Revert of Refactor connection_security into SecurityStateModel (patchset #17 id:36000...
[chromium-blink-merge.git] / crypto / aes_128_gcm_helpers_nss.h
blobdadc56e0f0d202c01d7b3c21d2d8b0d5fd51dd54
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CRYPTO_AES_128_GCM_HELPERS_NSS_H_
6 #define CRYPTO_AES_128_GCM_HELPERS_NSS_H_
8 #include <pk11pub.h>
9 #include <secerr.h>
11 #include "crypto/crypto_export.h"
13 namespace crypto {
15 // When using the CKM_AES_GCM mechanism, one must consider that the mechanism
16 // had a bug in NSS 3.14.x (https://bugzilla.mozilla.org/show_bug.cgi?id=853285)
17 // which also lacks the PK11_Decrypt and PK11_Encrypt functions.
18 // (https://bugzilla.mozilla.org/show_bug.cgi?id=854063)
20 // While both these bugs were resolved in NSS 3.15, certain builds of Chromium
21 // may still be loading older versions of NSS as the system libraries. These
22 // helper methods emulate support by using CKM_AES_CTR and the GaloisHash.
24 // Helper function for using PK11_Decrypt. |mechanism| must be set to
25 // CKM_AES_GCM for this method.
26 CRYPTO_EXPORT SECStatus PK11DecryptHelper(PK11SymKey* key,
27 CK_MECHANISM_TYPE mechanism,
28 SECItem* param,
29 unsigned char* out,
30 unsigned int* out_len,
31 unsigned int max_len,
32 const unsigned char* data,
33 unsigned int data_len);
35 // Helper function for using PK11_Encrypt. |mechanism| must be set to
36 // CKM_AES_GCM for this method.
37 CRYPTO_EXPORT SECStatus PK11EncryptHelper(PK11SymKey* key,
38 CK_MECHANISM_TYPE mechanism,
39 SECItem* param,
40 unsigned char* out,
41 unsigned int* out_len,
42 unsigned int max_len,
43 const unsigned char* data,
44 unsigned int data_len);
46 } // namespace crypto
48 #endif // CRYPTO_AES_128_GCM_HELPERS_NSS_H_