From 43a97878ce14b72f0981164f87f2e35e14151312 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 11:22:09 +0200 Subject: Adding upstream version 110.0.1. Signed-off-by: Daniel Baumann --- security/manager/ssl/OSKeyStore.h | 105 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 security/manager/ssl/OSKeyStore.h (limited to 'security/manager/ssl/OSKeyStore.h') diff --git a/security/manager/ssl/OSKeyStore.h b/security/manager/ssl/OSKeyStore.h new file mode 100644 index 0000000000..5163582ead --- /dev/null +++ b/security/manager/ssl/OSKeyStore.h @@ -0,0 +1,105 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Generic key store implementation for platforms that we don't support with OS +// specific implementations. + +#ifndef OSKeyStore_h +#define OSKeyStore_h + +#include "nsCOMPtr.h" +#include "nsIOSKeyStore.h" +#include "nsString.h" +#include "ScopedNSSTypes.h" + +#include +#include + +class AbstractOSKeyStore { + public: + // Retrieve a secret with the given label. + virtual nsresult RetrieveSecret(const nsACString& aLabel, + /* out */ nsACString& aSecret) = 0; + // Store a new secret with the given label. + virtual nsresult StoreSecret(const nsACString& secret, + const nsACString& label) = 0; + // Delete the secret with the given label. + virtual nsresult DeleteSecret(const nsACString& label) = 0; + // Lock the key store. + virtual nsresult Lock() = 0; + // Unlock the key store. + virtual nsresult Unlock() = 0; + virtual ~AbstractOSKeyStore() = default; + + // Returns true if the secret with the given label is available in the key + // store, false otherwise. + virtual bool SecretAvailable(const nsACString& label); + // Perform encryption or decryption operation with the given secret and input + // bytes. The output is written in outBytes. This function can make use of the + // AesGcm class to use NSS for encryption and decryption. + virtual nsresult EncryptDecrypt(const nsACString& label, + const std::vector& inBytes, + std::vector& outBytes, bool encrypt); + + size_t GetKeyByteLength() { return mKeyByteLength; } + + protected: + /* These helper functions are implemented in OSKeyStore.cpp and implement + * common functionality of the abstract key store to encrypt and decrypt. + */ + nsresult DoCipher(const mozilla::UniquePK11SymKey& aSymKey, + const std::vector& inBytes, + std::vector& outBytes, bool aEncrypt); + nsresult BuildAesGcmKey(std::vector keyBytes, + /* out */ mozilla::UniquePK11SymKey& aKey); + + private: + const size_t mKeyByteLength = 16; + const size_t mIVLength = 12; +}; + +#define NS_OSKEYSTORE_CONTRACTID "@mozilla.org/security/oskeystore;1" +#define NS_OSKEYSTORE_CID \ + { \ + 0x57972956, 0x5718, 0x42d2, { \ + 0x80, 0x70, 0xb3, 0xfc, 0x72, 0x21, 0x2e, 0xaf \ + } \ + } + +nsresult GetPromise(JSContext* aCx, + /* out */ RefPtr& aPromise); + +class OSKeyStore final : public nsIOSKeyStore { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIOSKEYSTORE + + OSKeyStore(); + nsresult GenerateSecret(const nsACString& aLabel, + /* out */ nsACString& aRecoveryPhrase); + nsresult SecretAvailable(const nsACString& aLabel, + /* out */ bool* aAvailable); + nsresult RecoverSecret(const nsACString& aLabel, + const nsACString& aRecoveryPhrase); + nsresult DeleteSecret(const nsACString& aLabel); + nsresult EncryptBytes(const nsACString& aLabel, + const std::vector& aInBytes, + /*out*/ nsACString& aEncryptedBase64Text); + nsresult DecryptBytes(const nsACString& aLabel, + const nsACString& aEncryptedBase64Text, + /*out*/ uint32_t* outLen, + /*out*/ uint8_t** outBytes); + nsresult Lock(); + nsresult Unlock(); + + private: + ~OSKeyStore() = default; + + std::unique_ptr mKs; + bool mKsIsNSSKeyStore; +}; + +#endif // OSKeyStore_h -- cgit v1.2.3