content/child/webcrypto/nss/util_nss.cc - platform/external/chromium_org - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "content/child/webcrypto/nss/util_nss.h"

 #include "base/lazy_instance.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "crypto/nss_util.h"
 #include "crypto/scoped_nss_types.h"

 #if defined(USE_NSS)
 #include <dlfcn.h>
 #include <secoid.h>
 #endif

 namespace content {

 namespace webcrypto {

 namespace {
 base::LazyInstance<NssRuntimeSupport>::Leaky g_nss_runtime_support =
     LAZY_INSTANCE_INITIALIZER;
 }  // namespace

 // Creates a SECItem for the data in |buffer|. This does NOT make a copy, so
 // |buffer| should outlive the SECItem.
 SECItem MakeSECItemForBuffer(const CryptoData& buffer) {
   SECItem item = {
       siBuffer,
       // NSS requires non-const data even though it is just for input.
       const_cast<unsigned char*>(buffer.bytes()), buffer.byte_length()};
   return item;
 }

 CryptoData SECItemToCryptoData(const SECItem& item) {
   return CryptoData(item.data, item.len);
 }

 NssRuntimeSupport* NssRuntimeSupport::Get() {
   return &g_nss_runtime_support.Get();
 }

 NssRuntimeSupport::NssRuntimeSupport() : internal_slot_does_oaep_(false) {
 #if !defined(USE_NSS)
   // Using a bundled version of NSS that is guaranteed to have this symbol.
   pk11_encrypt_func_ = PK11_Encrypt;
   pk11_decrypt_func_ = PK11_Decrypt;
   pk11_pub_encrypt_func_ = PK11_PubEncrypt;
   pk11_priv_decrypt_func_ = PK11_PrivDecrypt;
   internal_slot_does_oaep_ = true;
 #else
   // Using system NSS libraries and PCKS #11 modules, which may not have the
   // necessary function (PK11_Encrypt) or mechanism support (CKM_AES_GCM).

   // If PK11_Encrypt() was successfully resolved, then NSS will support
   // AES-GCM directly. This was introduced in NSS 3.15.
   pk11_encrypt_func_ = reinterpret_cast<PK11_EncryptDecryptFunction>(
       dlsym(RTLD_DEFAULT, "PK11_Encrypt"));
   pk11_decrypt_func_ = reinterpret_cast<PK11_EncryptDecryptFunction>(
       dlsym(RTLD_DEFAULT, "PK11_Decrypt"));

   // Even though NSS's pk11wrap layer may support
   // PK11_PubEncrypt/PK11_PubDecrypt (introduced in NSS 3.16.2), it may have
   // loaded a softoken that does not include OAEP support.
   pk11_pub_encrypt_func_ = reinterpret_cast<PK11_PubEncryptFunction>(
       dlsym(RTLD_DEFAULT, "PK11_PubEncrypt"));
   pk11_priv_decrypt_func_ = reinterpret_cast<PK11_PrivDecryptFunction>(
       dlsym(RTLD_DEFAULT, "PK11_PrivDecrypt"));
   if (pk11_priv_decrypt_func_ && pk11_pub_encrypt_func_) {
     crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
     internal_slot_does_oaep_ =
         !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP);
   }
 #endif
 }

 void PlatformInit() {
   crypto::EnsureNSSInit();
 }

 }  // namespace webcrypto

 }  // namespace content
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "content/child/webcrypto/nss/util_nss.h"

	#include "base/lazy_instance.h"
	#include "content/child/webcrypto/crypto_data.h"
	#include "crypto/nss_util.h"
	#include "crypto/scoped_nss_types.h"

	#if defined(USE_NSS)
	#include <dlfcn.h>
	#include <secoid.h>
	#endif

	namespace content {

	namespace webcrypto {

	namespace {
	base::LazyInstance<NssRuntimeSupport>::Leaky g_nss_runtime_support =
	LAZY_INSTANCE_INITIALIZER;
	} // namespace

	// Creates a SECItem for the data in \|buffer\|. This does NOT make a copy, so
	// \|buffer\| should outlive the SECItem.
	SECItem MakeSECItemForBuffer(const CryptoData& buffer) {
	SECItem item = {
	siBuffer,
	// NSS requires non-const data even though it is just for input.
	const_cast<unsigned char*>(buffer.bytes()), buffer.byte_length()};
	return item;
	}

	CryptoData SECItemToCryptoData(const SECItem& item) {
	return CryptoData(item.data, item.len);
	}

	NssRuntimeSupport* NssRuntimeSupport::Get() {
	return &g_nss_runtime_support.Get();
	}

	NssRuntimeSupport::NssRuntimeSupport() : internal_slot_does_oaep_(false) {
	#if !defined(USE_NSS)
	// Using a bundled version of NSS that is guaranteed to have this symbol.
	pk11_encrypt_func_ = PK11_Encrypt;
	pk11_decrypt_func_ = PK11_Decrypt;
	pk11_pub_encrypt_func_ = PK11_PubEncrypt;
	pk11_priv_decrypt_func_ = PK11_PrivDecrypt;
	internal_slot_does_oaep_ = true;
	#else
	// Using system NSS libraries and PCKS #11 modules, which may not have the
	// necessary function (PK11_Encrypt) or mechanism support (CKM_AES_GCM).

	// If PK11_Encrypt() was successfully resolved, then NSS will support
	// AES-GCM directly. This was introduced in NSS 3.15.
	pk11_encrypt_func_ = reinterpret_cast<PK11_EncryptDecryptFunction>(
	dlsym(RTLD_DEFAULT, "PK11_Encrypt"));
	pk11_decrypt_func_ = reinterpret_cast<PK11_EncryptDecryptFunction>(
	dlsym(RTLD_DEFAULT, "PK11_Decrypt"));

	// Even though NSS's pk11wrap layer may support
	// PK11_PubEncrypt/PK11_PubDecrypt (introduced in NSS 3.16.2), it may have
	// loaded a softoken that does not include OAEP support.
	pk11_pub_encrypt_func_ = reinterpret_cast<PK11_PubEncryptFunction>(
	dlsym(RTLD_DEFAULT, "PK11_PubEncrypt"));
	pk11_priv_decrypt_func_ = reinterpret_cast<PK11_PrivDecryptFunction>(
	dlsym(RTLD_DEFAULT, "PK11_PrivDecrypt"));
	if (pk11_priv_decrypt_func_ && pk11_pub_encrypt_func_) {
	crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
	internal_slot_does_oaep_ =
	!!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP);
	}
	#endif
	}

	void PlatformInit() {
	crypto::EnsureNSSInit();
	}

	} // namespace webcrypto

	} // namespace content