1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CONTENT_CHILD_WEBCRYPTO_STATUS_H_
6 #define CONTENT_CHILD_WEBCRYPTO_STATUS_H_
9 #include "content/common/content_export.h"
10 #include "third_party/WebKit/public/platform/WebCrypto.h"
16 // Status indicates whether an operation completed successfully, or with an
17 // error. The error is used for verification in unit-tests, as well as for
18 // display to the user.
20 // As such, it is important that errors DO NOT reveal any sensitive material
23 // Care must be taken with what errors are reported back to Blink when doing
24 // compound operations like unwrapping a JWK key. In this case, errors
25 // generated by the JWK import are not appropriate to report since the wrapped
26 // JWK is not visible to the caller.
27 class CONTENT_EXPORT Status {
29 Status() : type_(TYPE_ERROR) {}
31 // Returns true if the Status represents an error (any one of them).
34 // Returns true if the Status represent success.
35 bool IsSuccess() const;
37 // Returns a UTF-8 error message (non-localized) describing the error.
38 const std::string& error_details() const { return error_details_; }
40 blink::WebCryptoErrorType error_type() const { return error_type_; }
42 // Constructs a status representing success.
43 static Status Success();
45 // Constructs a status representing a generic operation error. It contains no
47 static Status OperationError();
49 // Constructs a status representing a generic data error. It contains no
51 static Status DataError();
53 // ------------------------------------
54 // Errors when importing a JWK formatted key
55 // ------------------------------------
57 // The key bytes could not parsed as JSON dictionary. This either
58 // means there was a parsing error, or the JSON object was not
59 // convertable to a dictionary.
60 static Status ErrorJwkNotDictionary();
62 // The required property |property| was missing.
63 static Status ErrorJwkPropertyMissing(const std::string& property);
65 // The property |property| was not of type |expected_type|.
66 static Status ErrorJwkPropertyWrongType(const std::string& property,
67 const std::string& expected_type);
69 // The property |property| was a string, however could not be successfully
71 static Status ErrorJwkBase64Decode(const std::string& property);
73 // The "ext" parameter was specified but was
74 // incompatible with the value requested by the Web Crypto call.
75 static Status ErrorJwkExtInconsistent();
77 // The "alg" parameter could not be converted to an equivalent
78 // WebCryptoAlgorithm. Either it was malformed or unrecognized.
79 static Status ErrorJwkUnrecognizedAlgorithm();
81 // The "alg" parameter is incompatible with the (optional) Algorithm
82 // specified by the Web Crypto import operation.
83 static Status ErrorJwkAlgorithmInconsistent();
85 // The "use" parameter was specified, however it couldn't be converted to an
86 // equivalent Web Crypto usage.
87 static Status ErrorJwkUnrecognizedUse();
89 // The "key_ops" parameter was specified, however one of the values in the
90 // array couldn't be converted to an equivalent Web Crypto usage.
91 static Status ErrorJwkUnrecognizedKeyop();
93 // The "use" parameter was specified, however it is incompatible with that
94 // specified by the Web Crypto import operation.
95 static Status ErrorJwkUseInconsistent();
97 // The "key_ops" parameter was specified, however it is incompatible with that
98 // specified by the Web Crypto import operation.
99 static Status ErrorJwkKeyopsInconsistent();
101 // Both the "key_ops" and the "use" parameters were specified, however they
102 // are incompatible with each other.
103 static Status ErrorJwkUseAndKeyopsInconsistent();
105 // TODO(eroman): Private key import through JWK is not yet supported.
106 static Status ErrorJwkRsaPrivateKeyUnsupported();
108 // The "kty" parameter was given and was a string, however it was
110 static Status ErrorJwkUnrecognizedKty();
112 // The amount of key data provided was incompatible with the selected
113 // algorithm. For instance if the algorith name was A128CBC then EXACTLY
114 // 128-bits of key data must have been provided. If 192-bits of key data were
115 // given that is an error.
116 static Status ErrorJwkIncorrectKeyLength();
118 // ------------------------------------
120 // ------------------------------------
122 // No key data was provided when importing an spki, pkcs8, or jwk formatted
123 // key. This does not apply to raw format, since it is possible to have empty
125 static Status ErrorImportEmptyKeyData();
127 // The key data buffer provided for importKey() is an incorrect length for
129 static Status ErrorImportAesKeyLength();
131 // The wrong key was used for the operation. For instance, a public key was
132 // used to verify a RsaSsaPkcs1v1_5 signature, or tried exporting a private
133 // key using spki format.
134 static Status ErrorUnexpectedKeyType();
136 // When doing an AES-CBC encryption/decryption, the "iv" parameter was not 16
138 static Status ErrorIncorrectSizeAesCbcIv();
140 // The data provided to an encrypt/decrypt/sign/verify operation was too
141 // large. This can either represent an internal limitation (for instance
142 // representing buffer lengths as uints), or an algorithm restriction (for
143 // instance RSAES can operation on messages relative to the length of the
145 static Status ErrorDataTooLarge();
147 // The data provided to an encrypt/decrypt/sign/verify operation was too
148 // small. This usually represents an algorithm restriction (for instance
149 // AES-KW requires a minimum of 24 bytes input data).
150 static Status ErrorDataTooSmall();
152 // Something was unsupported or unimplemented. This can mean the algorithm in
153 // question was unsupported, some parameter combination was unsupported, or
154 // something has not yet been implemented.
155 static Status ErrorUnsupported();
157 // Something unexpected happened in the code, which implies there is a
158 // source-level bug. These should not happen, but safer to fail than simply
160 static Status ErrorUnexpected();
162 // The authentication tag length specified for AES-GCM encrypt/decrypt was
163 // not 32, 64, 96, 104, 112, 120, or 128.
164 static Status ErrorInvalidAesGcmTagLength();
166 // The input data given to an AES-KW encrypt/decrypt operation was not a
167 // multiple of 8 bytes, as required by RFC 3394.
168 static Status ErrorInvalidAesKwDataLength();
170 // The "publicExponent" used to generate a key was invalid: either no bytes
171 // were specified, or the number was too large to fit into an "unsigned long"
172 // (implemention limitation), or the exponent was zero.
173 static Status ErrorGenerateKeyPublicExponent();
175 // The modulus bytes were empty when importing an RSA public key.
176 static Status ErrorImportRsaEmptyModulus();
178 // The the modulus length was zero bits when generating an RSA public key.
179 static Status ErrorGenerateRsaZeroModulus();
181 // The exponent bytes were empty when importing an RSA public key.
182 static Status ErrorImportRsaEmptyExponent();
184 // An unextractable key was used by an operation which exports the key data.
185 static Status ErrorKeyNotExtractable();
187 // The key length specified when generating a key was invalid. Either it was
188 // zero, or it was not a multiple of 8 bits.
189 static Status ErrorGenerateKeyLength();
192 enum Type { TYPE_ERROR, TYPE_SUCCESS };
194 // Constructs an error with the specified error type and message.
195 Status(blink::WebCryptoErrorType error_type,
196 const std::string& error_details_utf8);
198 // Constructs a success or error without any details.
199 explicit Status(Type type);
202 blink::WebCryptoErrorType error_type_;
203 std::string error_details_;
206 } // namespace webcrypto
208 } // namespace content
210 #endif // CONTENT_CHILD_WEBCRYPTO_STATUS_H_