Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1719)

Unified Diff: content/child/webcrypto/platform_crypto_nss.cc

Issue 243433006: [webcrypto] Set the error type for failures. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/child/webcrypto/platform_crypto_nss.cc
diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc
index 8799376582813efa6ddad6ffeb7482cf53fdf23b..99fa52026c39e3a19ef19c30a78a364ec85cd476 100644
--- a/content/child/webcrypto/platform_crypto_nss.cc
+++ b/content/child/webcrypto/platform_crypto_nss.cc
@@ -225,13 +225,13 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
crypto::ScopedSECItem param(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));
if (!param)
- return Status::Error();
+ return Status::OperationError();
crypto::ScopedPK11Context context(PK11_CreateContextBySymKey(
CKM_AES_CBC_PAD, operation, key->key(), param.get()));
if (!context.get())
- return Status::Error();
+ return Status::OperationError();
// Oddly PK11_CipherOp takes input and output lengths as "int" rather than
// "unsigned int". Do some checks now to avoid integer overflowing.
@@ -247,7 +247,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
// https://bugzilla.mozilla.com/show_bug.cgi?id=921687.
if (operation == CKA_DECRYPT &&
(data.byte_length() == 0 || (data.byte_length() % AES_BLOCK_SIZE != 0))) {
- return Status::Error();
+ return Status::OperationError();
}
// TODO(eroman): Refine the output buffer size. It can be computed exactly for
@@ -266,7 +266,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
buffer->byteLength(),
data.bytes(),
data.byte_length())) {
- return Status::Error();
+ return Status::OperationError();
}
unsigned int final_output_chunk_len;
@@ -274,7 +274,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
buffer_data + output_len,
&final_output_chunk_len,
output_max_len - output_len)) {
- return Status::Error();
+ return Status::OperationError();
}
ShrinkBuffer(buffer, final_output_chunk_len + output_len);
@@ -351,7 +351,7 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode,
data.byte_length());
if (result != SECSuccess)
- return Status::Error();
+ return Status::OperationError();
// Unfortunately the buffer needs to be shrunk for decryption (see the NSS bug
// above).
@@ -525,7 +525,7 @@ Status DoUnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
// accurate error, providing if doesn't leak any information to web pages
// about other web crypto users, key details, etc.
if (!new_key)
- return Status::Error();
+ return Status::OperationError();
#if defined(USE_NSS)
// Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=981170
@@ -536,7 +536,7 @@ Status DoUnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,
// To understand this workaround see the fix for 981170:
// https://hg.mozilla.org/projects/nss/rev/753bb69e543c
if (!NSS_VersionCheck("3.16") && PORT_GetError() == SEC_ERROR_BAD_DATA)
- return Status::Error();
+ return Status::OperationError();
#endif
*unwrapped_key = new_key.Pass();
@@ -723,7 +723,7 @@ class DigestorNSS : public blink::WebCryptoDigestor {
hash_context_ = HASH_Create(hash_type);
if (!hash_context_)
- return Status::Error();
+ return Status::OperationError();
HASH_Begin(hash_context_);
@@ -780,7 +780,7 @@ Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,
false,
NULL));
if (!pk11_sym_key.get())
- return Status::Error();
+ return Status::OperationError();
blink::WebCryptoKeyAlgorithm key_algorithm;
if (!CreateSecretKeyAlgorithm(
@@ -797,11 +797,11 @@ Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,
Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) {
if (PK11_ExtractKeyValue(key->key()) != SECSuccess)
- return Status::Error();
+ return Status::OperationError();
const SECItem* key_data = PK11_GetKeyData(key->key());
if (!key_data)
- return Status::Error();
+ return Status::OperationError();
*buffer = CreateArrayBuffer(key_data->data, key_data->len);
@@ -854,16 +854,16 @@ Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm,
const ScopedCERTSubjectPublicKeyInfo spki(
SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
if (!spki)
- return Status::Error();
+ return Status::OperationError();
Ryan Sleevi 2014/04/22 23:45:50 DataError - Note that this handling is not defined
eroman 2014/04/23 00:11:30 Done.
crypto::ScopedSECKEYPublicKey sec_public_key(
SECKEY_ExtractPublicKey(spki.get()));
if (!sec_public_key)
- return Status::Error();
+ return Status::OperationError();
Ryan Sleevi 2014/04/22 23:45:50 DataError
const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get());
if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
- return Status::Error();
+ return Status::OperationError();
Ryan Sleevi 2014/04/22 23:45:50 DataError
blink::WebCryptoKeyAlgorithm key_algorithm;
if (!CreatePublicKeyAlgorithm(
@@ -883,7 +883,7 @@ Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) {
const crypto::ScopedSECItem spki_der(
SECKEY_EncodeDERSubjectPublicKeyInfo(key->key()));
Ryan Sleevi 2014/04/22 23:45:50 FWIW, this doesn't match what the spec says - or a
eroman 2014/04/23 00:11:30 Can you explain? As in the OID is not guaranteed t
Ryan Sleevi 2014/04/23 00:17:56 Correct. You have no guarantee that the OID - or t
eroman 2014/04/23 00:36:14 I will document it for now. How do you suggest pro
if (!spki_der)
- return Status::Error();
+ return Status::OperationError();
Ryan Sleevi 2014/04/22 23:45:50 Not a valid return from this function.
eroman 2014/04/23 00:11:30 Can you explain?
Ryan Sleevi 2014/04/23 00:17:56 This operation is not allowed to fail.
eroman 2014/04/23 00:36:14 I will add a note.
DCHECK(spki_der->data);
DCHECK(spki_der->len);
@@ -926,26 +926,26 @@ Status ExportKeyPkcs8(PrivateKey* key,
&rsa_private_key);
if (!InitRSAPrivateKey(key->key(), &rsa_private_key))
- return Status::Error();
+ return Status::OperationError();
crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
if (!arena.get())
- return Status::Error();
+ return Status::OperationError();
if (!SEC_ASN1EncodeItem(arena.get(),
&private_key_info.privateKey,
&rsa_private_key,
RSAPrivateKeyTemplate))
- return Status::Error();
+ return Status::OperationError();
if (SECSuccess !=
SECOID_SetAlgorithmID(
arena.get(), &private_key_info.algorithm, algorithm, NULL))
- return Status::Error();
+ return Status::OperationError();
if (!SEC_ASN1EncodeInteger(
arena.get(), &private_key_info.version, kPrivateKeyInfoVersion))
- return Status::Error();
+ return Status::OperationError();
crypto::ScopedSECItem encoded_key(
SEC_ASN1EncodeItem(NULL,
@@ -958,7 +958,7 @@ Status ExportKeyPkcs8(PrivateKey* key,
#endif // defined(USE_NSS)
if (!encoded_key.get())
- return Status::Error();
+ return Status::OperationError();
Ryan Sleevi 2014/04/22 23:45:50 None of these are spec-compliant return values.
eroman 2014/04/23 00:11:30 Not sure what you mean by this. Is your concern th
Ryan Sleevi 2014/04/23 00:17:56 That they're not allowed to fail. I agree, it's a
eroman 2014/04/23 00:36:14 I think the spec should allow for such failures.
*buffer = CreateArrayBuffer(encoded_key->data, encoded_key->len);
return Status::Success();
@@ -991,14 +991,14 @@ Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
KU_ALL, // usage
&seckey_private_key,
NULL) != SECSuccess) {
- return Status::Error();
+ return Status::OperationError();
Ryan Sleevi 2014/04/22 23:45:50 DataError
eroman 2014/04/23 00:11:30 Done.
}
DCHECK(seckey_private_key);
crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key);
const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get());
if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
- return Status::Error();
+ return Status::OperationError();
Ryan Sleevi 2014/04/22 23:45:50 DataError
eroman 2014/04/23 00:11:30 Done.
blink::WebCryptoKeyAlgorithm key_algorithm;
if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm))
@@ -1033,7 +1033,7 @@ Status SignHmac(SymKey* key,
&param_item,
&signature_item,
&data_item) != SECSuccess) {
- return Status::Error();
+ return Status::OperationError();
}
DCHECK_NE(0u, signature_item.len);
@@ -1046,7 +1046,7 @@ Status SignHmac(SymKey* key,
&param_item,
&signature_item,
&data_item) != SECSuccess) {
- return Status::Error();
+ return Status::OperationError();
}
DCHECK_EQ(buffer->byteLength(), signature_item.len);
@@ -1078,7 +1078,7 @@ Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
const_cast<unsigned char*>(data.bytes()),
data.byte_length(),
NULL) != SECSuccess) {
- return Status::Error();
+ return Status::OperationError();
}
return Status::Success();
}
@@ -1102,7 +1102,7 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
max_output_length_bytes,
const_cast<unsigned char*>(data.bytes()),
data.byte_length()) != SECSuccess) {
- return Status::Error();
+ return Status::OperationError();
}
DCHECK_LE(output_length_bytes, max_output_length_bytes);
ShrinkBuffer(buffer, output_length_bytes);
@@ -1143,7 +1143,7 @@ Status SignRsaSsaPkcs1v1_5(PrivateKey* key,
data.byte_length(),
key->key(),
sign_alg_tag) != SECSuccess) {
- return Status::Error();
+ return Status::OperationError();
}
*buffer = CreateArrayBuffer(signature_item->data, signature_item->len);
@@ -1222,7 +1222,7 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
blink::WebCryptoKey* private_key) {
crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
if (!slot)
- return Status::Error();
+ return Status::OperationError();
unsigned long public_exponent_long;
if (!BigIntegerToLong(public_exponent.bytes(),
@@ -1272,7 +1272,7 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
operation_flags_mask,
NULL));
if (!private_key)
- return Status::Error();
+ return Status::OperationError();
blink::WebCryptoKeyAlgorithm key_algorithm;
if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm))
@@ -1324,13 +1324,13 @@ Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
if (!slot)
- return Status::Error();
+ return Status::OperationError();
crypto::ScopedPK11SymKey pk11_key(
PK11_KeyGen(slot.get(), mech, NULL, keylen_bytes, NULL));
if (!pk11_key)
- return Status::Error();
+ return Status::OperationError();
blink::WebCryptoKeyAlgorithm key_algorithm;
if (!CreateSecretKeyAlgorithm(algorithm, keylen_bytes, &key_algorithm))
@@ -1387,13 +1387,13 @@ Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm,
crypto::ScopedSECItem pubkey_der(
SEC_ASN1EncodeItem(NULL, NULL, &pubkey_in, rsa_public_key_template));
if (!pubkey_der)
- return Status::Error();
+ return Status::OperationError();
// Import the DER-encoded public key to create an RSA SECKEYPublicKey.
crypto::ScopedSECKEYPublicKey pubkey(
SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA));
if (!pubkey)
- return Status::Error();
+ return Status::OperationError();
Ryan Sleevi 2014/04/22 23:45:50 Not spec compliant return values
blink::WebCryptoKeyAlgorithm key_algorithm;
if (!CreatePublicKeyAlgorithm(algorithm, pubkey.get(), &key_algorithm))
@@ -1438,7 +1438,7 @@ Status WrapSymKeyAesKw(SymKey* wrapping_key,
wrapping_key->key(),
key->key(),
&wrapped_key_item)) {
- return Status::Error();
+ return Status::OperationError();
}
if (output_length != wrapped_key_item.len)
return Status::ErrorUnexpected();
@@ -1493,10 +1493,10 @@ Status DecryptAesKw(SymKey* wrapping_key,
// Once the decrypt is complete, extract the resultant raw bytes from NSS and
// return them to the caller.
if (PK11_ExtractKeyValue(decrypted.get()) != SECSuccess)
- return Status::Error();
+ return Status::OperationError();
const SECItem* const key_data = PK11_GetKeyData(decrypted.get());
if (!key_data)
- return Status::Error();
+ return Status::OperationError();
*buffer = webcrypto::CreateArrayBuffer(key_data->data, key_data->len);
return Status::Success();
@@ -1522,7 +1522,7 @@ Status WrapSymKeyRsaEs(PublicKey* wrapping_key,
if (SECSuccess !=
PK11_PubWrapSymKey(
CKM_RSA_PKCS, wrapping_key->key(), key->key(), &wrapped_key_item)) {
- return Status::Error();
+ return Status::OperationError();
}
if (wrapped_key_item.len != modulus_length_bytes)
return Status::ErrorUnexpected();
@@ -1565,7 +1565,7 @@ Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data,
flags,
false));
if (!unwrapped_key)
- return Status::Error();
+ return Status::OperationError();
const unsigned int key_length = PK11_GetKeyLength(unwrapped_key.get());

Powered by Google App Engine
This is Rietveld 408576698