| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ | |
| 6 #define CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ | |
| 7 | |
| 8 #include <keythi.h> | |
| 9 #include <pkcs11t.h> | |
| 10 #include <seccomon.h> | |
| 11 #include <secmodt.h> | |
| 12 | |
| 13 #include "base/lazy_instance.h" | |
| 14 | |
| 15 namespace content { | |
| 16 | |
| 17 namespace webcrypto { | |
| 18 | |
| 19 class CryptoData; | |
| 20 | |
| 21 SECItem MakeSECItemForBuffer(const CryptoData& buffer); | |
| 22 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; | |
| 23 | |
| 24 CryptoData SECItemToCryptoData(const SECItem& item); | |
| 25 | |
| 26 // Signature for PK11_Encrypt and PK11_Decrypt. | |
| 27 typedef SECStatus (*PK11_EncryptDecryptFunction)(PK11SymKey*, | |
| 28 CK_MECHANISM_TYPE, | |
| 29 SECItem*, | |
| 30 unsigned char*, | |
| 31 unsigned int*, | |
| 32 unsigned int, | |
| 33 const unsigned char*, | |
| 34 unsigned int); | |
| 35 | |
| 36 // Signature for PK11_PubEncrypt | |
| 37 typedef SECStatus (*PK11_PubEncryptFunction)(SECKEYPublicKey*, | |
| 38 CK_MECHANISM_TYPE, | |
| 39 SECItem*, | |
| 40 unsigned char*, | |
| 41 unsigned int*, | |
| 42 unsigned int, | |
| 43 const unsigned char*, | |
| 44 unsigned int, | |
| 45 void*); | |
| 46 | |
| 47 // Signature for PK11_PrivDecrypt | |
| 48 typedef SECStatus (*PK11_PrivDecryptFunction)(SECKEYPrivateKey*, | |
| 49 CK_MECHANISM_TYPE, | |
| 50 SECItem*, | |
| 51 unsigned char*, | |
| 52 unsigned int*, | |
| 53 unsigned int, | |
| 54 const unsigned char*, | |
| 55 unsigned int); | |
| 56 | |
| 57 // Singleton that detects whether or not AES-GCM and | |
| 58 // RSA-OAEP are supported by the version of NSS being used. | |
| 59 // On non-Linux platforms, Chromium embedders ship with a | |
| 60 // fixed version of NSS, and these are always available. | |
| 61 // However, on Linux (and ChromeOS), NSS is provided by the | |
| 62 // system, and thus not all algorithms may be available | |
| 63 // or be safe to use. | |
| 64 class NssRuntimeSupport { | |
| 65 public: | |
| 66 bool IsAesGcmSupported() const { | |
| 67 return pk11_encrypt_func_ && pk11_decrypt_func_; | |
| 68 } | |
| 69 | |
| 70 bool IsRsaOaepSupported() const { | |
| 71 return pk11_pub_encrypt_func_ && pk11_priv_decrypt_func_ && | |
| 72 internal_slot_does_oaep_; | |
| 73 } | |
| 74 | |
| 75 // Returns NULL if unsupported. | |
| 76 PK11_EncryptDecryptFunction pk11_encrypt_func() const { | |
| 77 return pk11_encrypt_func_; | |
| 78 } | |
| 79 | |
| 80 // Returns NULL if unsupported. | |
| 81 PK11_EncryptDecryptFunction pk11_decrypt_func() const { | |
| 82 return pk11_decrypt_func_; | |
| 83 } | |
| 84 | |
| 85 // Returns NULL if unsupported. | |
| 86 PK11_PubEncryptFunction pk11_pub_encrypt_func() const { | |
| 87 return pk11_pub_encrypt_func_; | |
| 88 } | |
| 89 | |
| 90 // Returns NULL if unsupported. | |
| 91 PK11_PrivDecryptFunction pk11_priv_decrypt_func() const { | |
| 92 return pk11_priv_decrypt_func_; | |
| 93 } | |
| 94 | |
| 95 static NssRuntimeSupport* Get(); | |
| 96 | |
| 97 private: | |
| 98 friend struct base::DefaultLazyInstanceTraits<NssRuntimeSupport>; | |
| 99 | |
| 100 NssRuntimeSupport(); | |
| 101 | |
| 102 PK11_EncryptDecryptFunction pk11_encrypt_func_; | |
| 103 PK11_EncryptDecryptFunction pk11_decrypt_func_; | |
| 104 PK11_PubEncryptFunction pk11_pub_encrypt_func_; | |
| 105 PK11_PrivDecryptFunction pk11_priv_decrypt_func_; | |
| 106 bool internal_slot_does_oaep_; | |
| 107 }; | |
| 108 | |
| 109 } // namespace webcrypto | |
| 110 | |
| 111 } // namespace content | |
| 112 | |
| 113 #endif // CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 401983002:
Revert 284192 due to a failing test. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src