summaryrefslogtreecommitdiffstats
path: root/security/nss/gtests/ssl_gtest/tls_protect.h
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
committerwolfbeast <mcwerewolf@gmail.com>2018-02-06 11:46:26 +0100
commitf017b749ea9f1586d2308504553d40bf4cc5439d (patch)
treec6033924a0de9be1ab140596e305898c651bf57e /security/nss/gtests/ssl_gtest/tls_protect.h
parent7c728b3c7680662fc4e92b5d03697b8339560b08 (diff)
downloadUXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.gz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.lz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.xz
UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.zip
Update NSS to 3.32.1-RTM
Diffstat (limited to 'security/nss/gtests/ssl_gtest/tls_protect.h')
-rw-r--r--security/nss/gtests/ssl_gtest/tls_protect.h76
1 files changed, 76 insertions, 0 deletions
diff --git a/security/nss/gtests/ssl_gtest/tls_protect.h b/security/nss/gtests/ssl_gtest/tls_protect.h
new file mode 100644
index 000000000..4efbd6e6b
--- /dev/null
+++ b/security/nss/gtests/ssl_gtest/tls_protect.h
@@ -0,0 +1,76 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef tls_protection_h_
+#define tls_protection_h_
+
+#include <cstdint>
+#include <memory>
+
+#include "databuffer.h"
+#include "pk11pub.h"
+#include "sslt.h"
+
+namespace nss_test {
+class TlsRecordHeader;
+
+class AeadCipher {
+ public:
+ AeadCipher(CK_MECHANISM_TYPE mech) : mech_(mech), key_(nullptr) {}
+ ~AeadCipher();
+
+ bool Init(PK11SymKey *key, const uint8_t *iv);
+ virtual bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen,
+ uint8_t *out, size_t *outlen, size_t maxlen) = 0;
+
+ protected:
+ void FormatNonce(uint64_t seq, uint8_t *nonce);
+ bool AeadInner(bool decrypt, void *params, size_t param_length,
+ const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen,
+ size_t maxlen);
+
+ CK_MECHANISM_TYPE mech_;
+ PK11SymKey *key_;
+ uint8_t iv_[12];
+};
+
+class AeadCipherChacha20Poly1305 : public AeadCipher {
+ public:
+ AeadCipherChacha20Poly1305() : AeadCipher(CKM_NSS_CHACHA20_POLY1305) {}
+
+ protected:
+ bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen,
+ uint8_t *out, size_t *outlen, size_t maxlen);
+};
+
+class AeadCipherAesGcm : public AeadCipher {
+ public:
+ AeadCipherAesGcm() : AeadCipher(CKM_AES_GCM) {}
+
+ protected:
+ bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen,
+ uint8_t *out, size_t *outlen, size_t maxlen);
+};
+
+// Our analog of ssl3CipherSpec
+class TlsCipherSpec {
+ public:
+ TlsCipherSpec() : aead_() {}
+
+ bool Init(SSLCipherAlgorithm cipher, PK11SymKey *key, const uint8_t *iv);
+
+ bool Protect(const TlsRecordHeader &header, const DataBuffer &plaintext,
+ DataBuffer *ciphertext);
+ bool Unprotect(const TlsRecordHeader &header, const DataBuffer &ciphertext,
+ DataBuffer *plaintext);
+
+ private:
+ std::unique_ptr<AeadCipher> aead_;
+};
+
+} // namespace nss_test
+
+#endif