src/content/child/webcrypto/nss/util_nss.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_
   6 #define CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_
   7
   8 #include <keythi.h>
   9 #include <pkcs11t.h>
  10 #include <seccomon.h>
  11 #include <secmodt.h>
  12
  13 #include "base/lazy_instance.h"
  14
  15 namespace content {
  16
  17 namespace webcrypto {
  18
  19 class CryptoData;
  20
  21 SECItem MakeSECItemForBuffer(const CryptoData& buffer);
  22 enum EncryptOrDecrypt { ENCRYPT, DECRYPT };
  23
  24 CryptoData SECItemToCryptoData(const SECItem& item);
  25
  26 // Signature for PK11_Encrypt and PK11_Decrypt.
  27 typedef SECStatus (*PK11_EncryptDecryptFunction)(PK11SymKey*,
  28                                                  CK_MECHANISM_TYPE,
  29                                                  SECItem*,
  30                                                  unsigned char*,
  31                                                  unsigned int*,
  32                                                  unsigned int,
  33                                                  const unsigned char*,
  34                                                  unsigned int);
  35
  36 // Signature for PK11_PubEncrypt
  37 typedef SECStatus (*PK11_PubEncryptFunction)(SECKEYPublicKey*,
  38                                              CK_MECHANISM_TYPE,
  39                                              SECItem*,
  40                                              unsigned char*,
  41                                              unsigned int*,
  42                                              unsigned int,
  43                                              const unsigned char*,
  44                                              unsigned int,
  45                                              void*);
  46
  47 // Signature for PK11_PrivDecrypt
  48 typedef SECStatus (*PK11_PrivDecryptFunction)(SECKEYPrivateKey*,
  49                                               CK_MECHANISM_TYPE,
  50                                               SECItem*,
  51                                               unsigned char*,
  52                                               unsigned int*,
  53                                               unsigned int,
  54                                               const unsigned char*,
  55                                               unsigned int);
  56
  57 // Singleton that detects whether or not AES-GCM and
  58 // RSA-OAEP are supported by the version of NSS being used.
  59 // On non-Linux platforms, Chromium embedders ship with a
  60 // fixed version of NSS, and these are always available.
  61 // However, on Linux (and ChromeOS), NSS is provided by the
  62 // system, and thus not all algorithms may be available
  63 // or be safe to use.
  64 class NssRuntimeSupport {
  65  public:
  66   bool IsAesGcmSupported() const {
  67     return pk11_encrypt_func_ && pk11_decrypt_func_;
  68   }
  69
  70   bool IsRsaOaepSupported() const {
  71     return pk11_pub_encrypt_func_ && pk11_priv_decrypt_func_ &&
  72            internal_slot_does_oaep_;
  73   }
  74
  75   // Returns NULL if unsupported.
  76   PK11_EncryptDecryptFunction pk11_encrypt_func() const {
  77     return pk11_encrypt_func_;
  78   }
  79
  80   // Returns NULL if unsupported.
  81   PK11_EncryptDecryptFunction pk11_decrypt_func() const {
  82     return pk11_decrypt_func_;
  83   }
  84
  85   // Returns NULL if unsupported.
  86   PK11_PubEncryptFunction pk11_pub_encrypt_func() const {
  87     return pk11_pub_encrypt_func_;
  88   }
  89
  90   // Returns NULL if unsupported.
  91   PK11_PrivDecryptFunction pk11_priv_decrypt_func() const {
  92     return pk11_priv_decrypt_func_;
  93   }
  94
  95   static NssRuntimeSupport* Get();
  96
  97  private:
  98   friend struct base::DefaultLazyInstanceTraits<NssRuntimeSupport>;
  99
 100   NssRuntimeSupport();
 101
 102   PK11_EncryptDecryptFunction pk11_encrypt_func_;
 103   PK11_EncryptDecryptFunction pk11_decrypt_func_;
 104   PK11_PubEncryptFunction pk11_pub_encrypt_func_;
 105   PK11_PrivDecryptFunction pk11_priv_decrypt_func_;
 106   bool internal_slot_does_oaep_;
 107 };
 108
 109 }  // namespace webcrypto
 110
 111 }  // namespace content
 112
 113 #endif  // CONTENT_CHILD_WEBCRYPTO_NSS_UTIL_NSS_H_