 }
 
@@ skipping 166 matching lines @@
 
  private:
   Status Init() {
     HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm_id_);
 
     if (hash_type == HASH_AlgNULL)
       return Status::ErrorUnsupported();
 
     hash_context_ = HASH_Create(hash_type);
     if (!hash_context_)
-      return Status::Error();
+      return Status::OperationError();
 
     HASH_Begin(hash_context_);
 
     return Status::Success();
   }
 
   Status FinishInternal(unsigned char* result, unsigned int* result_size) {
     if (!hash_context_) {
       Status error = Init();
       if (!error.IsSuccess())
@@ skipping 36 matching lines @@
   crypto::ScopedPK11SymKey pk11_sym_key(
       PK11_ImportSymKeyWithFlags(slot.get(),
                                  mechanism,
                                  PK11_OriginUnwrap,
                                  CKA_FLAGS_ONLY,
                                  &key_item,
                                  flags,
                                  false,
                                  NULL));
   if (!pk11_sym_key.get())
-    return Status::Error();
+    return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreateSecretKeyAlgorithm(
           algorithm, key_data.byte_length(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new SymKey(pk11_sym_key.Pass()),
                                      blink::WebCryptoKeyTypeSecret,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
   return Status::Success();
 }
 
 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) {
   if (PK11_ExtractKeyValue(key->key()) != SECSuccess)
-    return Status::Error();
+    return Status::OperationError();
 
+  // NOTE: the spec does not define any other failures for exporting, so
+  // technically none of the subsequent errors are spec compliant.
   const SECItem* key_data = PK11_GetKeyData(key->key());
   if (!key_data)
-    return Status::Error();
+    return Status::OperationError();
 
   *buffer = CreateArrayBuffer(key_data->data, key_data->len);
 
   return Status::Success();
 }
 
 namespace {
 
 typedef scoped_ptr<CERTSubjectPublicKeyInfo,
                    crypto::NSSDestroyer<CERTSubjectPublicKeyInfo,
@@ skipping 32 matching lines @@
   if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
   DCHECK(key_data.bytes());
 
   // The binary blob 'key_data' is expected to be a DER-encoded ASN.1 Subject
   // Public Key Info. Decode this to a CERTSubjectPublicKeyInfo.
   SECItem spki_item = MakeSECItemForBuffer(key_data);
   const ScopedCERTSubjectPublicKeyInfo spki(
       SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
   if (!spki)
-    return Status::Error();
+    return Status::DataError();
 
   crypto::ScopedSECKEYPublicKey sec_public_key(
       SECKEY_ExtractPublicKey(spki.get()));
   if (!sec_public_key)
-    return Status::Error();
+    return Status::DataError();
 
   const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get());
   if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
-    return Status::Error();
+    return Status::DataError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(
           algorithm, sec_public_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()),
                                      blink::WebCryptoKeyTypePublic,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
 
   return Status::Success();
 }
 
 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) {
   const crypto::ScopedSECItem spki_der(
       SECKEY_EncodeDERSubjectPublicKeyInfo(key->key()));
+  // NOTE: the spec does not define any other failures for exporting, so
+  // technically none of the subsequent errors are spec compliant.
   if (!spki_der)
-    return Status::Error();
+    return Status::OperationError();
 
   DCHECK(spki_der->data);
   DCHECK(spki_der->len);
 
   *buffer = CreateArrayBuffer(spki_der->data, spki_der->len);
 
   return Status::Success();
 }
 
 Status ExportRsaPublicKey(PublicKey* key,
@@ skipping 21 matching lines @@
 #if defined(USE_NSS)
   // PK11_ExportDERPrivateKeyInfo isn't available. Use our fallback code.
   const SECOidTag algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION;
   const int kPrivateKeyInfoVersion = 0;
 
   SECKEYPrivateKeyInfo private_key_info = {};
   RSAPrivateKey rsa_private_key = {};
   scoped_ptr<RSAPrivateKey, FreeRsaPrivateKey> free_private_key(
       &rsa_private_key);
 
+  // NOTE: the spec does not define any other failures for exporting, so
+  // technically none of the subsequent errors are spec compliant.

[Ryan Sleevi, 2014/04/24 01:17:01]

Filed http://crbug.com/366427 to track this - I dislike tracking issues like
this as mere notes :)

Update the comments to be

// http://crbug.com/366427 - The spec does not define ...

[eroman, 2014/04/24 02:34:37]

Done.

   if (!InitRSAPrivateKey(key->key(), &rsa_private_key))
-    return Status::Error();
+    return Status::OperationError();
 
   crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
   if (!arena.get())
-    return Status::Error();
+    return Status::OperationError();
 
   if (!SEC_ASN1EncodeItem(arena.get(),
                           &private_key_info.privateKey,
                           &rsa_private_key,
                           RSAPrivateKeyTemplate))
-    return Status::Error();
+    return Status::OperationError();
 
   if (SECSuccess !=
       SECOID_SetAlgorithmID(
           arena.get(), &private_key_info.algorithm, algorithm, NULL))
-    return Status::Error();
+    return Status::OperationError();
 
   if (!SEC_ASN1EncodeInteger(
           arena.get(), &private_key_info.version, kPrivateKeyInfoVersion))
-    return Status::Error();
+    return Status::OperationError();
 
   crypto::ScopedSECItem encoded_key(
       SEC_ASN1EncodeItem(NULL,
                          NULL,
                          &private_key_info,
                          SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate)));
 #else  // defined(USE_NSS)
   crypto::ScopedSECItem encoded_key(
       PK11_ExportDERPrivateKeyInfo(key->key(), NULL));
 #endif  // defined(USE_NSS)
 
   if (!encoded_key.get())
-    return Status::Error();
+    return Status::OperationError();
 
   *buffer = CreateArrayBuffer(encoded_key->data, encoded_key->len);
   return Status::Success();
 }
 
 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
                       const CryptoData& key_data,
                       bool extractable,
                       blink::WebCryptoKeyUsageMask usage_mask,
                       blink::WebCryptoKey* key) {
@@ skipping 12 matching lines @@
   crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
   if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot.get(),
                                                &pki_der,
                                                NULL,    // nickname
                                                NULL,    // publicValue
                                                false,   // isPerm
                                                false,   // isPrivate
                                                KU_ALL,  // usage
                                                &seckey_private_key,
                                                NULL) != SECSuccess) {
-    return Status::Error();
+    return Status::DataError();
   }
   DCHECK(seckey_private_key);
   crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key);
 
   const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get());
   if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
-    return Status::Error();
+    return Status::DataError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()),
                                      blink::WebCryptoKeyTypePrivate,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
@@ skipping 14 matching lines @@
   SECItem param_item = {siBuffer, NULL, 0};
   SECItem data_item = MakeSECItemForBuffer(data);
   // First call is to figure out the length.
   SECItem signature_item = {siBuffer, NULL, 0};
 
   if (PK11_SignWithSymKey(key->key(),
                           PK11_GetMechanism(key->key()),
                           &param_item,
                           &signature_item,
                           &data_item) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   DCHECK_NE(0u, signature_item.len);
 
   *buffer = blink::WebArrayBuffer::create(signature_item.len, 1);
   signature_item.data = reinterpret_cast<unsigned char*>(buffer->data());
 
   if (PK11_SignWithSymKey(key->key(),
                           PK11_GetMechanism(key->key()),
                           &param_item,
                           &signature_item,
                           &data_item) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   DCHECK_EQ(buffer->byteLength(), signature_item.len);
   return Status::Success();
 }
 
 // -----------------------------------
 // RsaEsPkcs1v1_5
 // -----------------------------------
 
@@ skipping 11 matching lines @@
 
   *buffer = blink::WebArrayBuffer::create(encrypted_length_bytes, 1);
   unsigned char* const buffer_data =
       reinterpret_cast<unsigned char*>(buffer->data());
 
   if (PK11_PubEncryptPKCS1(key->key(),
                            buffer_data,
                            const_cast<unsigned char*>(data.bytes()),
                            data.byte_length(),
                            NULL) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
   return Status::Success();
 }
 
 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
                              const CryptoData& data,
                              blink::WebArrayBuffer* buffer) {
   const int modulus_length_bytes = PK11_GetPrivateModulusLen(key->key());
   if (modulus_length_bytes <= 0)
     return Status::ErrorUnexpected();
   const unsigned int max_output_length_bytes = modulus_length_bytes;
 
   *buffer = blink::WebArrayBuffer::create(max_output_length_bytes, 1);
   unsigned char* const buffer_data =
       reinterpret_cast<unsigned char*>(buffer->data());
 
   unsigned int output_length_bytes = 0;
   if (PK11_PrivDecryptPKCS1(key->key(),
                             buffer_data,
                             &output_length_bytes,
                             max_output_length_bytes,
                             const_cast<unsigned char*>(data.bytes()),
                             data.byte_length()) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
   DCHECK_LE(output_length_bytes, max_output_length_bytes);
   ShrinkBuffer(buffer, output_length_bytes);
   return Status::Success();
 }
 
 // -----------------------------------
 // RsaSsaPkcs1v1_5
 // -----------------------------------
 
@@ skipping 20 matching lines @@
     default:
       return Status::ErrorUnsupported();
   }
 
   crypto::ScopedSECItem signature_item(SECITEM_AllocItem(NULL, NULL, 0));
   if (SEC_SignData(signature_item.get(),
                    data.bytes(),
                    data.byte_length(),
                    key->key(),
                    sign_alg_tag) != SECSuccess) {
-    return Status::Error();
+    return Status::OperationError();
   }
 
   *buffer = CreateArrayBuffer(signature_item->data, signature_item->len);
   return Status::Success();
 }
 
 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key,
                              const blink::WebCryptoAlgorithm& hash,
                              const CryptoData& signature,
                              const CryptoData& data,
@@ skipping 58 matching lines @@
 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
                           bool extractable,
                           blink::WebCryptoKeyUsageMask usage_mask,
                           unsigned int modulus_length_bits,
                           const CryptoData& public_exponent,
                           const blink::WebCryptoAlgorithm& hash_or_null,
                           blink::WebCryptoKey* public_key,
                           blink::WebCryptoKey* private_key) {
   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
   if (!slot)
-    return Status::Error();
+    return Status::OperationError();
 
   unsigned long public_exponent_long;
   if (!BigIntegerToLong(public_exponent.bytes(),
                         public_exponent.byte_length(),
                         &public_exponent_long) ||
       !public_exponent_long) {
     return Status::ErrorGenerateKeyPublicExponent();
   }
 
   PK11RSAGenParams rsa_gen_params;
@@ skipping 29 matching lines @@
   crypto::ScopedSECKEYPrivateKey scoped_sec_private_key(
       PK11_GenerateKeyPairWithOpFlags(slot.get(),
                                       CKM_RSA_PKCS_KEY_PAIR_GEN,
                                       &rsa_gen_params,
                                       &sec_public_key,
                                       attribute_flags,
                                       operation_flags,
                                       operation_flags_mask,
                                       NULL));
   if (!private_key)
-    return Status::Error();
+    return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm))
     return Status::ErrorUnexpected();
 
   *public_key = blink::WebCryptoKey::create(
       new PublicKey(crypto::ScopedSECKEYPublicKey(sec_public_key)),
       blink::WebCryptoKeyTypePublic,
       true,
       key_algorithm,
       usage_mask);
   *private_key =
       blink::WebCryptoKey::create(new PrivateKey(scoped_sec_private_key.Pass()),
                                   blink::WebCryptoKeyTypePrivate,
                                   extractable,
                                   key_algorithm,
                                   usage_mask);
 
   return Status::Success();
 }
 
 void Init() { crypto::EnsureNSSInit(); }
 
 Status DigestSha(blink::WebCryptoAlgorithmId algorithm,
                  const CryptoData& data,
                  blink::WebArrayBuffer* buffer) {
   DigestorNSS digestor(algorithm);
   Status error = digestor.ConsumeWithStatus(data.bytes(), data.byte_length());
+  // NOTE: the spec does not define any other failures for digest, so
+  // technically none of the subsequent errors are spec compliant.
   if (!error.IsSuccess())
     return error;
   return digestor.FinishWithWebArrayAndStatus(buffer);
 }
 
 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
     blink::WebCryptoAlgorithmId algorithm_id) {
   return scoped_ptr<blink::WebCryptoDigestor>(new DigestorNSS(algorithm_id));
 }
 
 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
                          bool extractable,
                          blink::WebCryptoKeyUsageMask usage_mask,
                          unsigned keylen_bytes,
                          blink::WebCryptoKey* key) {
   CK_MECHANISM_TYPE mech = WebCryptoAlgorithmToGenMechanism(algorithm);
   blink::WebCryptoKeyType key_type = blink::WebCryptoKeyTypeSecret;
 
   if (mech == CKM_INVALID_MECHANISM)
     return Status::ErrorUnsupported();
 
   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
   if (!slot)
-    return Status::Error();
+    return Status::OperationError();
 
   crypto::ScopedPK11SymKey pk11_key(
       PK11_KeyGen(slot.get(), mech, NULL, keylen_bytes, NULL));
 
   if (!pk11_key)
-    return Status::Error();
+    return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreateSecretKeyAlgorithm(algorithm, keylen_bytes, &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new SymKey(pk11_key.Pass()),
                                      key_type,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
@@ skipping 36 matching lines @@
   const SEC_ASN1Template rsa_public_key_template[] = {
       {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RsaPublicKeyData)},
       {SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, modulus), },
       {SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, exponent), },
       {0, }};
 
   // DER-encode the public key.
   crypto::ScopedSECItem pubkey_der(
       SEC_ASN1EncodeItem(NULL, NULL, &pubkey_in, rsa_public_key_template));
   if (!pubkey_der)
-    return Status::Error();
+    return Status::OperationError();
 
   // Import the DER-encoded public key to create an RSA SECKEYPublicKey.
   crypto::ScopedSECKEYPublicKey pubkey(
       SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA));
   if (!pubkey)
-    return Status::Error();
+    return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(algorithm, pubkey.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new PublicKey(pubkey.Pass()),
                                      blink::WebCryptoKeyTypePublic,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
@@ skipping 24 matching lines @@
 
   const unsigned int output_length = input_length + 8;
   *buffer = blink::WebArrayBuffer::create(output_length, 1);
   SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer));
 
   if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP,
                                     param_item.get(),
                                     wrapping_key->key(),
                                     key->key(),
                                     &wrapped_key_item)) {
-    return Status::Error();
+    return Status::OperationError();
   }
   if (output_length != wrapped_key_item.len)
     return Status::ErrorUnexpected();
 
   return Status::Success();
 }
 
 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
                          SymKey* wrapping_key,
                          const blink::WebCryptoAlgorithm& algorithm,
@@ skipping 34 matching lines @@
   // temporarily viewed as a symmetric key to be unwrapped (decrypted).
   crypto::ScopedPK11SymKey decrypted;
   Status status = DoUnwrapSymKeyAesKw(
       data, wrapping_key, CKK_GENERIC_SECRET, CKA_ENCRYPT, &decrypted);
   if (status.IsError())
     return status;
 
   // Once the decrypt is complete, extract the resultant raw bytes from NSS and
   // return them to the caller.
   if (PK11_ExtractKeyValue(decrypted.get()) != SECSuccess)
-    return Status::Error();
+    return Status::OperationError();
   const SECItem* const key_data = PK11_GetKeyData(decrypted.get());
   if (!key_data)
-    return Status::Error();
+    return Status::OperationError();
   *buffer = webcrypto::CreateArrayBuffer(key_data->data, key_data->len);
 
   return Status::Success();
 }
 
 Status WrapSymKeyRsaEs(PublicKey* wrapping_key,
                        SymKey* key,
                        blink::WebArrayBuffer* buffer) {
   // Check the raw length of the key to be wrapped against the max size allowed
   // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function,
   // the maximum data length that can be encrypted is the wrapping_key's modulus
   // byte length minus eleven bytes.
   const unsigned int input_length_bytes = PK11_GetKeyLength(key->key());
   const unsigned int modulus_length_bytes =
       SECKEY_PublicKeyStrength(wrapping_key->key());
   if (modulus_length_bytes < 11 ||
       modulus_length_bytes - 11 < input_length_bytes)
     return Status::ErrorDataTooLarge();
 
   *buffer = blink::WebArrayBuffer::create(modulus_length_bytes, 1);
   SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer));
 
   if (SECSuccess !=
       PK11_PubWrapSymKey(
           CKM_RSA_PKCS, wrapping_key->key(), key->key(), &wrapped_key_item)) {
-    return Status::Error();
+    return Status::OperationError();
   }
   if (wrapped_key_item.len != modulus_length_bytes)
     return Status::ErrorUnexpected();
 
   return Status::Success();
 }
 
 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data,
                          PrivateKey* wrapping_key,
                          const blink::WebCryptoAlgorithm& algorithm,
@@ skipping 22 matching lines @@
 
   crypto::ScopedPK11SymKey unwrapped_key(
       PK11_PubUnwrapSymKeyWithFlagsPerm(wrapping_key->key(),
                                         &wrapped_key_item,
                                         mechanism,
                                         CKA_DECRYPT,
                                         0,
                                         flags,
                                         false));
   if (!unwrapped_key)
-    return Status::Error();
+    return Status::OperationError();
 
   const unsigned int key_length = PK11_GetKeyLength(unwrapped_key.get());
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreateSecretKeyAlgorithm(algorithm, key_length, &key_algorithm))
     return Status::ErrorUnexpected();
 
   *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()),
                                      blink::WebCryptoKeyTypeSecret,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
   return Status::Success();
 }
 
 }  // namespace platform
 
 }  // namespace webcrypto
 
 }  // namespace content