1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef COMPONENTS_WEBCRYPTO_STATUS_H_
#define COMPONENTS_WEBCRYPTO_STATUS_H_
#include <string>
#include "third_party/WebKit/public/platform/WebCrypto.h"
namespace webcrypto {
// Status indicates whether an operation completed successfully, or with an
// error. The error is used for verification in unit-tests, as well as for
// display to the user.
//
// As such, it is important that errors DO NOT reveal any sensitive material
// (like key bytes).
class Status {
public:
Status() : type_(TYPE_ERROR) {}
// Returns true if the Status represents an error (any one of them).
bool IsError() const;
// Returns true if the Status represent success.
bool IsSuccess() const;
// Returns a UTF-8 error message (non-localized) describing the error.
const std::string& error_details() const { return error_details_; }
blink::WebCryptoErrorType error_type() const { return error_type_; }
// Constructs a status representing success.
static Status Success();
// Constructs a status representing a generic operation error. It contains no
// extra details.
static Status OperationError();
// Constructs a status representing a generic data error. It contains no
// extra details.
static Status DataError();
// ------------------------------------
// Errors when importing a JWK formatted key
// ------------------------------------
// The key bytes could not parsed as JSON dictionary. This either
// means there was a parsing error, or the JSON object was not
// convertable to a dictionary.
static Status ErrorJwkNotDictionary();
// The required JWK member |member_name| was missing.
static Status ErrorJwkMemberMissing(const std::string& member_name);
// The JWK member |member_name| was not of type |expected_type|.
static Status ErrorJwkMemberWrongType(const std::string& member_name,
const std::string& expected_type);
// The JWK member |member_name| was a string, however could not be
// successfully base64 decoded.
static Status ErrorJwkBase64Decode(const std::string& member_name);
// The "ext" parameter was specified but was
// incompatible with the value requested by the Web Crypto call.
static Status ErrorJwkExtInconsistent();
// The "alg" parameter is incompatible with the (optional) Algorithm
// specified by the Web Crypto import operation.
static Status ErrorJwkAlgorithmInconsistent();
// The "use" parameter was specified, however it couldn't be converted to an
// equivalent Web Crypto usage.
static Status ErrorJwkUnrecognizedUse();
// The "key_ops" parameter was specified, however one of the values in the
// array couldn't be converted to an equivalent Web Crypto usage.
static Status ErrorJwkUnrecognizedKeyop();
// The "use" parameter was specified, however it is incompatible with that
// specified by the Web Crypto import operation.
static Status ErrorJwkUseInconsistent();
// The "key_ops" parameter was specified, however it is incompatible with that
// specified by the Web Crypto import operation.
static Status ErrorJwkKeyopsInconsistent();
// Both the "key_ops" and the "use" parameters were specified, however they
// are incompatible with each other.
static Status ErrorJwkUseAndKeyopsInconsistent();
// The "kty" parameter was given and was a string, however it was not the
// expected value.
static Status ErrorJwkUnexpectedKty(const std::string& expected);
// The amount of key data provided was incompatible with the selected
// algorithm. For instance if the algorith name was A128CBC then EXACTLY
// 128-bits of key data must have been provided. If 192-bits of key data were
// given that is an error.
static Status ErrorJwkIncorrectKeyLength();
// The JWK member |member_name| is supposed to represent a big-endian unsigned
// integer, however was the empty string.
static Status ErrorJwkEmptyBigInteger(const std::string& member_name);
// The big-endian unsigned integer |member_name| contained leading zeros. This
// violates the JWA requirement that such octet strings be minimal.
static Status ErrorJwkBigIntegerHasLeadingZero(
const std::string& member_name);
// The key_ops lists a usage more than once.
static Status ErrorJwkDuplicateKeyOps();
// ------------------------------------
// Other errors
// ------------------------------------
// Tried importing a key using an unsupported format for the key type (for
// instance importing an HMAC key using format=spki).
static Status ErrorUnsupportedImportKeyFormat();
// Tried exporting a key using an unsupported format for the key type (for
// instance exporting an HMAC key using format=spki).
static Status ErrorUnsupportedExportKeyFormat();
// The key data buffer provided for importKey() is an incorrect length for
// AES.
static Status ErrorImportAesKeyLength();
// The length specified when deriving an AES key was not 128 or 256 bits.
static Status ErrorGetAesKeyLength();
// Attempted to generate an AES key with an invalid length.
static Status ErrorGenerateAesKeyLength();
// 192-bit AES keys are valid, however unsupported (http://crbug.com/533699)
static Status ErrorAes192BitUnsupported();
// The wrong key was used for the operation. For instance, a public key was
// used to verify a RsaSsaPkcs1v1_5 signature, or tried exporting a private
// key using spki format.
static Status ErrorUnexpectedKeyType();
// When doing an AES-CBC encryption/decryption, the "iv" parameter was not 16
// bytes.
static Status ErrorIncorrectSizeAesCbcIv();
// When doing AES-CTR encryption/decryption, the "counter" parameter was not
// 16 bytes.
static Status ErrorIncorrectSizeAesCtrCounter();
// When doing AES-CTR encryption/decryption, the "length" parameter for the
// counter was out of range.
static Status ErrorInvalidAesCtrCounterLength();
// The input to encrypt/decrypt was too large. Based on the counter size, it
// would cause the counter to wraparound and repeat earlier values.
static Status ErrorAesCtrInputTooLongCounterRepeated();
// The data provided to an encrypt/decrypt/sign/verify operation was too
// large. This can either represent an internal limitation (for instance
// representing buffer lengths as uints).
static Status ErrorDataTooLarge();
// The data provided to an encrypt/decrypt/sign/verify operation was too
// small. This usually represents an algorithm restriction (for instance
// AES-KW requires a minimum of 24 bytes input data).
static Status ErrorDataTooSmall();
// Something was unsupported or unimplemented. This can mean the algorithm in
// question was unsupported, some parameter combination was unsupported, or
// something has not yet been implemented.
static Status ErrorUnsupported();
static Status ErrorUnsupported(const std::string& message);
// Something unexpected happened in the code, which implies there is a
// source-level bug. These should not happen, but safer to fail than simply
// DCHECK.
static Status ErrorUnexpected();
// The authentication tag length specified for AES-GCM encrypt/decrypt was
// not 32, 64, 96, 104, 112, 120, or 128.
static Status ErrorInvalidAesGcmTagLength();
// The input data given to an AES-KW encrypt/decrypt operation was not a
// multiple of 8 bytes, as required by RFC 3394.
static Status ErrorInvalidAesKwDataLength();
// The "publicExponent" used to generate a key was invalid or unsupported.
// Only values of 3 and 65537 are allowed.
static Status ErrorGenerateKeyPublicExponent();
// The modulus bytes were empty when importing an RSA public key.
static Status ErrorImportRsaEmptyModulus();
// The modulus length was unsupported when generating an RSA key pair.
static Status ErrorGenerateRsaUnsupportedModulus();
// The exponent bytes were empty when importing an RSA public key.
static Status ErrorImportRsaEmptyExponent();
// An unextractable key was used by an operation which exports the key data.
static Status ErrorKeyNotExtractable();
// Attempted to generate an HMAC key using a key length of 0.
static Status ErrorGenerateHmacKeyLengthZero();
// Attempted to import an HMAC key containing no data.
static Status ErrorHmacImportEmptyKey();
// Attempted to derive an HMAC key with zero length.
static Status ErrorGetHmacKeyLengthZero();
// Attempted to import an HMAC key using a bad optional length.
static Status ErrorHmacImportBadLength();
// Attempted to create a key (either by importKey(), generateKey(), or
// unwrapKey()) however the key usages were not applicable for the key type
// and algorithm.
static Status ErrorCreateKeyBadUsages();
// No usages were specified when generating/importing a secret or private key.
static Status ErrorCreateKeyEmptyUsages();
// An EC key imported using SPKI/PKCS8 format had the wrong curve specified in
// the key.
static Status ErrorImportedEcKeyIncorrectCurve();
// The "crv" member for a JWK did not match the expectations from importKey()
static Status ErrorJwkIncorrectCrv();
// The EC key failed validation (coordinates don't lie on curve, out of range,
// etc.)
static Status ErrorEcKeyInvalid();
// The octet string |member_name| was expected to be |expected_length| bytes
// long, but was instead |actual_length| bytes long.
static Status JwkOctetStringWrongLength(const std::string& member_name,
size_t expected_length,
size_t actual_length);
// The public key given for ECDH key derivation was not an EC public key.
static Status ErrorEcdhPublicKeyWrongType();
// The public key's algorithm was not ECDH.
static Status ErrorEcdhPublicKeyWrongAlgorithm();
// The public and private keys given to ECDH key derivation were not for the
// same named curve.
static Status ErrorEcdhCurveMismatch();
// The requested bit length for ECDH key derivation was too large.
static Status ErrorEcdhLengthTooBig(unsigned int max_length_bits);
// The requested length for HKDF was too large.
static Status ErrorHkdfLengthTooLong();
// No length parameter was provided for HKDF's Derive Bits operation.
static Status ErrorHkdfDeriveBitsLengthNotSpecified();
// The requested bit length for PBKDF2 key derivation was invalid.
static Status ErrorPbkdf2InvalidLength();
// No length parameter was provided for PBKDF2's Derive Bits operation.
static Status ErrorPbkdf2DeriveBitsLengthNotSpecified();
// PBKDF2 was called with iterations == 0.
static Status ErrorPbkdf2Iterations0();
private:
enum Type { TYPE_ERROR, TYPE_SUCCESS };
// Constructs an error with the specified error type and message.
Status(blink::WebCryptoErrorType error_type,
const std::string& error_details_utf8);
// Constructs a success or error without any details.
explicit Status(Type type);
Type type_;
blink::WebCryptoErrorType error_type_;
std::string error_details_;
};
} // namespace webcrypto
#endif // COMPONENTS_WEBCRYPTO_STATUS_H_
|
