Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(532)

Unified Diff: net/third_party/nss/ssl/sslimpl.h

Issue 2828002: Support for using OS-native certificates for SSL client auth.... (Closed) Base URL: http://src.chromium.org/svn/trunk/src/
Patch Set: Add a short-circuit when the CSP reports the container is not removable Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/third_party/nss/ssl/sslauth.c ('k') | net/third_party/nss/ssl/sslnonce.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/third_party/nss/ssl/sslimpl.h
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
index f708696683cc8b2a49681b5d25d90631e9ccb72a..f17117f0f525e79a9fcef7cf31b77e7f9d6c6332 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
@@ -65,6 +65,15 @@
#include "sslt.h" /* for some formerly private types, now public */
+#ifdef NSS_PLATFORM_CLIENT_AUTH
+#if defined(XP_WIN32)
+#include <windows.h>
+#include <wincrypt.h>
+#elif defined(XP_MACOSX)
+#include <Security/Security.h>
+#endif
+#endif
+
/* to make some of these old enums public without namespace pollution,
** it was necessary to prepend ssl_ to the names.
** These #defines preserve compatibility with the old code here in libssl.
@@ -573,6 +582,20 @@ typedef enum { never_cached,
#define MAX_PEER_CERT_CHAIN_SIZE 8
+#ifdef NSS_PLATFORM_CLIENT_AUTH
+typedef struct {
+#if defined(XP_WIN32)
+ char * provider;
+ char * container;
+ DWORD provType;
+ PRBool removable;
+#elif defined(XP_MACOSX)
+ SecKeychainRef keychain;
+ CFDataRef persistentKey;
+#endif
+} PlatformAuthInfo;
+#endif /* NSS_PLATFORM_CLIENT_AUTH */
+
struct sslSessionIDStr {
sslSessionID * next; /* chain used for client sockets, only */
@@ -657,6 +680,11 @@ struct sslSessionIDStr {
char masterValid;
char clAuthValid;
+#ifdef NSS_PLATFORM_CLIENT_AUTH
+ PlatformAuthInfo clPlatformAuthInfo;
+ char clPlatformAuthValid;
+#endif /* NSS_PLATFORM_CLIENT_AUTH */
+
/* Session ticket if we have one, is sent as an extension in the
* ClientHello message. This field is used by clients.
*/
@@ -816,6 +844,15 @@ const ssl3CipherSuiteDef *suite_def;
PRBool nextProtoNego;/* Our peer has sent this extension */
} SSL3HandshakeState;
+#ifdef NSS_PLATFORM_CLIENT_AUTH
+#if defined(XP_WIN32)
+typedef HCRYPTPROV PlatformKey;
+#elif defined(XP_MACOSX)
+typedef SecKeyRef PlatformKey;
+#else
+typedef void *PlatformKey;
+#endif
+#endif
/*
@@ -839,6 +876,9 @@ struct ssl3StateStr {
CERTCertificate * clientCertificate; /* used by client */
SECKEYPrivateKey * clientPrivateKey; /* used by client */
+#ifdef NSS_PLATFORM_CLIENT_AUTH
+ PlatformKey platformClientKey; /* used by client */
+#endif /* NSS_PLATFORM_CLIENT_AUTH */
CERTCertificateList *clientCertChain; /* used by client */
PRBool sendEmptyCert; /* used by client */
@@ -1100,6 +1140,10 @@ const unsigned char * preferredCipher;
void *authCertificateArg;
SSLGetClientAuthData getClientAuthData;
void *getClientAuthDataArg;
+#ifdef NSS_PLATFORM_CLIENT_AUTH
+ SSLGetPlatformClientAuthData getPlatformClientAuthData;
+ void *getPlatformClientAuthDataArg;
+#endif /* NSS_PLATFORM_CLIENT_AUTH */
SSLSNISocketConfig sniSocketConfig;
void *sniSocketConfigArg;
SSLBadCertHandler handleBadCert;
@@ -1691,6 +1735,43 @@ extern SECStatus ssl_InitSessionCacheLocks(PRBool lazyInit);
extern SECStatus ssl_FreeSessionCacheLocks(void);
+/***************** platform client auth ****************/
+
+#ifdef NSS_PLATFORM_CLIENT_AUTH
+// Releases the platform key.
+extern void ssl_FreePlatformKey(PlatformKey key);
+
+// Frees any memory allocated to store a persistent reference to the
+// platform key.
+extern void ssl_FreePlatformAuthInfo(PlatformAuthInfo* info);
+
+// Initializes the PlatformAuthInfo to empty/invalid values.
+extern void ssl_InitPlatformAuthInfo(PlatformAuthInfo* info);
+
+// Determine if the given key is still present in the system. This is used
+// to check for things like smart cards being ejected after handshaking,
+// since no further operations on the key will happen which would detect this.
+extern PRBool ssl_PlatformAuthTokenPresent(PlatformAuthInfo* info);
+
+// Obtain a persistent reference to a key, sufficient for
+// ssl_PlatformAuthTokenPresent to determine if the key is still present.
+extern void ssl_GetPlatformAuthInfoForKey(PlatformKey key,
+ PlatformAuthInfo* info);
+
+// Implement the client CertificateVerify message for SSL3/TLS1.0
+extern SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash,
+ PlatformKey key, SECItem *buf,
+ PRBool isTLS);
+
+// Converts a CERTCertList* (A collection of CERTCertificates) into a
+// CERTCertificateList* (A collection of SECItems), or returns NULL if
+// it cannot be converted.
+// This is to allow the platform-supplied chain to be created with purely
+// public API functions, using the preferred CERTCertList mutators, rather
+// pushing this hack to clients.
+extern CERTCertificateList* hack_NewCertificateListFromCertList(
+ CERTCertList* list);
+#endif /* NSS_PLATFORM_CLIENT_AUTH */
/********************** misc calls *********************/
« no previous file with comments | « net/third_party/nss/ssl/sslauth.c ('k') | net/third_party/nss/ssl/sslnonce.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698