Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 1039064: Use strongly-typed enum instead of NSPR-style error hand…
…ling, r=keeler --HG-- extra : rebase_source : 4f3e41916cd7e2c74679d468eeeb702af3321532
- Loading branch information
1 parent
7327d66
commit 28685ac
Showing
28 changed files
with
1,210 additions
and
1,211 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ | ||
/* vim: set ts=8 sts=2 et sw=2 tw=80: */ | ||
/* This code is made available to you under your choice of the following sets | ||
* of licensing terms: | ||
*/ | ||
/* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this | ||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. | ||
*/ | ||
/* Copyright 2013 Mozilla Contributors | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
#ifndef mozilla_pkix__pkixnss_h | ||
#define mozilla_pkix__pkixnss_h | ||
|
||
#include "pkixtypes.h" | ||
#include "prerror.h" | ||
#include "seccomon.h" | ||
|
||
namespace mozilla { namespace pkix { | ||
|
||
// Verify the given signed data using the given public key. | ||
Result VerifySignedData(const SignedDataWithSignature& sd, | ||
const SECItem& subjectPublicKeyInfo, | ||
void* pkcs11PinArg); | ||
|
||
// Computes the SHA-1 hash of the data in the current item. | ||
// | ||
// item contains the data to hash. | ||
// digestBuf must point to a buffer to where the SHA-1 hash will be written. | ||
// digestBufLen must be 20 (the length of a SHA-1 hash, | ||
// TrustDomain::DIGEST_LENGTH). | ||
// | ||
// TODO(bug 966856): Add SHA-2 support | ||
// TODO: Taking the output buffer as (uint8_t*, size_t) is counter to our | ||
// other, extensive, memory safety efforts in mozilla::pkix, and we should find | ||
// a way to provide a more-obviously-safe interface. | ||
Result DigestBuf(const SECItem& item, /*out*/ uint8_t* digestBuf, | ||
size_t digestBufLen); | ||
|
||
// Checks, for RSA keys and DSA keys, that the modulus is at least 1024 bits. | ||
Result CheckPublicKey(const SECItem& subjectPublicKeyInfo); | ||
|
||
Result MapPRErrorCodeToResult(PRErrorCode errorCode); | ||
PRErrorCode MapResultToPRErrorCode(Result result); | ||
|
||
// Returns the stringified name of the given result, e.g. "Result::Success", | ||
// or nullptr if result is unknown (invalid). | ||
const char* MapResultToName(Result result); | ||
|
||
// The error codes within each module must fit in 16 bits. We want these | ||
// errors to fit in the same module as the NSS errors but not overlap with | ||
// any of them. Converting an NSS SEC, NSS SSL, or PSM error to an NS error | ||
// involves negating the value of the error and then synthesizing an error | ||
// in the NS_ERROR_MODULE_SECURITY module. Hence, PSM errors will start at | ||
// a negative value that both doesn't overlap with the current value | ||
// ranges for NSS errors and that will fit in 16 bits when negated. | ||
static const PRErrorCode ERROR_BASE = -0x4000; | ||
static const PRErrorCode ERROR_LIMIT = ERROR_BASE + 1000; | ||
|
||
enum ErrorCode { | ||
MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE = ERROR_BASE + 0 | ||
}; | ||
|
||
void RegisterErrorTable(); | ||
|
||
} } // namespace mozilla::pkix | ||
|
||
#endif // mozilla_pkix__pkixnss_h |
Oops, something went wrong.