| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/child/webcrypto/nss/util_nss.h" |
| 6 |
| 7 #include "base/lazy_instance.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "crypto/scoped_nss_types.h" |
| 10 |
| 11 #if defined(USE_NSS) |
| 12 #include <dlfcn.h> |
| 13 #include <secoid.h> |
| 14 #endif |
| 15 |
| 16 namespace content { |
| 17 |
| 18 namespace webcrypto { |
| 19 |
| 20 namespace { |
| 21 base::LazyInstance<NssRuntimeSupport>::Leaky g_nss_runtime_support = |
| 22 LAZY_INSTANCE_INITIALIZER; |
| 23 } // namespace |
| 24 |
| 25 // Creates a SECItem for the data in |buffer|. This does NOT make a copy, so |
| 26 // |buffer| should outlive the SECItem. |
| 27 SECItem MakeSECItemForBuffer(const CryptoData& buffer) { |
| 28 SECItem item = { |
| 29 siBuffer, |
| 30 // NSS requires non-const data even though it is just for input. |
| 31 const_cast<unsigned char*>(buffer.bytes()), buffer.byte_length()}; |
| 32 return item; |
| 33 } |
| 34 |
| 35 CryptoData SECItemToCryptoData(const SECItem& item) { |
| 36 return CryptoData(item.data, item.len); |
| 37 } |
| 38 |
| 39 NssRuntimeSupport* NssRuntimeSupport::Get() { |
| 40 return &g_nss_runtime_support.Get(); |
| 41 } |
| 42 |
| 43 NssRuntimeSupport::NssRuntimeSupport() : internal_slot_does_oaep_(false) { |
| 44 #if !defined(USE_NSS) |
| 45 // Using a bundled version of NSS that is guaranteed to have this symbol. |
| 46 pk11_encrypt_func_ = PK11_Encrypt; |
| 47 pk11_decrypt_func_ = PK11_Decrypt; |
| 48 pk11_pub_encrypt_func_ = PK11_PubEncrypt; |
| 49 pk11_priv_decrypt_func_ = PK11_PrivDecrypt; |
| 50 internal_slot_does_oaep_ = true; |
| 51 #else |
| 52 // Using system NSS libraries and PCKS #11 modules, which may not have the |
| 53 // necessary function (PK11_Encrypt) or mechanism support (CKM_AES_GCM). |
| 54 |
| 55 // If PK11_Encrypt() was successfully resolved, then NSS will support |
| 56 // AES-GCM directly. This was introduced in NSS 3.15. |
| 57 pk11_encrypt_func_ = reinterpret_cast<PK11_EncryptDecryptFunction>( |
| 58 dlsym(RTLD_DEFAULT, "PK11_Encrypt")); |
| 59 pk11_decrypt_func_ = reinterpret_cast<PK11_EncryptDecryptFunction>( |
| 60 dlsym(RTLD_DEFAULT, "PK11_Decrypt")); |
| 61 |
| 62 // Even though NSS's pk11wrap layer may support |
| 63 // PK11_PubEncrypt/PK11_PubDecrypt (introduced in NSS 3.16.2), it may have |
| 64 // loaded a softoken that does not include OAEP support. |
| 65 pk11_pub_encrypt_func_ = reinterpret_cast<PK11_PubEncryptFunction>( |
| 66 dlsym(RTLD_DEFAULT, "PK11_PubEncrypt")); |
| 67 pk11_priv_decrypt_func_ = reinterpret_cast<PK11_PrivDecryptFunction>( |
| 68 dlsym(RTLD_DEFAULT, "PK11_PrivDecrypt")); |
| 69 if (pk11_priv_decrypt_func_ && pk11_pub_encrypt_func_) { |
| 70 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
| 71 internal_slot_does_oaep_ = |
| 72 !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); |
| 73 } |
| 74 #endif |
| 75 } |
| 76 |
| 77 } // namespace webcrypto |
| 78 |
| 79 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
