Check that usage isn't empty when generateKey() is called

content/child/webcrypto/nss/rsa_key_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/nss/rsa_key_nss.h"
 
 #include <secasn1.h>
 
 #include "base/logging.h"
 #include "content/child/webcrypto/crypto_data.h"
@@ skipping 502 matching lines @@
     bool extractable,
     blink::WebCryptoKeyUsageMask combined_usages,
     GenerateKeyResult* result) const {
   Status status = CheckKeyCreationUsages(
       all_public_key_usages_ | all_private_key_usages_, combined_usages);
   if (status.IsError())
     return status;
 
   const blink::WebCryptoKeyUsageMask public_usages =
       combined_usages & all_public_key_usages_;
   const blink::WebCryptoKeyUsageMask private_usages =

[eroman, 2014/11/20 23:40:09]

Move the check up to here.

[nharper, 2014/11/21 22:12:01]

Done.

       combined_usages & all_private_key_usages_;
 
   unsigned int public_exponent = 0;
   unsigned int modulus_length_bits = 0;
   status = GetRsaKeyGenParameters(algorithm.rsaHashedKeyGenParams(),
                                   &public_exponent,
                                   &modulus_length_bits);
   if (status.IsError())
     return status;
 
@@ skipping 61 matching lines @@
                                   public_usages);
 
   blink::WebCryptoKey private_key =
       blink::WebCryptoKey::create(private_key_handle.release(),
                                   blink::WebCryptoKeyTypePrivate,
                                   extractable,
                                   key_algorithm,
                                   private_usages);
 
   result->AssignKeyPair(public_key, private_key);
+  if (result->private_key().usages() == 0) {

[eroman, 2014/11/20 23:40:09]

Move the failure to before the key has been generated.

This is a bit different with respect to which errors will be given when there
are multiple problems, but should be fine.

(Alternately if we were OK doing the test after key generation, the logic could
be moved to the global GenerateKey() function so it doesn't need to be
duplicated into each algorithm implementation. However early failure is more
useful).

[nharper, 2014/11/21 22:12:01]

Done.

+    return Status::ErrorCreateKeyBadUsages();
+  }
   return Status::Success();
 }
 
 Status RsaHashedAlgorithm::VerifyKeyUsagesBeforeImportKey(
     blink::WebCryptoKeyFormat format,
     blink::WebCryptoKeyUsageMask usages) const {
   switch (format) {
     case blink::WebCryptoKeyFormatSpki:
       return CheckKeyCreationUsages(all_public_key_usages_, usages);
     case blink::WebCryptoKeyFormatPkcs8:
@@ skipping 303 matching lines @@
                  key->algorithm().rsaHashedParams()->publicExponent().size())) {
     return Status::ErrorUnexpected();
   }
 
   return Status::Success();
 }
 
 }  // namespace webcrypto
 
 }  // namespace content