| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ |
| 6 #define CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ |
| 7 |
| 8 #include <keythi.h> |
| 9 #include <pkcs11t.h> |
| 10 #include <seccomon.h> |
| 11 #include <secmodt.h> |
| 12 |
| 13 #include "base/lazy_instance.h" |
| 14 |
| 15 namespace content { |
| 16 |
| 17 namespace webcrypto { |
| 18 |
| 19 class CryptoData; |
| 20 |
| 21 SECItem MakeSECItemForBuffer(const CryptoData& buffer); |
| 22 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; |
| 23 |
| 24 CryptoData SECItemToCryptoData(const SECItem& item); |
| 25 |
| 26 // Signature for PK11_Encrypt and PK11_Decrypt. |
| 27 typedef SECStatus (*PK11_EncryptDecryptFunction)(PK11SymKey*, |
| 28 CK_MECHANISM_TYPE, |
| 29 SECItem*, |
| 30 unsigned char*, |
| 31 unsigned int*, |
| 32 unsigned int, |
| 33 const unsigned char*, |
| 34 unsigned int); |
| 35 |
| 36 // Signature for PK11_PubEncrypt |
| 37 typedef SECStatus (*PK11_PubEncryptFunction)(SECKEYPublicKey*, |
| 38 CK_MECHANISM_TYPE, |
| 39 SECItem*, |
| 40 unsigned char*, |
| 41 unsigned int*, |
| 42 unsigned int, |
| 43 const unsigned char*, |
| 44 unsigned int, |
| 45 void*); |
| 46 |
| 47 // Signature for PK11_PrivDecrypt |
| 48 typedef SECStatus (*PK11_PrivDecryptFunction)(SECKEYPrivateKey*, |
| 49 CK_MECHANISM_TYPE, |
| 50 SECItem*, |
| 51 unsigned char*, |
| 52 unsigned int*, |
| 53 unsigned int, |
| 54 const unsigned char*, |
| 55 unsigned int); |
| 56 |
| 57 // Singleton that detects whether or not AES-GCM and |
| 58 // RSA-OAEP are supported by the version of NSS being used. |
| 59 // On non-Linux platforms, Chromium embedders ship with a |
| 60 // fixed version of NSS, and these are always available. |
| 61 // However, on Linux (and ChromeOS), NSS is provided by the |
| 62 // system, and thus not all algorithms may be available |
| 63 // or be safe to use. |
| 64 class NssRuntimeSupport { |
| 65 public: |
| 66 bool IsAesGcmSupported() const { |
| 67 return pk11_encrypt_func_ && pk11_decrypt_func_; |
| 68 } |
| 69 |
| 70 bool IsRsaOaepSupported() const { |
| 71 return pk11_pub_encrypt_func_ && pk11_priv_decrypt_func_ && |
| 72 internal_slot_does_oaep_; |
| 73 } |
| 74 |
| 75 // Returns NULL if unsupported. |
| 76 PK11_EncryptDecryptFunction pk11_encrypt_func() const { |
| 77 return pk11_encrypt_func_; |
| 78 } |
| 79 |
| 80 // Returns NULL if unsupported. |
| 81 PK11_EncryptDecryptFunction pk11_decrypt_func() const { |
| 82 return pk11_decrypt_func_; |
| 83 } |
| 84 |
| 85 // Returns NULL if unsupported. |
| 86 PK11_PubEncryptFunction pk11_pub_encrypt_func() const { |
| 87 return pk11_pub_encrypt_func_; |
| 88 } |
| 89 |
| 90 // Returns NULL if unsupported. |
| 91 PK11_PrivDecryptFunction pk11_priv_decrypt_func() const { |
| 92 return pk11_priv_decrypt_func_; |
| 93 } |
| 94 |
| 95 static NssRuntimeSupport* Get(); |
| 96 |
| 97 private: |
| 98 friend struct base::DefaultLazyInstanceTraits<NssRuntimeSupport>; |
| 99 |
| 100 NssRuntimeSupport(); |
| 101 |
| 102 PK11_EncryptDecryptFunction pk11_encrypt_func_; |
| 103 PK11_EncryptDecryptFunction pk11_decrypt_func_; |
| 104 PK11_PubEncryptFunction pk11_pub_encrypt_func_; |
| 105 PK11_PrivDecryptFunction pk11_priv_decrypt_func_; |
| 106 bool internal_slot_does_oaep_; |
| 107 }; |
| 108 |
| 109 } // namespace webcrypto |
| 110 |
| 111 } // namespace content |
| 112 |
| 113 #endif // CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
