toolkit/identity/IdentityCryptoService.cpp@129ffea94266
toolkit/identity/IdentityCryptoService.cpp
Sat, 03 Jan 2015 20:18:00 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 03 Jan 2015 20:18:00 +0100
- branch
- TOR_BUG_3246
- changeset 7
- 129ffea94266
- permissions
- -rw-r--r--
Conditionally enable double key logic according to:
private browsing mode or privacy.thirdparty.isolate preference and
implement in GetCookieStringCommon and FindCookie where it counts...
With some reservations of how to convince FindCookie users to test
condition and pass a nullptr when disabling double key logic.
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "nsIIdentityCryptoService.h"
8 #include "mozilla/ModuleUtils.h"
9 #include "nsServiceManagerUtils.h"
10 #include "nsNSSShutDown.h"
11 #include "nsIThread.h"
12 #include "nsThreadUtils.h"
13 #include "nsCOMPtr.h"
14 #include "nsProxyRelease.h"
15 #include "nsString.h"
16 #include "mozilla/ArrayUtils.h" // ArrayLength
17 #include "mozilla/Base64.h"
18 #include "ScopedNSSTypes.h"
20 #include "nss.h"
21 #include "pk11pub.h"
22 #include "secmod.h"
23 #include "secerr.h"
24 #include "keyhi.h"
25 #include "cryptohi.h"
27 #include <limits.h>
29 using namespace mozilla;
31 namespace {
33 void
34 HexEncode(const SECItem * it, nsACString & result)
35 {
36 const char * digits = "0123456789ABCDEF";
37 result.SetCapacity((it->len * 2) + 1);
38 result.SetLength(it->len * 2);
39 char * p = result.BeginWriting();
40 for (unsigned int i = 0; i < it->len; ++i) {
41 *p++ = digits[it->data[i] >> 4];
42 *p++ = digits[it->data[i] & 0x0f];
43 }
44 }
46 nsresult
47 Base64UrlEncodeImpl(const nsACString & utf8Input, nsACString & result)
48 {
49 nsresult rv = Base64Encode(utf8Input, result);
51 NS_ENSURE_SUCCESS(rv, rv);
53 nsACString::char_type * out = result.BeginWriting();
54 nsACString::size_type length = result.Length();
55 // base64url encoding is defined in RFC 4648. It replaces the last two
56 // alphabet characters of base64 encoding with '-' and '_' respectively.
57 for (unsigned int i = 0; i < length; ++i) {
58 if (out[i] == '+') {
59 out[i] = '-';
60 } else if (out[i] == '/') {
61 out[i] = '_';
62 }
63 }
65 return NS_OK;
66 }
68 #define DSA_KEY_TYPE_STRING (NS_LITERAL_CSTRING("DS160"))
69 #define RSA_KEY_TYPE_STRING (NS_LITERAL_CSTRING("RS256"))
71 class KeyPair : public nsIIdentityKeyPair, public nsNSSShutDownObject
72 {
73 public:
74 NS_DECL_THREADSAFE_ISUPPORTS
75 NS_DECL_NSIIDENTITYKEYPAIR
77 KeyPair(SECKEYPrivateKey* aPrivateKey, SECKEYPublicKey* aPublicKey);
79 private:
80 ~KeyPair()
81 {
82 nsNSSShutDownPreventionLock locker;
83 if (isAlreadyShutDown()) {
84 return;
85 }
86 destructorSafeDestroyNSSReference();
87 shutdown(calledFromObject);
88 }
90 void virtualDestroyNSSReference() MOZ_OVERRIDE
91 {
92 destructorSafeDestroyNSSReference();
93 }
95 void destructorSafeDestroyNSSReference()
96 {
97 SECKEY_DestroyPrivateKey(mPrivateKey);
98 mPrivateKey = nullptr;
99 SECKEY_DestroyPublicKey(mPublicKey);
100 mPublicKey = nullptr;
101 }
103 SECKEYPrivateKey * mPrivateKey;
104 SECKEYPublicKey * mPublicKey;
106 KeyPair(const KeyPair &) MOZ_DELETE;
107 void operator=(const KeyPair &) MOZ_DELETE;
108 };
110 NS_IMPL_ISUPPORTS(KeyPair, nsIIdentityKeyPair)
112 class KeyGenRunnable : public nsRunnable, public nsNSSShutDownObject
113 {
114 public:
115 NS_DECL_NSIRUNNABLE
117 KeyGenRunnable(KeyType keyType, nsIIdentityKeyGenCallback * aCallback);
119 private:
120 ~KeyGenRunnable()
121 {
122 nsNSSShutDownPreventionLock locker;
123 if (isAlreadyShutDown()) {
124 return;
125 }
126 destructorSafeDestroyNSSReference();
127 shutdown(calledFromObject);
128 }
130 virtual void virtualDestroyNSSReference() MOZ_OVERRIDE
131 {
132 destructorSafeDestroyNSSReference();
133 }
135 void destructorSafeDestroyNSSReference()
136 {
137 }
139 const KeyType mKeyType; // in
140 nsMainThreadPtrHandle<nsIIdentityKeyGenCallback> mCallback; // in
141 nsresult mRv; // out
142 nsCOMPtr<nsIIdentityKeyPair> mKeyPair; // out
144 KeyGenRunnable(const KeyGenRunnable &) MOZ_DELETE;
145 void operator=(const KeyGenRunnable &) MOZ_DELETE;
146 };
148 class SignRunnable : public nsRunnable, public nsNSSShutDownObject
149 {
150 public:
151 NS_DECL_NSIRUNNABLE
153 SignRunnable(const nsACString & textToSign, SECKEYPrivateKey * privateKey,
154 nsIIdentitySignCallback * aCallback);
156 private:
157 ~SignRunnable()
158 {
159 nsNSSShutDownPreventionLock locker;
160 if (isAlreadyShutDown()) {
161 return;
162 }
163 destructorSafeDestroyNSSReference();
164 shutdown(calledFromObject);
165 }
167 void virtualDestroyNSSReference() MOZ_OVERRIDE
168 {
169 destructorSafeDestroyNSSReference();
170 }
172 void destructorSafeDestroyNSSReference()
173 {
174 SECKEY_DestroyPrivateKey(mPrivateKey);
175 mPrivateKey = nullptr;
176 }
178 const nsCString mTextToSign; // in
179 SECKEYPrivateKey* mPrivateKey; // in
180 nsMainThreadPtrHandle<nsIIdentitySignCallback> mCallback; // in
181 nsresult mRv; // out
182 nsCString mSignature; // out
184 private:
185 SignRunnable(const SignRunnable &) MOZ_DELETE;
186 void operator=(const SignRunnable &) MOZ_DELETE;
187 };
189 class IdentityCryptoService MOZ_FINAL : public nsIIdentityCryptoService
190 {
191 public:
192 NS_DECL_THREADSAFE_ISUPPORTS
193 NS_DECL_NSIIDENTITYCRYPTOSERVICE
195 IdentityCryptoService() { }
196 nsresult Init()
197 {
198 nsresult rv;
199 nsCOMPtr<nsISupports> dummyUsedToEnsureNSSIsInitialized
200 = do_GetService("@mozilla.org/psm;1", &rv);
201 NS_ENSURE_SUCCESS(rv, rv);
203 return NS_OK;
204 }
206 private:
207 IdentityCryptoService(const KeyPair &) MOZ_DELETE;
208 void operator=(const IdentityCryptoService &) MOZ_DELETE;
209 };
211 NS_IMPL_ISUPPORTS(IdentityCryptoService, nsIIdentityCryptoService)
213 NS_IMETHODIMP
214 IdentityCryptoService::GenerateKeyPair(
215 const nsACString & keyTypeString, nsIIdentityKeyGenCallback * callback)
216 {
217 KeyType keyType;
218 if (keyTypeString.Equals(RSA_KEY_TYPE_STRING)) {
219 keyType = rsaKey;
220 } else if (keyTypeString.Equals(DSA_KEY_TYPE_STRING)) {
221 keyType = dsaKey;
222 } else {
223 return NS_ERROR_UNEXPECTED;
224 }
226 nsCOMPtr<nsIRunnable> r = new KeyGenRunnable(keyType, callback);
227 nsCOMPtr<nsIThread> thread;
228 nsresult rv = NS_NewThread(getter_AddRefs(thread), r);
229 NS_ENSURE_SUCCESS(rv, rv);
231 return NS_OK;
232 }
234 NS_IMETHODIMP
235 IdentityCryptoService::Base64UrlEncode(const nsACString & utf8Input,
236 nsACString & result)
237 {
238 return Base64UrlEncodeImpl(utf8Input, result);
239 }
241 KeyPair::KeyPair(SECKEYPrivateKey * privateKey, SECKEYPublicKey * publicKey)
242 : mPrivateKey(privateKey)
243 , mPublicKey(publicKey)
244 {
245 MOZ_ASSERT(!NS_IsMainThread());
246 }
248 NS_IMETHODIMP
249 KeyPair::GetHexRSAPublicKeyExponent(nsACString & result)
250 {
251 MOZ_ASSERT(NS_IsMainThread());
252 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
253 NS_ENSURE_TRUE(mPublicKey->keyType == rsaKey, NS_ERROR_NOT_AVAILABLE);
254 HexEncode(&mPublicKey->u.rsa.publicExponent, result);
255 return NS_OK;
256 }
258 NS_IMETHODIMP
259 KeyPair::GetHexRSAPublicKeyModulus(nsACString & result)
260 {
261 MOZ_ASSERT(NS_IsMainThread());
262 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
263 NS_ENSURE_TRUE(mPublicKey->keyType == rsaKey, NS_ERROR_NOT_AVAILABLE);
264 HexEncode(&mPublicKey->u.rsa.modulus, result);
265 return NS_OK;
266 }
268 NS_IMETHODIMP
269 KeyPair::GetHexDSAPrime(nsACString & result)
270 {
271 MOZ_ASSERT(NS_IsMainThread());
272 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
273 NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
274 HexEncode(&mPublicKey->u.dsa.params.prime, result);
275 return NS_OK;
276 }
278 NS_IMETHODIMP
279 KeyPair::GetHexDSASubPrime(nsACString & result)
280 {
281 MOZ_ASSERT(NS_IsMainThread());
282 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
283 NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
284 HexEncode(&mPublicKey->u.dsa.params.subPrime, result);
285 return NS_OK;
286 }
288 NS_IMETHODIMP
289 KeyPair::GetHexDSAGenerator(nsACString & result)
290 {
291 MOZ_ASSERT(NS_IsMainThread());
292 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
293 NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
294 HexEncode(&mPublicKey->u.dsa.params.base, result);
295 return NS_OK;
296 }
298 NS_IMETHODIMP
299 KeyPair::GetHexDSAPublicValue(nsACString & result)
300 {
301 MOZ_ASSERT(NS_IsMainThread());
302 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
303 NS_ENSURE_TRUE(mPublicKey->keyType == dsaKey, NS_ERROR_NOT_AVAILABLE);
304 HexEncode(&mPublicKey->u.dsa.publicValue, result);
305 return NS_OK;
306 }
308 NS_IMETHODIMP
309 KeyPair::GetKeyType(nsACString & result)
310 {
311 MOZ_ASSERT(NS_IsMainThread());
312 NS_ENSURE_TRUE(mPublicKey, NS_ERROR_NOT_AVAILABLE);
314 switch (mPublicKey->keyType) {
315 case rsaKey: result = RSA_KEY_TYPE_STRING; return NS_OK;
316 case dsaKey: result = DSA_KEY_TYPE_STRING; return NS_OK;
317 default: return NS_ERROR_UNEXPECTED;
318 }
319 }
321 NS_IMETHODIMP
322 KeyPair::Sign(const nsACString & textToSign,
323 nsIIdentitySignCallback* callback)
324 {
325 MOZ_ASSERT(NS_IsMainThread());
326 nsCOMPtr<nsIRunnable> r = new SignRunnable(textToSign, mPrivateKey,
327 callback);
329 nsCOMPtr<nsIThread> thread;
330 nsresult rv = NS_NewThread(getter_AddRefs(thread), r);
331 return rv;
332 }
334 KeyGenRunnable::KeyGenRunnable(KeyType keyType,
335 nsIIdentityKeyGenCallback * callback)
336 : mKeyType(keyType)
337 , mCallback(new nsMainThreadPtrHolder<nsIIdentityKeyGenCallback>(callback))
338 , mRv(NS_ERROR_NOT_INITIALIZED)
339 {
340 }
342 MOZ_WARN_UNUSED_RESULT nsresult
343 GenerateKeyPair(PK11SlotInfo * slot,
344 SECKEYPrivateKey ** privateKey,
345 SECKEYPublicKey ** publicKey,
346 CK_MECHANISM_TYPE mechanism,
347 void * params)
348 {
349 *publicKey = nullptr;
350 *privateKey = PK11_GenerateKeyPair(slot, mechanism, params, publicKey,
351 PR_FALSE /*isPerm*/,
352 PR_TRUE /*isSensitive*/,
353 nullptr /*&pwdata*/);
354 if (!*privateKey) {
355 MOZ_ASSERT(!*publicKey);
356 return PRErrorCode_to_nsresult(PR_GetError());
357 }
358 if (!*publicKey) {
359 SECKEY_DestroyPrivateKey(*privateKey);
360 *privateKey = nullptr;
361 MOZ_CRASH("PK11_GnerateKeyPair returned private key without public key");
362 }
364 return NS_OK;
365 }
368 MOZ_WARN_UNUSED_RESULT nsresult
369 GenerateRSAKeyPair(PK11SlotInfo * slot,
370 SECKEYPrivateKey ** privateKey,
371 SECKEYPublicKey ** publicKey)
372 {
373 MOZ_ASSERT(!NS_IsMainThread());
375 PK11RSAGenParams rsaParams;
376 rsaParams.keySizeInBits = 2048;
377 rsaParams.pe = 0x10001;
378 return GenerateKeyPair(slot, privateKey, publicKey, CKM_RSA_PKCS_KEY_PAIR_GEN,
379 &rsaParams);
380 }
382 MOZ_WARN_UNUSED_RESULT nsresult
383 GenerateDSAKeyPair(PK11SlotInfo * slot,
384 SECKEYPrivateKey ** privateKey,
385 SECKEYPublicKey ** publicKey)
386 {
387 MOZ_ASSERT(!NS_IsMainThread());
389 // XXX: These could probably be static const arrays, but this way we avoid
390 // compiler warnings and also we avoid having to worry much about whether the
391 // functions that take these inputs will (unexpectedly) modify them.
393 // Using NIST parameters. Some other BrowserID components require that these
394 // exact parameters are used.
395 uint8_t P[] = {
396 0xFF,0x60,0x04,0x83,0xDB,0x6A,0xBF,0xC5,0xB4,0x5E,0xAB,0x78,
397 0x59,0x4B,0x35,0x33,0xD5,0x50,0xD9,0xF1,0xBF,0x2A,0x99,0x2A,
398 0x7A,0x8D,0xAA,0x6D,0xC3,0x4F,0x80,0x45,0xAD,0x4E,0x6E,0x0C,
399 0x42,0x9D,0x33,0x4E,0xEE,0xAA,0xEF,0xD7,0xE2,0x3D,0x48,0x10,
400 0xBE,0x00,0xE4,0xCC,0x14,0x92,0xCB,0xA3,0x25,0xBA,0x81,0xFF,
401 0x2D,0x5A,0x5B,0x30,0x5A,0x8D,0x17,0xEB,0x3B,0xF4,0xA0,0x6A,
402 0x34,0x9D,0x39,0x2E,0x00,0xD3,0x29,0x74,0x4A,0x51,0x79,0x38,
403 0x03,0x44,0xE8,0x2A,0x18,0xC4,0x79,0x33,0x43,0x8F,0x89,0x1E,
404 0x22,0xAE,0xEF,0x81,0x2D,0x69,0xC8,0xF7,0x5E,0x32,0x6C,0xB7,
405 0x0E,0xA0,0x00,0xC3,0xF7,0x76,0xDF,0xDB,0xD6,0x04,0x63,0x8C,
406 0x2E,0xF7,0x17,0xFC,0x26,0xD0,0x2E,0x17
407 };
409 uint8_t Q[] = {
410 0xE2,0x1E,0x04,0xF9,0x11,0xD1,0xED,0x79,0x91,0x00,0x8E,0xCA,
411 0xAB,0x3B,0xF7,0x75,0x98,0x43,0x09,0xC3
412 };
414 uint8_t G[] = {
415 0xC5,0x2A,0x4A,0x0F,0xF3,0xB7,0xE6,0x1F,0xDF,0x18,0x67,0xCE,
416 0x84,0x13,0x83,0x69,0xA6,0x15,0x4F,0x4A,0xFA,0x92,0x96,0x6E,
417 0x3C,0x82,0x7E,0x25,0xCF,0xA6,0xCF,0x50,0x8B,0x90,0xE5,0xDE,
418 0x41,0x9E,0x13,0x37,0xE0,0x7A,0x2E,0x9E,0x2A,0x3C,0xD5,0xDE,
419 0xA7,0x04,0xD1,0x75,0xF8,0xEB,0xF6,0xAF,0x39,0x7D,0x69,0xE1,
420 0x10,0xB9,0x6A,0xFB,0x17,0xC7,0xA0,0x32,0x59,0x32,0x9E,0x48,
421 0x29,0xB0,0xD0,0x3B,0xBC,0x78,0x96,0xB1,0x5B,0x4A,0xDE,0x53,
422 0xE1,0x30,0x85,0x8C,0xC3,0x4D,0x96,0x26,0x9A,0xA8,0x90,0x41,
423 0xF4,0x09,0x13,0x6C,0x72,0x42,0xA3,0x88,0x95,0xC9,0xD5,0xBC,
424 0xCA,0xD4,0xF3,0x89,0xAF,0x1D,0x7A,0x4B,0xD1,0x39,0x8B,0xD0,
425 0x72,0xDF,0xFA,0x89,0x62,0x33,0x39,0x7A
426 };
428 static_assert(MOZ_ARRAY_LENGTH(P) == 1024 / CHAR_BIT, "bad DSA P");
429 static_assert(MOZ_ARRAY_LENGTH(Q) == 160 / CHAR_BIT, "bad DSA Q");
430 static_assert(MOZ_ARRAY_LENGTH(G) == 1024 / CHAR_BIT, "bad DSA G");
432 PQGParams pqgParams = {
433 nullptr /*arena*/,
434 { siBuffer, P, static_cast<unsigned int>(mozilla::ArrayLength(P)) },
435 { siBuffer, Q, static_cast<unsigned int>(mozilla::ArrayLength(Q)) },
436 { siBuffer, G, static_cast<unsigned int>(mozilla::ArrayLength(G)) }
437 };
439 return GenerateKeyPair(slot, privateKey, publicKey, CKM_DSA_KEY_PAIR_GEN,
440 &pqgParams);
441 }
443 NS_IMETHODIMP
444 KeyGenRunnable::Run()
445 {
446 if (!NS_IsMainThread()) {
447 nsNSSShutDownPreventionLock locker;
448 if (isAlreadyShutDown()) {
449 mRv = NS_ERROR_NOT_AVAILABLE;
450 } else {
451 // We always want to use the internal slot for BrowserID; in particular,
452 // we want to avoid smartcard slots.
453 PK11SlotInfo *slot = PK11_GetInternalSlot();
454 if (!slot) {
455 mRv = NS_ERROR_UNEXPECTED;
456 } else {
457 SECKEYPrivateKey *privk = nullptr;
458 SECKEYPublicKey *pubk = nullptr;
460 switch (mKeyType) {
461 case rsaKey:
462 mRv = GenerateRSAKeyPair(slot, &privk, &pubk);
463 break;
464 case dsaKey:
465 mRv = GenerateDSAKeyPair(slot, &privk, &pubk);
466 break;
467 default:
468 MOZ_CRASH("unknown key type");
469 }
471 PK11_FreeSlot(slot);
473 if (NS_SUCCEEDED(mRv)) {
474 MOZ_ASSERT(privk);
475 MOZ_ASSERT(pubk);
476 // mKeyPair will take over ownership of privk and pubk
477 mKeyPair = new KeyPair(privk, pubk);
478 }
479 }
480 }
482 NS_DispatchToMainThread(this);
483 } else {
484 // Back on Main Thread
485 (void) mCallback->GenerateKeyPairFinished(mRv, mKeyPair);
486 }
487 return NS_OK;
488 }
490 SignRunnable::SignRunnable(const nsACString & aText,
491 SECKEYPrivateKey * privateKey,
492 nsIIdentitySignCallback * aCallback)
493 : mTextToSign(aText)
494 , mPrivateKey(SECKEY_CopyPrivateKey(privateKey))
495 , mCallback(new nsMainThreadPtrHolder<nsIIdentitySignCallback>(aCallback))
496 , mRv(NS_ERROR_NOT_INITIALIZED)
497 {
498 }
500 NS_IMETHODIMP
501 SignRunnable::Run()
502 {
503 if (!NS_IsMainThread()) {
504 nsNSSShutDownPreventionLock locker;
505 if (isAlreadyShutDown()) {
506 mRv = NS_ERROR_NOT_AVAILABLE;
507 } else {
508 // We need the output in PKCS#11 format, not DER encoding, so we must use
509 // PK11_HashBuf and PK11_Sign instead of SEC_SignData.
511 SECItem sig = { siBuffer, nullptr, 0 };
512 int sigLength = PK11_SignatureLen(mPrivateKey);
513 if (sigLength <= 0) {
514 mRv = PRErrorCode_to_nsresult(PR_GetError());
515 } else if (!SECITEM_AllocItem(nullptr, &sig, sigLength)) {
516 mRv = PRErrorCode_to_nsresult(PR_GetError());
517 } else {
518 uint8_t hash[32]; // big enough for SHA-1 or SHA-256
519 SECOidTag hashAlg = mPrivateKey->keyType == dsaKey ? SEC_OID_SHA1
520 : SEC_OID_SHA256;
521 SECItem hashItem = { siBuffer, hash,
522 hashAlg == SEC_OID_SHA1 ? 20u : 32u };
524 mRv = MapSECStatus(PK11_HashBuf(hashAlg, hash,
525 const_cast<uint8_t*>(reinterpret_cast<const uint8_t *>(
526 mTextToSign.get())),
527 mTextToSign.Length()));
528 if (NS_SUCCEEDED(mRv)) {
529 mRv = MapSECStatus(PK11_Sign(mPrivateKey, &sig, &hashItem));
530 }
531 if (NS_SUCCEEDED(mRv)) {
532 nsDependentCSubstring sigString(
533 reinterpret_cast<const char*>(sig.data), sig.len);
534 mRv = Base64UrlEncodeImpl(sigString, mSignature);
535 }
536 SECITEM_FreeItem(&sig, false);
537 }
538 }
540 NS_DispatchToMainThread(this);
541 } else {
542 // Back on Main Thread
543 (void) mCallback->SignFinished(mRv, mSignature);
544 }
546 return NS_OK;
547 }
549 // XPCOM module registration
551 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(IdentityCryptoService, Init)
553 #define NS_IDENTITYCRYPTOSERVICE_CID \
554 {0xbea13a3a, 0x44e8, 0x4d7f, {0xa0, 0xa2, 0x2c, 0x67, 0xf8, 0x4e, 0x3a, 0x97}}
556 NS_DEFINE_NAMED_CID(NS_IDENTITYCRYPTOSERVICE_CID);
558 const mozilla::Module::CIDEntry kCIDs[] = {
559 { &kNS_IDENTITYCRYPTOSERVICE_CID, false, nullptr, IdentityCryptoServiceConstructor },
560 { nullptr }
561 };
563 const mozilla::Module::ContractIDEntry kContracts[] = {
564 { "@mozilla.org/identity/crypto-service;1", &kNS_IDENTITYCRYPTOSERVICE_CID },
565 { nullptr }
566 };
568 const mozilla::Module kModule = {
569 mozilla::Module::kVersion,
570 kCIDs,
571 kContracts
572 };
574 } // unnamed namespace
576 NSMODULE_DEFN(identity) = &kModule;
