summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/OSKeyStore.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/OSKeyStore.h')
-rw-r--r--security/manager/ssl/OSKeyStore.h105
1 files changed, 105 insertions, 0 deletions
diff --git a/security/manager/ssl/OSKeyStore.h b/security/manager/ssl/OSKeyStore.h
new file mode 100644
index 0000000000..5163582ead
--- /dev/null
+++ b/security/manager/ssl/OSKeyStore.h
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Generic key store implementation for platforms that we don't support with OS
+// specific implementations.
+
+#ifndef OSKeyStore_h
+#define OSKeyStore_h
+
+#include "nsCOMPtr.h"
+#include "nsIOSKeyStore.h"
+#include "nsString.h"
+#include "ScopedNSSTypes.h"
+
+#include <memory>
+#include <vector>
+
+class AbstractOSKeyStore {
+ public:
+ // Retrieve a secret with the given label.
+ virtual nsresult RetrieveSecret(const nsACString& aLabel,
+ /* out */ nsACString& aSecret) = 0;
+ // Store a new secret with the given label.
+ virtual nsresult StoreSecret(const nsACString& secret,
+ const nsACString& label) = 0;
+ // Delete the secret with the given label.
+ virtual nsresult DeleteSecret(const nsACString& label) = 0;
+ // Lock the key store.
+ virtual nsresult Lock() = 0;
+ // Unlock the key store.
+ virtual nsresult Unlock() = 0;
+ virtual ~AbstractOSKeyStore() = default;
+
+ // Returns true if the secret with the given label is available in the key
+ // store, false otherwise.
+ virtual bool SecretAvailable(const nsACString& label);
+ // Perform encryption or decryption operation with the given secret and input
+ // bytes. The output is written in outBytes. This function can make use of the
+ // AesGcm class to use NSS for encryption and decryption.
+ virtual nsresult EncryptDecrypt(const nsACString& label,
+ const std::vector<uint8_t>& inBytes,
+ std::vector<uint8_t>& outBytes, bool encrypt);
+
+ size_t GetKeyByteLength() { return mKeyByteLength; }
+
+ protected:
+ /* These helper functions are implemented in OSKeyStore.cpp and implement
+ * common functionality of the abstract key store to encrypt and decrypt.
+ */
+ nsresult DoCipher(const mozilla::UniquePK11SymKey& aSymKey,
+ const std::vector<uint8_t>& inBytes,
+ std::vector<uint8_t>& outBytes, bool aEncrypt);
+ nsresult BuildAesGcmKey(std::vector<uint8_t> keyBytes,
+ /* out */ mozilla::UniquePK11SymKey& aKey);
+
+ private:
+ const size_t mKeyByteLength = 16;
+ const size_t mIVLength = 12;
+};
+
+#define NS_OSKEYSTORE_CONTRACTID "@mozilla.org/security/oskeystore;1"
+#define NS_OSKEYSTORE_CID \
+ { \
+ 0x57972956, 0x5718, 0x42d2, { \
+ 0x80, 0x70, 0xb3, 0xfc, 0x72, 0x21, 0x2e, 0xaf \
+ } \
+ }
+
+nsresult GetPromise(JSContext* aCx,
+ /* out */ RefPtr<mozilla::dom::Promise>& aPromise);
+
+class OSKeyStore final : public nsIOSKeyStore {
+ public:
+ NS_DECL_THREADSAFE_ISUPPORTS
+ NS_DECL_NSIOSKEYSTORE
+
+ OSKeyStore();
+ nsresult GenerateSecret(const nsACString& aLabel,
+ /* out */ nsACString& aRecoveryPhrase);
+ nsresult SecretAvailable(const nsACString& aLabel,
+ /* out */ bool* aAvailable);
+ nsresult RecoverSecret(const nsACString& aLabel,
+ const nsACString& aRecoveryPhrase);
+ nsresult DeleteSecret(const nsACString& aLabel);
+ nsresult EncryptBytes(const nsACString& aLabel,
+ const std::vector<uint8_t>& aInBytes,
+ /*out*/ nsACString& aEncryptedBase64Text);
+ nsresult DecryptBytes(const nsACString& aLabel,
+ const nsACString& aEncryptedBase64Text,
+ /*out*/ uint32_t* outLen,
+ /*out*/ uint8_t** outBytes);
+ nsresult Lock();
+ nsresult Unlock();
+
+ private:
+ ~OSKeyStore() = default;
+
+ std::unique_ptr<AbstractOSKeyStore> mKs;
+ bool mKsIsNSSKeyStore;
+};
+
+#endif // OSKeyStore_h