diff options
author | Kevin Jacobs <kjacobs@mozilla.com> | 2020-10-12 17:07:02 +0000 |
---|---|---|
committer | Kevin Jacobs <kjacobs@mozilla.com> | 2020-10-12 17:07:02 +0000 |
commit | 28937508cbbae138900deff458a1cea1c2690706 (patch) | |
tree | 42fd1ebf06289084bc3f77168dc8a8027f18cdff /coreconf/config.gypi | |
parent | 2a70b77de118976765793f9c109a6ee51cfd66d9 (diff) | |
download | nss-hg-28937508cbbae138900deff458a1cea1c2690706.tar.gz |
Bug 1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05). r=mt
This patch adds support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05).
Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions.
Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH.
Differential Revision: https://phabricator.services.mozilla.com/D73947
Diffstat (limited to 'coreconf/config.gypi')
-rw-r--r-- | coreconf/config.gypi | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/coreconf/config.gypi b/coreconf/config.gypi index 8cae4c48d..760b51a26 100644 --- a/coreconf/config.gypi +++ b/coreconf/config.gypi @@ -132,6 +132,7 @@ 'mozpkix_only%': 0, 'coverage%': 0, 'softfp_cflags%': '', + 'enable_draft_hpke%': 0, }, 'target_defaults': { # Settings specific to targets should go here. @@ -568,6 +569,11 @@ 'NSS_DISABLE_DBM', ], }], + [ 'enable_draft_hpke==1', { + 'defines': [ + 'NSS_ENABLE_DRAFT_HPKE', + ], + }], [ 'disable_libpkix==1', { 'defines': [ 'NSS_DISABLE_LIBPKIX', |