OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * |
| 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ |
| 10 |
| 11 #ifndef WEBRTC_BASE_NSSSTREAMADAPTER_H_ |
| 12 #define WEBRTC_BASE_NSSSTREAMADAPTER_H_ |
| 13 |
| 14 #include <string> |
| 15 #include <vector> |
| 16 |
| 17 // Hack: Define+undefine int64 and uint64 to avoid typedef conflict with NSS. |
| 18 // TODO(kjellander): Remove when webrtc:4497 is completed. |
| 19 #define uint64 foo_uint64 |
| 20 #define int64 foo_int64 |
| 21 #include "nspr.h" |
| 22 #undef uint64 |
| 23 #undef int64 |
| 24 |
| 25 #include "nss.h" |
| 26 #include "secmodt.h" |
| 27 |
| 28 #include "webrtc/base/buffer.h" |
| 29 #include "webrtc/base/criticalsection.h" |
| 30 #include "webrtc/base/nssidentity.h" |
| 31 #include "webrtc/base/ssladapter.h" |
| 32 #include "webrtc/base/sslstreamadapter.h" |
| 33 #include "webrtc/base/sslstreamadapterhelper.h" |
| 34 |
| 35 namespace rtc { |
| 36 |
| 37 // Singleton |
| 38 class NSSContext { |
| 39 public: |
| 40 explicit NSSContext(PK11SlotInfo* slot) : slot_(slot) {} |
| 41 ~NSSContext() { |
| 42 } |
| 43 |
| 44 static PK11SlotInfo *GetSlot() { |
| 45 return Instance() ? Instance()->slot_: NULL; |
| 46 } |
| 47 |
| 48 static NSSContext *Instance(); |
| 49 static bool InitializeSSL(VerificationCallback callback); |
| 50 static bool InitializeSSLThread(); |
| 51 static bool CleanupSSL(); |
| 52 |
| 53 private: |
| 54 PK11SlotInfo *slot_; // The PKCS-11 slot |
| 55 static GlobalLockPod lock; // To protect the global context |
| 56 static NSSContext *global_nss_context; // The global context |
| 57 }; |
| 58 |
| 59 |
| 60 class NSSStreamAdapter : public SSLStreamAdapterHelper { |
| 61 public: |
| 62 explicit NSSStreamAdapter(StreamInterface* stream); |
| 63 ~NSSStreamAdapter() override; |
| 64 bool Init(); |
| 65 |
| 66 StreamResult Read(void* data, |
| 67 size_t data_len, |
| 68 size_t* read, |
| 69 int* error) override; |
| 70 StreamResult Write(const void* data, |
| 71 size_t data_len, |
| 72 size_t* written, |
| 73 int* error) override; |
| 74 void OnMessage(Message* msg) override; |
| 75 |
| 76 bool GetSslCipher(std::string* cipher) override; |
| 77 |
| 78 // Key Extractor interface |
| 79 bool ExportKeyingMaterial(const std::string& label, |
| 80 const uint8* context, |
| 81 size_t context_len, |
| 82 bool use_context, |
| 83 uint8* result, |
| 84 size_t result_len) override; |
| 85 |
| 86 // DTLS-SRTP interface |
| 87 bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers) override; |
| 88 bool GetDtlsSrtpCipher(std::string* cipher) override; |
| 89 |
| 90 // Capabilities interfaces |
| 91 static bool HaveDtls(); |
| 92 static bool HaveDtlsSrtp(); |
| 93 static bool HaveExporter(); |
| 94 static std::string GetDefaultSslCipher(SSLProtocolVersion version, |
| 95 KeyType key_type); |
| 96 |
| 97 protected: |
| 98 // Override SSLStreamAdapter |
| 99 void OnEvent(StreamInterface* stream, int events, int err) override; |
| 100 |
| 101 // Override SSLStreamAdapterHelper |
| 102 int BeginSSL() override; |
| 103 void Cleanup() override; |
| 104 bool GetDigestLength(const std::string& algorithm, size_t* length) override; |
| 105 |
| 106 private: |
| 107 int ContinueSSL(); |
| 108 static SECStatus AuthCertificateHook(void *arg, PRFileDesc *fd, |
| 109 PRBool checksig, PRBool isServer); |
| 110 static SECStatus GetClientAuthDataHook(void *arg, PRFileDesc *fd, |
| 111 CERTDistNames *caNames, |
| 112 CERTCertificate **pRetCert, |
| 113 SECKEYPrivateKey **pRetKey); |
| 114 |
| 115 PRFileDesc *ssl_fd_; // NSS's SSL file descriptor |
| 116 static bool initialized; // Was InitializeSSL() called? |
| 117 bool cert_ok_; // Did we get and check a cert |
| 118 std::vector<PRUint16> srtp_ciphers_; // SRTP cipher list |
| 119 |
| 120 static PRDescIdentity nspr_layer_identity; // The NSPR layer identity |
| 121 }; |
| 122 |
| 123 } // namespace rtc |
| 124 |
| 125 #endif // WEBRTC_BASE_NSSSTREAMADAPTER_H_ |
OLD | NEW |