1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_CHILD_WEBCRYPTO_STATUS_H_ 6 #define CONTENT_CHILD_WEBCRYPTO_STATUS_H_ 7 8 #include <string> 9 #include "content/common/content_export.h" 10 #include "third_party/WebKit/public/platform/WebCrypto.h" 11 12 namespace content { 13 14 namespace webcrypto { 15 16 // Status indicates whether an operation completed successfully, or with an 17 // error. The error is used for verification in unit-tests, as well as for 18 // display to the user. 19 // 20 // As such, it is important that errors DO NOT reveal any sensitive material 21 // (like key bytes). 22 class CONTENT_EXPORT Status { 23 public: 24 Status() : type_(TYPE_ERROR) {} 25 26 // Returns true if the Status represents an error (any one of them). 27 bool IsError() const; 28 29 // Returns true if the Status represent success. 30 bool IsSuccess() const; 31 32 // Returns a UTF-8 error message (non-localized) describing the error. 33 const std::string& error_details() const { return error_details_; } 34 35 blink::WebCryptoErrorType error_type() const { return error_type_; } 36 37 // Constructs a status representing success. 38 static Status Success(); 39 40 // Constructs a status representing a generic operation error. It contains no 41 // extra details. 42 static Status OperationError(); 43 44 // Constructs a status representing a generic data error. It contains no 45 // extra details. 46 static Status DataError(); 47 48 // ------------------------------------ 49 // Errors when importing a JWK formatted key 50 // ------------------------------------ 51 52 // The key bytes could not parsed as JSON dictionary. This either 53 // means there was a parsing error, or the JSON object was not 54 // convertable to a dictionary. 55 static Status ErrorJwkNotDictionary(); 56 57 // The required property |property| was missing. 58 static Status ErrorJwkPropertyMissing(const std::string& property); 59 60 // The property |property| was not of type |expected_type|. 61 static Status ErrorJwkPropertyWrongType(const std::string& property, 62 const std::string& expected_type); 63 64 // The property |property| was a string, however could not be successfully 65 // base64 decoded. 66 static Status ErrorJwkBase64Decode(const std::string& property); 67 68 // The "ext" parameter was specified but was 69 // incompatible with the value requested by the Web Crypto call. 70 static Status ErrorJwkExtInconsistent(); 71 72 // The "alg" parameter is incompatible with the (optional) Algorithm 73 // specified by the Web Crypto import operation. 74 static Status ErrorJwkAlgorithmInconsistent(); 75 76 // The "use" parameter was specified, however it couldn't be converted to an 77 // equivalent Web Crypto usage. 78 static Status ErrorJwkUnrecognizedUse(); 79 80 // The "key_ops" parameter was specified, however one of the values in the 81 // array couldn't be converted to an equivalent Web Crypto usage. 82 static Status ErrorJwkUnrecognizedKeyop(); 83 84 // The "use" parameter was specified, however it is incompatible with that 85 // specified by the Web Crypto import operation. 86 static Status ErrorJwkUseInconsistent(); 87 88 // The "key_ops" parameter was specified, however it is incompatible with that 89 // specified by the Web Crypto import operation. 90 static Status ErrorJwkKeyopsInconsistent(); 91 92 // Both the "key_ops" and the "use" parameters were specified, however they 93 // are incompatible with each other. 94 static Status ErrorJwkUseAndKeyopsInconsistent(); 95 96 // The "kty" parameter was given and was a string, however it was not the 97 // expected value. 98 static Status ErrorJwkUnexpectedKty(const std::string& expected); 99 100 // The amount of key data provided was incompatible with the selected 101 // algorithm. For instance if the algorith name was A128CBC then EXACTLY 102 // 128-bits of key data must have been provided. If 192-bits of key data were 103 // given that is an error. 104 static Status ErrorJwkIncorrectKeyLength(); 105 106 // The JWK property |property| is supposed to represent a big-endian unsigned 107 // integer, however was the empty string. 108 static Status ErrorJwkEmptyBigInteger(const std::string& property); 109 110 // The big-endian unsigned integer |property| contained leading zeros. This 111 // violates the JWA requirement that such octet strings be minimal. 112 static Status ErrorJwkBigIntegerHasLeadingZero(const std::string& property); 113 114 // ------------------------------------ 115 // Other errors 116 // ------------------------------------ 117 118 // No key data was provided when importing an spki, pkcs8, or jwk formatted 119 // key. This does not apply to raw format, since it is possible to have empty 120 // key data there. 121 static Status ErrorImportEmptyKeyData(); 122 123 // Tried importing a key using an unsupported format for the key type (for 124 // instance importing an HMAC key using format=spki). 125 static Status ErrorUnsupportedImportKeyFormat(); 126 127 // Tried exporting a key using an unsupported format for the key type (for 128 // instance exporting an HMAC key using format=spki). 129 static Status ErrorUnsupportedExportKeyFormat(); 130 131 // The key data buffer provided for importKey() is an incorrect length for 132 // AES. 133 static Status ErrorImportAesKeyLength(); 134 135 // 192-bit AES keys are valid, however unsupported. 136 static Status ErrorAes192BitUnsupported(); 137 138 // The wrong key was used for the operation. For instance, a public key was 139 // used to verify a RsaSsaPkcs1v1_5 signature, or tried exporting a private 140 // key using spki format. 141 static Status ErrorUnexpectedKeyType(); 142 143 // When doing an AES-CBC encryption/decryption, the "iv" parameter was not 16 144 // bytes. 145 static Status ErrorIncorrectSizeAesCbcIv(); 146 147 // When doing AES-CTR encryption/decryption, the "counter" parameter was not 148 // 16 bytes. 149 static Status ErrorIncorrectSizeAesCtrCounter(); 150 151 // When doing AES-CTR encryption/decryption, the "length" parameter for the 152 // counter was out of range. 153 static Status ErrorInvalidAesCtrCounterLength(); 154 155 // The input to encrypt/decrypt was too large. Based on the counter size, it 156 // would cause the counter to wraparound and repeat earlier values. 157 static Status ErrorAesCtrInputTooLongCounterRepeated(); 158 159 // The data provided to an encrypt/decrypt/sign/verify operation was too 160 // large. This can either represent an internal limitation (for instance 161 // representing buffer lengths as uints). 162 static Status ErrorDataTooLarge(); 163 164 // The data provided to an encrypt/decrypt/sign/verify operation was too 165 // small. This usually represents an algorithm restriction (for instance 166 // AES-KW requires a minimum of 24 bytes input data). 167 static Status ErrorDataTooSmall(); 168 169 // Something was unsupported or unimplemented. This can mean the algorithm in 170 // question was unsupported, some parameter combination was unsupported, or 171 // something has not yet been implemented. 172 static Status ErrorUnsupported(); 173 static Status ErrorUnsupported(const std::string& message); 174 175 // Something unexpected happened in the code, which implies there is a 176 // source-level bug. These should not happen, but safer to fail than simply 177 // DCHECK. 178 static Status ErrorUnexpected(); 179 180 // The authentication tag length specified for AES-GCM encrypt/decrypt was 181 // not 32, 64, 96, 104, 112, 120, or 128. 182 static Status ErrorInvalidAesGcmTagLength(); 183 184 // The input data given to an AES-KW encrypt/decrypt operation was not a 185 // multiple of 8 bytes, as required by RFC 3394. 186 static Status ErrorInvalidAesKwDataLength(); 187 188 // The "publicExponent" used to generate a key was invalid or unsupported. 189 // Only values of 3 and 65537 are allowed. 190 static Status ErrorGenerateKeyPublicExponent(); 191 192 // The modulus bytes were empty when importing an RSA public key. 193 static Status ErrorImportRsaEmptyModulus(); 194 195 // The modulus length was unsupported when generating an RSA key pair. 196 static Status ErrorGenerateRsaUnsupportedModulus(); 197 198 // The exponent bytes were empty when importing an RSA public key. 199 static Status ErrorImportRsaEmptyExponent(); 200 201 // An unextractable key was used by an operation which exports the key data. 202 static Status ErrorKeyNotExtractable(); 203 204 // The key length specified when generating a key was invalid. Either it was 205 // zero, or it was not a multiple of 8 bits. 206 static Status ErrorGenerateKeyLength(); 207 208 // Attempted to create a key (either by importKey(), generateKey(), or 209 // unwrapKey()) however the key usages were not applicable for the key type 210 // and algorithm. 211 static Status ErrorCreateKeyBadUsages(); 212 213 private: 214 enum Type { TYPE_ERROR, TYPE_SUCCESS }; 215 216 // Constructs an error with the specified error type and message. 217 Status(blink::WebCryptoErrorType error_type, 218 const std::string& error_details_utf8); 219 220 // Constructs a success or error without any details. 221 explicit Status(Type type); 222 223 Type type_; 224 blink::WebCryptoErrorType error_type_; 225 std::string error_details_; 226 }; 227 228 } // namespace webcrypto 229 230 } // namespace content 231 232 #endif // CONTENT_CHILD_WEBCRYPTO_STATUS_H_ 233