/src/mozilla-central/security/manager/ssl/OSKeyStore.h

Source (jump to first uncovered line)
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

// Generic key store implementation for platforms that we don't support with OS
// specific implementations.

#ifndef OSKeyStore_h
#define OSKeyStore_h

#include "nsIOSKeyStore.h"
#include "nsString.h"

#include <memory>

class AbstractOSKeyStore
{
public:

  // Retrieve a secret with the given label.
  virtual nsresult RetrieveSecret(const nsACString& aLabel,
                        /* out */ nsACString& aSecret) = 0;
  // Store a new secret with the given label.
  virtual nsresult StoreSecret(const nsACString& secret,
                               const nsACString& label) = 0;
  // Delete the secret with the given label.
  virtual nsresult DeleteSecret(const nsACString& label) = 0;
  // Lock the key store.
  virtual nsresult Lock() = 0;
  // Unlock the key store.
  virtual nsresult Unlock() = 0;
  // Identify the fallback NSS key store.
  virtual bool IsNSSKeyStore();
  virtual ~AbstractOSKeyStore() {}

  // Returns true if the secret with the given label is available in the key
  // store, false otherwise.
  virtual bool SecretAvailable(const nsACString& label);
  // Perform encryption or decryption operation with the given secret and input
  // bytes. The output is written in outBytes. This function can make use of the
  // AesGcm class to use NSS for encryption and decryption.
  virtual nsresult EncryptDecrypt(const nsACString& label,
                                  const std::vector<uint8_t>& inBytes,
                                  std::vector<uint8_t>& outBytes,
                                  bool encrypt);

  size_t GetKeyByteLength() { return mKeyByteLength; }

protected:
  /* These helper functions are implemented in OSKeyStore.cpp and implement
   * common functionality of the abstract key store to encrypt and decrypt.
   */
  nsresult DoCipher(const UniquePK11SymKey& aSymKey,
                    const std::vector<uint8_t>& inBytes,
                    std::vector<uint8_t>& outBytes,
                    bool aEncrypt);
  nsresult BuildAesGcmKey(std::vector<uint8_t> keyBytes,
                          /* out */ UniquePK11SymKey& aKey);

private:
  const size_t mKeyByteLength = 16;
  const size_t mIVLength = 12;
};

#define NS_OSKEYSTORE_CONTRACTID "@mozilla.org/security/oskeystore;1"
#define NS_OSKEYSTORE_CID \
  { 0x57972956, 0x5718, 0x42d2, { 0x80, 0x70, 0xb3, 0xfc, 0x72, 0x21, 0x2e, 0xaf } }

class OSKeyStore : public nsIOSKeyStore
{
public:
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSIOSKEYSTORE

  OSKeyStore();
  nsresult GenerateSecret(const nsACString& aLabel,
                          /* out */ nsACString& aRecoveryPhrase);
  nsresult SecretAvailable(const nsACString& aLabel,
                           /* out */ bool* aAvailable);
  nsresult RecoverSecret(const nsACString& aLabel,
                         const nsACString& aRecoveryPhrase);
  nsresult DeleteSecret(const nsACString& aLabel);
  nsresult EncryptBytes(const nsACString& aLabel,
                        uint32_t inLen,
                        uint8_t* inBytes,
                        /*out*/ nsACString& aEncryptedBase64Text);
  nsresult DecryptBytes(const nsACString& aLabel,
                        const nsACString& aEncryptedBase64Text,
                        /*out*/ uint32_t* outLen,
                        /*out*/ uint8_t** outBytes);
  nsresult Lock();
  nsresult Unlock();

protected:
  virtual ~OSKeyStore();

private:
  nsresult FinishAsync(RefPtr<mozilla::dom::Promise>& aPromise,
                       /* out*/ mozilla::dom::Promise** anotherPromise,
                       const nsACString& aName,
                       nsCOMPtr<nsIRunnable> aRunnable);

  std::unique_ptr<AbstractOSKeyStore> mKs = nullptr;
  Mutex mMutex;
  const nsCString mLabelPrefix =
    NS_LITERAL_CSTRING("org.mozilla.nss.keystore.");
};

#endif // OSKeyStore_h

Coverage Report

Created: 2018-09-25 14:53

Line	Count	Source (jump to first uncovered line)
1		/* -- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 --
2		*
3		* This Source Code Form is subject to the terms of the Mozilla Public
4		* License, v. 2.0. If a copy of the MPL was not distributed with this
5		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7		// Generic key store implementation for platforms that we don't support with OS
8		// specific implementations.
9
10		#ifndef OSKeyStore_h
11		#define OSKeyStore_h
12
13		#include "nsIOSKeyStore.h"
14		#include "nsString.h"
15
16		#include <memory>
17
18		class AbstractOSKeyStore
19		{
20		public:
21
22		// Retrieve a secret with the given label.
23		virtual nsresult RetrieveSecret(const nsACString& aLabel,
24		/* out */ nsACString& aSecret) = 0;
25		// Store a new secret with the given label.
26		virtual nsresult StoreSecret(const nsACString& secret,
27		const nsACString& label) = 0;
28		// Delete the secret with the given label.
29		virtual nsresult DeleteSecret(const nsACString& label) = 0;
30		// Lock the key store.
31		virtual nsresult Lock() = 0;
32		// Unlock the key store.
33		virtual nsresult Unlock() = 0;
34		// Identify the fallback NSS key store.
35		virtual bool IsNSSKeyStore();
36	0	virtual ~AbstractOSKeyStore() {}
37
38		// Returns true if the secret with the given label is available in the key
39		// store, false otherwise.
40		virtual bool SecretAvailable(const nsACString& label);
41		// Perform encryption or decryption operation with the given secret and input
42		// bytes. The output is written in outBytes. This function can make use of the
43		// AesGcm class to use NSS for encryption and decryption.
44		virtual nsresult EncryptDecrypt(const nsACString& label,
45		const std::vector<uint8_t>& inBytes,
46		std::vector<uint8_t>& outBytes,
47		bool encrypt);
48
49	0	size_t GetKeyByteLength() { return mKeyByteLength; }
50
51		protected:
52		/* These helper functions are implemented in OSKeyStore.cpp and implement
53		* common functionality of the abstract key store to encrypt and decrypt.
54		*/
55		nsresult DoCipher(const UniquePK11SymKey& aSymKey,
56		const std::vector<uint8_t>& inBytes,
57		std::vector<uint8_t>& outBytes,
58		bool aEncrypt);
59		nsresult BuildAesGcmKey(std::vector<uint8_t> keyBytes,
60		/* out */ UniquePK11SymKey& aKey);
61
62		private:
63		const size_t mKeyByteLength = 16;
64		const size_t mIVLength = 12;
65		};
66
67		#define NS_OSKEYSTORE_CONTRACTID "@mozilla.org/security/oskeystore;1"
68		#define NS_OSKEYSTORE_CID \
69		{ 0x57972956, 0x5718, 0x42d2, { 0x80, 0x70, 0xb3, 0xfc, 0x72, 0x21, 0x2e, 0xaf } }
70
71		class OSKeyStore : public nsIOSKeyStore
72		{
73		public:
74		NS_DECL_THREADSAFE_ISUPPORTS
75		NS_DECL_NSIOSKEYSTORE
76
77		OSKeyStore();
78		nsresult GenerateSecret(const nsACString& aLabel,
79		/* out */ nsACString& aRecoveryPhrase);
80		nsresult SecretAvailable(const nsACString& aLabel,
81		/* out / bool aAvailable);
82		nsresult RecoverSecret(const nsACString& aLabel,
83		const nsACString& aRecoveryPhrase);
84		nsresult DeleteSecret(const nsACString& aLabel);
85		nsresult EncryptBytes(const nsACString& aLabel,
86		uint32_t inLen,
87		uint8_t* inBytes,
88		/out/ nsACString& aEncryptedBase64Text);
89		nsresult DecryptBytes(const nsACString& aLabel,
90		const nsACString& aEncryptedBase64Text,
91		/out/ uint32_t* outLen,
92		/out/ uint8_t** outBytes);
93		nsresult Lock();
94		nsresult Unlock();
95
96		protected:
97		virtual ~OSKeyStore();
98
99		private:
100		nsresult FinishAsync(RefPtr<mozilla::dom::Promise>& aPromise,
101		/* out/ mozilla::dom::Promise* anotherPromise,
102		const nsACString& aName,
103		nsCOMPtr<nsIRunnable> aRunnable);
104
105		std::unique_ptr<AbstractOSKeyStore> mKs = nullptr;
106		Mutex mMutex;
107		const nsCString mLabelPrefix =
108		NS_LITERAL_CSTRING("org.mozilla.nss.keystore.");
109		};
110
111		#endif // OSKeyStore_h