| Index: content/child/webcrypto/nss/util_nss.h
|
| diff --git a/content/child/webcrypto/nss/util_nss.h b/content/child/webcrypto/nss/util_nss.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..0b50178be8a856beae153aea0b38085d86e5b7f3
|
| --- /dev/null
|
| +++ b/content/child/webcrypto/nss/util_nss.h
|
| @@ -0,0 +1,113 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_
|
| +#define CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_
|
| +
|
| +#include <keythi.h>
|
| +#include <pkcs11t.h>
|
| +#include <seccomon.h>
|
| +#include <secmodt.h>
|
| +
|
| +#include "base/lazy_instance.h"
|
| +
|
| +namespace content {
|
| +
|
| +namespace webcrypto {
|
| +
|
| +class CryptoData;
|
| +
|
| +SECItem MakeSECItemForBuffer(const CryptoData& buffer);
|
| +enum EncryptOrDecrypt { ENCRYPT, DECRYPT };
|
| +
|
| +CryptoData SECItemToCryptoData(const SECItem& item);
|
| +
|
| +// Signature for PK11_Encrypt and PK11_Decrypt.
|
| +typedef SECStatus (*PK11_EncryptDecryptFunction)(PK11SymKey*,
|
| + CK_MECHANISM_TYPE,
|
| + SECItem*,
|
| + unsigned char*,
|
| + unsigned int*,
|
| + unsigned int,
|
| + const unsigned char*,
|
| + unsigned int);
|
| +
|
| +// Signature for PK11_PubEncrypt
|
| +typedef SECStatus (*PK11_PubEncryptFunction)(SECKEYPublicKey*,
|
| + CK_MECHANISM_TYPE,
|
| + SECItem*,
|
| + unsigned char*,
|
| + unsigned int*,
|
| + unsigned int,
|
| + const unsigned char*,
|
| + unsigned int,
|
| + void*);
|
| +
|
| +// Signature for PK11_PrivDecrypt
|
| +typedef SECStatus (*PK11_PrivDecryptFunction)(SECKEYPrivateKey*,
|
| + CK_MECHANISM_TYPE,
|
| + SECItem*,
|
| + unsigned char*,
|
| + unsigned int*,
|
| + unsigned int,
|
| + const unsigned char*,
|
| + unsigned int);
|
| +
|
| +// Singleton that detects whether or not AES-GCM and
|
| +// RSA-OAEP are supported by the version of NSS being used.
|
| +// On non-Linux platforms, Chromium embedders ship with a
|
| +// fixed version of NSS, and these are always available.
|
| +// However, on Linux (and ChromeOS), NSS is provided by the
|
| +// system, and thus not all algorithms may be available
|
| +// or be safe to use.
|
| +class NssRuntimeSupport {
|
| + public:
|
| + bool IsAesGcmSupported() const {
|
| + return pk11_encrypt_func_ && pk11_decrypt_func_;
|
| + }
|
| +
|
| + bool IsRsaOaepSupported() const {
|
| + return pk11_pub_encrypt_func_ && pk11_priv_decrypt_func_ &&
|
| + internal_slot_does_oaep_;
|
| + }
|
| +
|
| + // Returns NULL if unsupported.
|
| + PK11_EncryptDecryptFunction pk11_encrypt_func() const {
|
| + return pk11_encrypt_func_;
|
| + }
|
| +
|
| + // Returns NULL if unsupported.
|
| + PK11_EncryptDecryptFunction pk11_decrypt_func() const {
|
| + return pk11_decrypt_func_;
|
| + }
|
| +
|
| + // Returns NULL if unsupported.
|
| + PK11_PubEncryptFunction pk11_pub_encrypt_func() const {
|
| + return pk11_pub_encrypt_func_;
|
| + }
|
| +
|
| + // Returns NULL if unsupported.
|
| + PK11_PrivDecryptFunction pk11_priv_decrypt_func() const {
|
| + return pk11_priv_decrypt_func_;
|
| + }
|
| +
|
| + static NssRuntimeSupport* Get();
|
| +
|
| + private:
|
| + friend struct base::DefaultLazyInstanceTraits<NssRuntimeSupport>;
|
| +
|
| + NssRuntimeSupport();
|
| +
|
| + PK11_EncryptDecryptFunction pk11_encrypt_func_;
|
| + PK11_EncryptDecryptFunction pk11_decrypt_func_;
|
| + PK11_PubEncryptFunction pk11_pub_encrypt_func_;
|
| + PK11_PrivDecryptFunction pk11_priv_decrypt_func_;
|
| + bool internal_slot_does_oaep_;
|
| +};
|
| +
|
| +} // namespace webcrypto
|
| +
|
| +} // namespace content
|
| +
|
| +#endif // CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_
|
|
|
Chromium Code Reviews
