[webcrypto] Give more descriptive error messages on Linux for unsupported functionality.

 * If NSS version doesn't support AES-GCM
 * If NSS version doesn't support RSA-OAEP

BUG=384485

Review URL: https://codereview.chromium.org/343473004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@278364 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 38 insertions, 14 deletions

diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc
index 11c84fc..e8a0237 100644
--- a/content/child/webcrypto/platform_crypto_nss.cc
+++ b/content/child/webcrypto/platform_crypto_nss.cc
@@ -277,6 +277,21 @@ class PrivateKey : public Key {
 
 namespace {
 
+Status NssSupportsAesGcm() {
+  if (g_nss_runtime_support.Get().IsAesGcmSupported())
+    return Status::Success();
+  return Status::ErrorUnsupported(
+      "NSS version doesn't support AES-GCM. Try using version 3.15 or later");
+}
+
+Status NssSupportsRsaOaep() {
+  if (g_nss_runtime_support.Get().IsRsaOaepSupported())
+    return Status::Success();
+  return Status::ErrorUnsupported(
+      "NSS version doesn't support RSA-OAEP. Try using version 3.16.2 or "
+      "later");
+}
+
 // Creates a SECItem for the data in |buffer|. This does NOT make a copy, so
 // |buffer| should outlive the SECItem.
 SECItem MakeSECItemForBuffer(const CryptoData& buffer) {
@@ -448,8 +463,9 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode,
                             const CryptoData& additional_data,
                             unsigned int tag_length_bits,
                             std::vector<uint8>* buffer) {
-  if (!g_nss_runtime_support.Get().IsAesGcmSupported())
-    return Status::ErrorUnsupported();
+  Status status = NssSupportsAesGcm();
+  if (status.IsError())
+    return status;
 
   unsigned int tag_length_bytes = tag_length_bits / 8;
 
@@ -597,8 +613,9 @@ Status WebCryptoAlgorithmToNssMechFlags(
       return Status::Success();
     }
     case blink::WebCryptoAlgorithmIdAesGcm: {
-      if (!g_nss_runtime_support.Get().IsAesGcmSupported())
-        return Status::ErrorUnsupported();
+      Status status = NssSupportsAesGcm();
+      if (status.IsError())
+        return status;
       *mechanism = CKM_AES_GCM;
       *flags = CKF_ENCRYPT | CKF_DECRYPT;
       return Status::Success();
@@ -1237,8 +1254,9 @@ Status EncryptRsaOaep(PublicKey* key,
                       const CryptoData& label,
                       const CryptoData& data,
                       std::vector<uint8>* buffer) {
-  if (!g_nss_runtime_support.Get().IsRsaOaepSupported())
-    return Status::ErrorUnsupported();
+  Status status = NssSupportsRsaOaep();
+  if (status.IsError())
+    return status;
 
   CK_RSA_PKCS_OAEP_PARAMS oaep_params = {0};
   if (!InitializeRsaOaepParams(hash, label, &oaep_params))
@@ -1274,8 +1292,9 @@ Status DecryptRsaOaep(PrivateKey* key,
                       const CryptoData& label,
                       const CryptoData& data,
                       std::vector<uint8>* buffer) {
-  if (!g_nss_runtime_support.Get().IsRsaOaepSupported())
-    return Status::ErrorUnsupported();
+  Status status = NssSupportsRsaOaep();
+  if (status.IsError())
+    return status;
 
   CK_RSA_PKCS_OAEP_PARAMS oaep_params = {0};
   if (!InitializeRsaOaepParams(hash, label, &oaep_params))
@@ -1423,9 +1442,10 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
                           unsigned long public_exponent,
                           blink::WebCryptoKey* public_key,
                           blink::WebCryptoKey* private_key) {
-  if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep &&
-      !g_nss_runtime_support.Get().IsRsaOaepSupported()) {
-    return Status::ErrorUnsupported();
+  if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep) {
+    Status status = NssSupportsRsaOaep();
+    if (status.IsError())
+      return status;
   }
 
   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
diff --git a/content/child/webcrypto/shared_crypto_unittest.cc b/content/child/webcrypto/shared_crypto_unittest.cc
index 3e3730c..ffd214f 100644
--- a/content/child/webcrypto/shared_crypto_unittest.cc
+++ b/content/child/webcrypto/shared_crypto_unittest.cc
@@ -114,7 +114,7 @@ bool SupportsAesGcm() {
                             &key);
 
   if (status.IsError())
-    EXPECT_EQ(Status::ErrorUnsupported(), status);
+    EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type());
   return status.IsSuccess();
 }
 
diff --git a/content/child/webcrypto/status.cc b/content/child/webcrypto/status.cc
index 5ddbf39..fc01c2c 100644
--- a/content/child/webcrypto/status.cc
+++ b/content/child/webcrypto/status.cc
@@ -151,8 +151,11 @@ Status Status::ErrorDataTooSmall() {
 }
 
 Status Status::ErrorUnsupported() {
-  return Status(blink::WebCryptoErrorTypeNotSupported,
-                "The requested operation is unsupported");
+  return ErrorUnsupported("The requested operation is unsupported");
+}
+
+Status Status::ErrorUnsupported(const std::string& message) {
+  return Status(blink::WebCryptoErrorTypeNotSupported, message);
 }
 
 Status Status::ErrorUnexpected() {
diff --git a/content/child/webcrypto/status.h b/content/child/webcrypto/status.h
index 70d97e7..103c4ed 100644
--- a/content/child/webcrypto/status.h
+++ b/content/child/webcrypto/status.h
@@ -150,6 +150,7 @@ class CONTENT_EXPORT Status {
   // question was unsupported, some parameter combination was unsupported, or
   // something has not yet been implemented.
   static Status ErrorUnsupported();
+  static Status ErrorUnsupported(const std::string& message);
 
   // Something unexpected happened in the code, which implies there is a
   // source-level bug. These should not happen, but safer to fail than simply