diff options
author | Kevin Jacobs <kjacobs@mozilla.com> | 2020-10-12 17:07:02 +0000 |
---|---|---|
committer | Kevin Jacobs <kjacobs@mozilla.com> | 2020-10-12 17:07:02 +0000 |
commit | 28937508cbbae138900deff458a1cea1c2690706 (patch) | |
tree | 42fd1ebf06289084bc3f77168dc8a8027f18cdff /cpputil | |
parent | 2a70b77de118976765793f9c109a6ee51cfd66d9 (diff) | |
download | nss-hg-28937508cbbae138900deff458a1cea1c2690706.tar.gz |
Bug 1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05). r=mt
This patch adds support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05).
Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions.
Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH.
Differential Revision: https://phabricator.services.mozilla.com/D73947
Diffstat (limited to 'cpputil')
-rw-r--r-- | cpputil/nss_scoped_ptrs.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/cpputil/nss_scoped_ptrs.h b/cpputil/nss_scoped_ptrs.h index 501f9dfe8..2c57986b1 100644 --- a/cpputil/nss_scoped_ptrs.h +++ b/cpputil/nss_scoped_ptrs.h @@ -11,6 +11,7 @@ #include "cert.h" #include "keyhi.h" #include "p12.h" +#include "pk11hpke.h" #include "pk11pqg.h" #include "pk11pub.h" #include "pkcs11uri.h" @@ -27,6 +28,9 @@ struct ScopedDelete { void operator()(CERTSubjectPublicKeyInfo* spki) { SECKEY_DestroySubjectPublicKeyInfo(spki); } + void operator()(HpkeContext* context) { + PK11_HPKE_DestroyContext(context, true); + } void operator()(PK11Context* context) { PK11_DestroyContext(context, true); } void operator()(PK11GenericObject* obj) { PK11_DestroyGenericObject(obj); } void operator()(PK11SlotInfo* slot) { PK11_FreeSlot(slot); } @@ -70,6 +74,7 @@ SCOPED(CERTCertificateList); SCOPED(CERTDistNames); SCOPED(CERTName); SCOPED(CERTSubjectPublicKeyInfo); +SCOPED(HpkeContext); SCOPED(PK11Context); SCOPED(PK11GenericObject); SCOPED(PK11SlotInfo); |