diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-02-06 11:46:26 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-06 11:46:26 +0100 |
commit | f017b749ea9f1586d2308504553d40bf4cc5439d (patch) | |
tree | c6033924a0de9be1ab140596e305898c651bf57e /security/nss/gtests/ssl_gtest/tls_protect.h | |
parent | 7c728b3c7680662fc4e92b5d03697b8339560b08 (diff) | |
download | UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.gz UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.lz UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.tar.xz UXP-f017b749ea9f1586d2308504553d40bf4cc5439d.zip |
Update NSS to 3.32.1-RTM
Diffstat (limited to 'security/nss/gtests/ssl_gtest/tls_protect.h')
-rw-r--r-- | security/nss/gtests/ssl_gtest/tls_protect.h | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/security/nss/gtests/ssl_gtest/tls_protect.h b/security/nss/gtests/ssl_gtest/tls_protect.h new file mode 100644 index 000000000..4efbd6e6b --- /dev/null +++ b/security/nss/gtests/ssl_gtest/tls_protect.h @@ -0,0 +1,76 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef tls_protection_h_ +#define tls_protection_h_ + +#include <cstdint> +#include <memory> + +#include "databuffer.h" +#include "pk11pub.h" +#include "sslt.h" + +namespace nss_test { +class TlsRecordHeader; + +class AeadCipher { + public: + AeadCipher(CK_MECHANISM_TYPE mech) : mech_(mech), key_(nullptr) {} + ~AeadCipher(); + + bool Init(PK11SymKey *key, const uint8_t *iv); + virtual bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen, + uint8_t *out, size_t *outlen, size_t maxlen) = 0; + + protected: + void FormatNonce(uint64_t seq, uint8_t *nonce); + bool AeadInner(bool decrypt, void *params, size_t param_length, + const uint8_t *in, size_t inlen, uint8_t *out, size_t *outlen, + size_t maxlen); + + CK_MECHANISM_TYPE mech_; + PK11SymKey *key_; + uint8_t iv_[12]; +}; + +class AeadCipherChacha20Poly1305 : public AeadCipher { + public: + AeadCipherChacha20Poly1305() : AeadCipher(CKM_NSS_CHACHA20_POLY1305) {} + + protected: + bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen, + uint8_t *out, size_t *outlen, size_t maxlen); +}; + +class AeadCipherAesGcm : public AeadCipher { + public: + AeadCipherAesGcm() : AeadCipher(CKM_AES_GCM) {} + + protected: + bool Aead(bool decrypt, uint64_t seq, const uint8_t *in, size_t inlen, + uint8_t *out, size_t *outlen, size_t maxlen); +}; + +// Our analog of ssl3CipherSpec +class TlsCipherSpec { + public: + TlsCipherSpec() : aead_() {} + + bool Init(SSLCipherAlgorithm cipher, PK11SymKey *key, const uint8_t *iv); + + bool Protect(const TlsRecordHeader &header, const DataBuffer &plaintext, + DataBuffer *ciphertext); + bool Unprotect(const TlsRecordHeader &header, const DataBuffer &ciphertext, + DataBuffer *plaintext); + + private: + std::unique_ptr<AeadCipher> aead_; +}; + +} // namespace nss_test + +#endif |