OLD | NEW |
| (Empty) |
1 /* | |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | |
3 * | |
4 * Use of this source code is governed by a BSD-style license | |
5 * that can be found in the LICENSE file in the root of the source | |
6 * tree. An additional intellectual property rights grant can be found | |
7 * in the file PATENTS. All contributing project authors may | |
8 * be found in the AUTHORS file in the root of the source tree. | |
9 */ | |
10 | |
11 #ifndef WEBRTC_BASE_NSSSTREAMADAPTER_H_ | |
12 #define WEBRTC_BASE_NSSSTREAMADAPTER_H_ | |
13 | |
14 #include <string> | |
15 #include <vector> | |
16 | |
17 // Hack: Define+undefine int64 and uint64 to avoid typedef conflict with NSS. | |
18 // TODO(kjellander): Remove when webrtc:4497 is completed. | |
19 #define uint64 foo_uint64 | |
20 #define int64 foo_int64 | |
21 #include "nspr.h" | |
22 #undef uint64 | |
23 #undef int64 | |
24 | |
25 #include "nss.h" | |
26 #include "secmodt.h" | |
27 | |
28 #include "webrtc/base/buffer.h" | |
29 #include "webrtc/base/criticalsection.h" | |
30 #include "webrtc/base/nssidentity.h" | |
31 #include "webrtc/base/ssladapter.h" | |
32 #include "webrtc/base/sslstreamadapter.h" | |
33 #include "webrtc/base/sslstreamadapterhelper.h" | |
34 | |
35 namespace rtc { | |
36 | |
37 // Singleton | |
38 class NSSContext { | |
39 public: | |
40 explicit NSSContext(PK11SlotInfo* slot) : slot_(slot) {} | |
41 ~NSSContext() { | |
42 } | |
43 | |
44 static PK11SlotInfo *GetSlot() { | |
45 return Instance() ? Instance()->slot_: NULL; | |
46 } | |
47 | |
48 static NSSContext *Instance(); | |
49 static bool InitializeSSL(VerificationCallback callback); | |
50 static bool InitializeSSLThread(); | |
51 static bool CleanupSSL(); | |
52 | |
53 private: | |
54 PK11SlotInfo *slot_; // The PKCS-11 slot | |
55 static GlobalLockPod lock; // To protect the global context | |
56 static NSSContext *global_nss_context; // The global context | |
57 }; | |
58 | |
59 | |
60 class NSSStreamAdapter : public SSLStreamAdapterHelper { | |
61 public: | |
62 explicit NSSStreamAdapter(StreamInterface* stream); | |
63 ~NSSStreamAdapter() override; | |
64 bool Init(); | |
65 | |
66 StreamResult Read(void* data, | |
67 size_t data_len, | |
68 size_t* read, | |
69 int* error) override; | |
70 StreamResult Write(const void* data, | |
71 size_t data_len, | |
72 size_t* written, | |
73 int* error) override; | |
74 void OnMessage(Message* msg) override; | |
75 | |
76 bool GetSslCipher(std::string* cipher) override; | |
77 | |
78 // Key Extractor interface | |
79 bool ExportKeyingMaterial(const std::string& label, | |
80 const uint8* context, | |
81 size_t context_len, | |
82 bool use_context, | |
83 uint8* result, | |
84 size_t result_len) override; | |
85 | |
86 // DTLS-SRTP interface | |
87 bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers) override; | |
88 bool GetDtlsSrtpCipher(std::string* cipher) override; | |
89 | |
90 // Capabilities interfaces | |
91 static bool HaveDtls(); | |
92 static bool HaveDtlsSrtp(); | |
93 static bool HaveExporter(); | |
94 static std::string GetDefaultSslCipher(SSLProtocolVersion version, | |
95 KeyType key_type); | |
96 | |
97 protected: | |
98 // Override SSLStreamAdapter | |
99 void OnEvent(StreamInterface* stream, int events, int err) override; | |
100 | |
101 // Override SSLStreamAdapterHelper | |
102 int BeginSSL() override; | |
103 void Cleanup() override; | |
104 bool GetDigestLength(const std::string& algorithm, size_t* length) override; | |
105 | |
106 private: | |
107 int ContinueSSL(); | |
108 static SECStatus AuthCertificateHook(void *arg, PRFileDesc *fd, | |
109 PRBool checksig, PRBool isServer); | |
110 static SECStatus GetClientAuthDataHook(void *arg, PRFileDesc *fd, | |
111 CERTDistNames *caNames, | |
112 CERTCertificate **pRetCert, | |
113 SECKEYPrivateKey **pRetKey); | |
114 | |
115 PRFileDesc *ssl_fd_; // NSS's SSL file descriptor | |
116 static bool initialized; // Was InitializeSSL() called? | |
117 bool cert_ok_; // Did we get and check a cert | |
118 std::vector<PRUint16> srtp_ciphers_; // SRTP cipher list | |
119 | |
120 static PRDescIdentity nspr_layer_identity; // The NSPR layer identity | |
121 }; | |
122 | |
123 } // namespace rtc | |
124 | |
125 #endif // WEBRTC_BASE_NSSSTREAMADAPTER_H_ | |
OLD | NEW |