1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ 6 #define CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ 7 8 #include <keythi.h> 9 #include <pkcs11t.h> 10 #include <seccomon.h> 11 #include <secmodt.h> 12 13 #include "base/lazy_instance.h" 14 15 namespace content { 16 17 namespace webcrypto { 18 19 class CryptoData; 20 21 SECItem MakeSECItemForBuffer(const CryptoData& buffer); 22 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; 23 24 CryptoData SECItemToCryptoData(const SECItem& item); 25 26 // Signature for PK11_Encrypt and PK11_Decrypt. 27 typedef SECStatus (*PK11_EncryptDecryptFunction)(PK11SymKey*, 28 CK_MECHANISM_TYPE, 29 SECItem*, 30 unsigned char*, 31 unsigned int*, 32 unsigned int, 33 const unsigned char*, 34 unsigned int); 35 36 // Signature for PK11_PubEncrypt 37 typedef SECStatus (*PK11_PubEncryptFunction)(SECKEYPublicKey*, 38 CK_MECHANISM_TYPE, 39 SECItem*, 40 unsigned char*, 41 unsigned int*, 42 unsigned int, 43 const unsigned char*, 44 unsigned int, 45 void*); 46 47 // Signature for PK11_PrivDecrypt 48 typedef SECStatus (*PK11_PrivDecryptFunction)(SECKEYPrivateKey*, 49 CK_MECHANISM_TYPE, 50 SECItem*, 51 unsigned char*, 52 unsigned int*, 53 unsigned int, 54 const unsigned char*, 55 unsigned int); 56 57 // Singleton that detects whether or not AES-GCM and 58 // RSA-OAEP are supported by the version of NSS being used. 59 // On non-Linux platforms, Chromium embedders ship with a 60 // fixed version of NSS, and these are always available. 61 // However, on Linux (and ChromeOS), NSS is provided by the 62 // system, and thus not all algorithms may be available 63 // or be safe to use. 64 class NssRuntimeSupport { 65 public: 66 bool IsAesGcmSupported() const { 67 return pk11_encrypt_func_ && pk11_decrypt_func_; 68 } 69 70 bool IsRsaOaepSupported() const { 71 return pk11_pub_encrypt_func_ && pk11_priv_decrypt_func_ && 72 internal_slot_does_oaep_; 73 } 74 75 // Returns NULL if unsupported. 76 PK11_EncryptDecryptFunction pk11_encrypt_func() const { 77 return pk11_encrypt_func_; 78 } 79 80 // Returns NULL if unsupported. 81 PK11_EncryptDecryptFunction pk11_decrypt_func() const { 82 return pk11_decrypt_func_; 83 } 84 85 // Returns NULL if unsupported. 86 PK11_PubEncryptFunction pk11_pub_encrypt_func() const { 87 return pk11_pub_encrypt_func_; 88 } 89 90 // Returns NULL if unsupported. 91 PK11_PrivDecryptFunction pk11_priv_decrypt_func() const { 92 return pk11_priv_decrypt_func_; 93 } 94 95 static NssRuntimeSupport* Get(); 96 97 private: 98 friend struct base::DefaultLazyInstanceTraits<NssRuntimeSupport>; 99 100 NssRuntimeSupport(); 101 102 PK11_EncryptDecryptFunction pk11_encrypt_func_; 103 PK11_EncryptDecryptFunction pk11_decrypt_func_; 104 PK11_PubEncryptFunction pk11_pub_encrypt_func_; 105 PK11_PrivDecryptFunction pk11_priv_decrypt_func_; 106 bool internal_slot_does_oaep_; 107 }; 108 109 } // namespace webcrypto 110 111 } // namespace content 112 113 #endif // CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_ 114
