1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef COMPONENTS_WEBCRYPTO_NSS_UTIL_NSS_H_
#define COMPONENTS_WEBCRYPTO_NSS_UTIL_NSS_H_
#include <keythi.h>
#include <pkcs11t.h>
#include <seccomon.h>
#include <secmodt.h>
#include "base/lazy_instance.h"
namespace webcrypto {
class CryptoData;
SECItem MakeSECItemForBuffer(const CryptoData& buffer);
enum EncryptOrDecrypt { ENCRYPT, DECRYPT };
CryptoData SECItemToCryptoData(const SECItem& item);
const CK_FLAGS kAllOperationFlags =
CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP;
// Signature for PK11_Encrypt and PK11_Decrypt.
typedef SECStatus (*PK11_EncryptDecryptFunction)(PK11SymKey*,
CK_MECHANISM_TYPE,
SECItem*,
unsigned char*,
unsigned int*,
unsigned int,
const unsigned char*,
unsigned int);
// Signature for PK11_PubEncrypt
typedef SECStatus (*PK11_PubEncryptFunction)(SECKEYPublicKey*,
CK_MECHANISM_TYPE,
SECItem*,
unsigned char*,
unsigned int*,
unsigned int,
const unsigned char*,
unsigned int,
void*);
// Signature for PK11_PrivDecrypt
typedef SECStatus (*PK11_PrivDecryptFunction)(SECKEYPrivateKey*,
CK_MECHANISM_TYPE,
SECItem*,
unsigned char*,
unsigned int*,
unsigned int,
const unsigned char*,
unsigned int);
// Singleton that detects whether or not AES-GCM and
// RSA-OAEP are supported by the version of NSS being used.
// On non-Linux platforms, Chromium embedders ship with a
// fixed version of NSS, and these are always available.
// However, on Linux (and ChromeOS), NSS is provided by the
// system, and thus not all algorithms may be available
// or be safe to use.
class NssRuntimeSupport {
public:
bool IsAesGcmSupported() const {
return pk11_encrypt_func_ && pk11_decrypt_func_;
}
bool IsRsaOaepSupported() const {
return pk11_pub_encrypt_func_ && pk11_priv_decrypt_func_ &&
internal_slot_does_oaep_;
}
// Returns NULL if unsupported.
PK11_EncryptDecryptFunction pk11_encrypt_func() const {
return pk11_encrypt_func_;
}
// Returns NULL if unsupported.
PK11_EncryptDecryptFunction pk11_decrypt_func() const {
return pk11_decrypt_func_;
}
// Returns NULL if unsupported.
PK11_PubEncryptFunction pk11_pub_encrypt_func() const {
return pk11_pub_encrypt_func_;
}
// Returns NULL if unsupported.
PK11_PrivDecryptFunction pk11_priv_decrypt_func() const {
return pk11_priv_decrypt_func_;
}
static NssRuntimeSupport* Get();
private:
friend struct base::DefaultLazyInstanceTraits<NssRuntimeSupport>;
NssRuntimeSupport();
PK11_EncryptDecryptFunction pk11_encrypt_func_;
PK11_EncryptDecryptFunction pk11_decrypt_func_;
PK11_PubEncryptFunction pk11_pub_encrypt_func_;
PK11_PrivDecryptFunction pk11_priv_decrypt_func_;
bool internal_slot_does_oaep_;
};
} // namespace webcrypto
#endif // COMPONENTS_WEBCRYPTO_NSS_UTIL_NSS_H_
|
