/*
* J A R _ d i g e s t _ f i l e
*
* Calculates the MD5 and SHA1 digests for a file
* present on disk, and returns these in JAR_Digest struct.
*
*/
int
JAR_digest_file (char *filename, JAR_Digest *dig)
{
JAR_FILE fp;
PK11Context *md5 = 0;
PK11Context *sha1 = 0;
unsigned char *buf = (unsigned char *) PORT_ZAlloc (FILECHUNQ);
int num;
unsigned int md5_length, sha1_length;
if (buf == NULL) {
/* out of memory */
return JAR_ERR_MEMORY;
}
if ((fp = JAR_FOPEN (filename, "rb")) == 0) {
/* perror (filename); FIX XXX XXX XXX XXX XXX XXX */
PORT_Free (buf);
return JAR_ERR_FNF;
}
md5 = PK11_CreateDigestContext (SEC_OID_MD5);
sha1 = PK11_CreateDigestContext (SEC_OID_SHA1);
if (md5 == NULL || sha1 == NULL) {
/* can't generate digest contexts */
PORT_Free (buf);
JAR_FCLOSE (fp);
return JAR_ERR_GENERAL;
}
PK11_DigestBegin (md5);
PK11_DigestBegin (sha1);
while (1) {
if ((num = JAR_FREAD (fp, buf, FILECHUNQ)) == 0)
break;
PK11_DigestOp (md5, buf, num);
PK11_DigestOp (sha1, buf, num);
}
PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
PK11_DestroyContext (md5, PR_TRUE);
PK11_DestroyContext (sha1, PR_TRUE);
PORT_Free (buf);
JAR_FCLOSE (fp);
return 0;
}
char *oauth_body_hash_data(size_t length, const char *data) {
PK11SlotInfo *slot = NULL;
PK11Context *context = NULL;
unsigned char digest[20]; // Is there a way to tell how large the output is?
unsigned int len;
SECStatus s;
char *rv=NULL;
oauth_init_nss();
slot = PK11_GetInternalKeySlot();
if (!slot) goto looser;
context = PK11_CreateDigestContext(SEC_OID_SHA1);
if (!context) goto looser;
s = PK11_DigestBegin(context);
if (s != SECSuccess) goto looser;
s = PK11_DigestOp(context, (unsigned char*) data, length);
if (s != SECSuccess) goto looser;
s = PK11_DigestFinal(context, digest, &len, sizeof digest);
if (s != SECSuccess) goto looser;
unsigned char *dgst = xmalloc(len*sizeof(char)); // oauth_body_hash_encode frees the digest..
memcpy(dgst, digest, len);
rv=oauth_body_hash_encode(len, dgst);
looser:
if (context) PK11_DestroyContext(context, PR_TRUE);
if (slot) PK11_FreeSlot(slot);
return rv;
}
int sxi_hmac_sha1_init_ex(sxi_hmac_sha1_ctx *ctx,
const void *key, int key_len)
{
if (!ctx)
return 0;
/* NOTE: params must be provided, but may be empty */
SECItem noParams;
noParams.type = siBuffer;
noParams.data = 0;
noParams.len = 0;
if (ctx->context)
PK11_DestroyContext(ctx->context, PR_TRUE);
if (ctx->key)
PK11_FreeSymKey(ctx->key);
if (ctx->keysec)
SECITEM_FreeItem(ctx->keysec, PR_TRUE);
ctx->keysec = SECITEM_AllocItem(NULL, NULL, key_len);
if (ctx->keysec) {
memcpy(ctx->keysec->data, key, key_len);
ctx->key = PK11_ImportSymKey(ctx->slot, CKM_SHA_1_HMAC, PK11_OriginDerive, CKA_SIGN,
ctx->keysec, &noParams);
if(ctx->key) {
ctx->context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, ctx->key, &noParams);
if (ctx->context && PK11_DigestBegin(ctx->context) == SECSuccess)
return 1;
}
}
return 0;
}
static int nss_hash_init(void **pctx, SECOidTag hash_alg)
{
PK11Context *ctx;
/* we have to initialize NSS if not initialized alraedy */
#ifdef HAVE_NSS_INITCONTEXT
if(!NSS_IsInitialized() && !nss_context) {
static NSSInitParameters params;
params.length = sizeof params;
nss_context = NSS_InitContext("", "", "", "", ¶ms, NSS_INIT_READONLY
| NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
| NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
}
#endif
ctx = PK11_CreateDigestContext(hash_alg);
if(!ctx)
return /* failure */ 0;
if(PK11_DigestBegin(ctx) != SECSuccess) {
PK11_DestroyContext(ctx, PR_TRUE);
return /* failure */ 0;
}
*pctx = ctx;
return /* success */ 1;
}
// Let derIssuer be the DER encoding of the issuer of aCert.
// Let derPublicKey be the DER encoding of the public key of aIssuerCert.
// Let serialNumber be the bytes of the serial number of aCert.
// The value calculated is SHA384(derIssuer || derPublicKey || serialNumber).
// Because the DER encodings include the length of the data encoded,
// there do not exist A(derIssuerA, derPublicKeyA, serialNumberA) and
// B(derIssuerB, derPublicKeyB, serialNumberB) such that the concatenation of
// each triplet results in the same string of bytes but where each part in A is
// not equal to its counterpart in B. This is important because as a result it
// is computationally infeasible to find collisions that would subvert this
// cache (given that SHA384 is a cryptographically-secure hash function).
static SECStatus
CertIDHash(SHA384Buffer& buf, const CertID& certID)
{
ScopedPK11Context context(PK11_CreateDigestContext(SEC_OID_SHA384));
if (!context) {
return SECFailure;
}
SECStatus rv = PK11_DigestBegin(context.get());
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), certID.issuer.data, certID.issuer.len);
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), certID.issuerSubjectPublicKeyInfo.data,
certID.issuerSubjectPublicKeyInfo.len);
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), certID.serialNumber.data,
certID.serialNumber.len);
if (rv != SECSuccess) {
return rv;
}
uint32_t outLen = 0;
rv = PK11_DigestFinal(context.get(), buf, &outLen, SHA384_LENGTH);
if (outLen != SHA384_LENGTH) {
return SECFailure;
}
return rv;
}
void hmac_final(u_char *output, struct hmac_ctx *ctx)
{
unsigned int outlen = 0;
SECStatus status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen,
ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
ctx->ctx_nss = NULL;
ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(ctx->h));
PR_ASSERT(ctx->ctx_nss != NULL);
status = PK11_DigestBegin(ctx->ctx_nss);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestKey(ctx->ctx_nss, ctx->okey);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestOp(ctx->ctx_nss, output, outlen);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen,
ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
if (ctx->ikey != NULL)
PK11_FreeSymKey(ctx->ikey);
if (ctx->okey != NULL)
PK11_FreeSymKey(ctx->okey);
/* DBG(DBG_CRYPT, DBG_log("NSS: hmac final end")); */
}
/* MAC is generated per PKCS 12 section 6. It is expected that key, msg
* and mac_dest are pre allocated, non-NULL arrays. msg_len is passed in
* because it is not known how long the message actually is. String
* manipulation routines will not necessarily work because msg may have
* imbedded NULLs
*/
SECItem *
sec_pkcs12_generate_mac(SECItem *key,
SECItem *msg,
PRBool old_method)
{
SECStatus res = SECFailure;
SECItem *mac = NULL;
PK11Context *pk11cx = NULL;
SECItem ignore = {0};
if((key == NULL) || (msg == NULL)) {
return NULL;
}
if(old_method == PR_TRUE) {
return sec_pkcs12_generate_old_mac(key, msg);
}
/* allocate return item */
mac = SECITEM_AllocItem(NULL, NULL, SHA1_LENGTH);
if (mac == NULL) {
return NULL;
}
pk11cx = PK11_CreateContextByRawKey(NULL, CKM_SHA_1_HMAC, PK11_OriginDerive,
CKA_SIGN, key, &ignore, NULL);
if (pk11cx == NULL) {
goto loser;
}
res = PK11_DigestBegin(pk11cx);
if (res == SECFailure) {
goto loser;
}
res = PK11_DigestOp(pk11cx, msg->data, msg->len);
if (res == SECFailure) {
goto loser;
}
res = PK11_DigestFinal(pk11cx, mac->data, &mac->len, SHA1_LENGTH);
if (res == SECFailure) {
goto loser;
}
PK11_DestroyContext(pk11cx, PR_TRUE);
pk11cx = NULL;
loser:
if(res != SECSuccess) {
SECITEM_ZfreeItem(mac, PR_TRUE);
mac = NULL;
if (pk11cx) {
PK11_DestroyContext(pk11cx, PR_TRUE);
}
}
return mac;
}
static void cpg_deliver_fn (
cpg_handle_t handle,
const struct cpg_name *group_name,
uint32_t nodeid,
uint32_t pid,
void *m,
size_t msg_len)
{
const struct my_msg *msg2 = m;
unsigned char sha1_compare[20];
unsigned int i;
unsigned int sha1_len;
printf ("msg '%s'\n", msg2->buffer);
PK11_DigestBegin(sha1_context);
PK11_DigestOp(sha1_context, msg2->buffer, msg2->msg_size);
PK11_DigestFinal(sha1_context, sha1_compare, &sha1_len, sizeof(sha1_compare));
printf ("SIZE %d HASH: ", msg2->msg_size);
for (i = 0; i < 20; i++) {
printf ("%x", sha1_compare[i]);
}
printf ("\n");
if (memcmp (sha1_compare, msg2->sha1, 20) != 0) {
printf ("incorrect hash\n");
exit (1);
}
deliveries++;
}
// Let derIssuer be the DER encoding of the issuer of aCert.
// Let derPublicKey be the DER encoding of the public key of aIssuerCert.
// Let serialNumber be the bytes of the serial number of aCert.
// The value calculated is SHA384(derIssuer || derPublicKey || serialNumber).
// Because the DER encodings include the length of the data encoded,
// there do not exist A(derIssuerA, derPublicKeyA, serialNumberA) and
// B(derIssuerB, derPublicKeyB, serialNumberB) such that the concatenation of
// each triplet results in the same string of bytes but where each part in A is
// not equal to its counterpart in B. This is important because as a result it
// is computationally infeasible to find collisions that would subvert this
// cache (given that SHA384 is a cryptographically-secure hash function).
static SECStatus
CertIDHash(SHA384Buffer& buf, const CERTCertificate* aCert,
const CERTCertificate* aIssuerCert)
{
ScopedPK11Context context(PK11_CreateDigestContext(SEC_OID_SHA384));
if (!context) {
return SECFailure;
}
SECStatus rv = PK11_DigestBegin(context.get());
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), aCert->derIssuer.data,
aCert->derIssuer.len);
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), aIssuerCert->derPublicKey.data,
aIssuerCert->derPublicKey.len);
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), aCert->serialNumber.data,
aCert->serialNumber.len);
if (rv != SECSuccess) {
return rv;
}
uint32_t outLen = 0;
rv = PK11_DigestFinal(context.get(), buf, &outLen, SHA384_LENGTH);
if (outLen != SHA384_LENGTH) {
return SECFailure;
}
return rv;
}
/* void init (in unsigned long aAlgorithm, in nsIKeyObject aKeyObject); */
NS_IMETHODIMP
nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject)
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (mHMACContext)
{
PK11_DestroyContext(mHMACContext, true);
mHMACContext = nullptr;
}
CK_MECHANISM_TYPE HMACMechType;
switch (aAlgorithm)
{
case nsCryptoHMAC::MD2:
HMACMechType = CKM_MD2_HMAC; break;
case nsCryptoHMAC::MD5:
HMACMechType = CKM_MD5_HMAC; break;
case nsCryptoHMAC::SHA1:
HMACMechType = CKM_SHA_1_HMAC; break;
case nsCryptoHMAC::SHA256:
HMACMechType = CKM_SHA256_HMAC; break;
case nsCryptoHMAC::SHA384:
HMACMechType = CKM_SHA384_HMAC; break;
case nsCryptoHMAC::SHA512:
HMACMechType = CKM_SHA512_HMAC; break;
default:
return NS_ERROR_INVALID_ARG;
}
NS_ENSURE_ARG_POINTER(aKeyObject);
nsresult rv;
int16_t keyType;
rv = aKeyObject->GetType(&keyType);
NS_ENSURE_SUCCESS(rv, rv);
NS_ENSURE_TRUE(keyType == nsIKeyObject::SYM_KEY, NS_ERROR_INVALID_ARG);
PK11SymKey* key;
// GetKeyObj doesn't addref the key
rv = aKeyObject->GetKeyObj((void**)&key);
NS_ENSURE_SUCCESS(rv, rv);
SECItem rawData;
rawData.data = 0;
rawData.len = 0;
mHMACContext = PK11_CreateContextBySymKey(
HMACMechType, CKA_SIGN, key, &rawData);
NS_ENSURE_TRUE(mHMACContext, NS_ERROR_FAILURE);
SECStatus ss = PK11_DigestBegin(mHMACContext);
NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
return NS_OK;
}
int sxi_sha1_init(sxi_md_ctx *ctx)
{
if (!ctx)
return 0;
if (PK11_DigestBegin(ctx->context) != SECSuccess)
return 0;
return 1;
}
PK11SymKey * PK11_Derive_osw(PK11SymKey *base, CK_MECHANISM_TYPE mechanism
, SECItem *param, CK_MECHANISM_TYPE target
, CK_ATTRIBUTE_TYPE operation, int keysize)
{
SECOidTag oid;
PK11Context *ctx;
unsigned char dkey[HMAC_BUFSIZE];
SECItem dkey_param;
SECStatus status;
unsigned int len=0;
CK_EXTRACT_PARAMS bs;
chunk_t dkey_chunk;
if( ((mechanism == CKM_SHA256_KEY_DERIVATION) ||
(mechanism == CKM_SHA384_KEY_DERIVATION)||
(mechanism == CKM_SHA512_KEY_DERIVATION)) && (param == NULL) && (keysize ==0)) {
switch (mechanism) {
case CKM_SHA256_KEY_DERIVATION: oid = SEC_OID_SHA256; break;
case CKM_SHA384_KEY_DERIVATION: oid = SEC_OID_SHA384; break;
case CKM_SHA512_KEY_DERIVATION: oid = SEC_OID_SHA512; break;
default: DBG(DBG_CRYPT, DBG_log("PK11_Derive_osw: Invalid NSS mechanism ")); break; /*should not reach here*/
}
ctx = PK11_CreateDigestContext(oid);
PR_ASSERT(ctx!=NULL);
status=PK11_DigestBegin(ctx);
PR_ASSERT(status == SECSuccess);
status=PK11_DigestKey(ctx, base);
PR_ASSERT(status == SECSuccess);
PK11_DigestFinal(ctx, dkey, &len, sizeof dkey);
PK11_DestroyContext(ctx, PR_TRUE);
dkey_chunk.ptr = dkey;
dkey_chunk.len = len;
PK11SymKey *tkey1 = pk11_derive_wrapper_osw(base, CKM_CONCATENATE_DATA_AND_BASE, dkey_chunk, CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE, 0);
PR_ASSERT(tkey1!=NULL);
bs=0;
dkey_param.data = (unsigned char*)&bs;
dkey_param.len = sizeof (bs);
PK11SymKey *tkey2 = PK11_Derive(tkey1, CKM_EXTRACT_KEY_FROM_KEY, &dkey_param, target, operation, len);
PR_ASSERT(tkey2!=NULL);
if(tkey1!=NULL) {
PK11_FreeSymKey(tkey1);
}
return tkey2;
}
else {
return PK11_Derive(base, mechanism, param, target, operation, keysize);
}
}
CryptoMd5
crypto_md5_init(void)
{
CryptoMd5 md5 = xmalloc(sizeof(*md5));
md5->context = PK11_CreateDigestContext(SEC_OID_MD5);
SECStatus s = PK11_DigestBegin(md5->context);
check(s, "Error initializing md5");
return md5;
}
CryptoSha1
crypto_sha1_init(void)
{
CryptoSha1 sha1 = xmalloc(sizeof(*sha1));
sha1->context = PK11_CreateDigestContext(SEC_OID_SHA1);
SECStatus s = PK11_DigestBegin(sha1->context);
check(s, "Error initializing sha1");
return sha1;
}
/* MD5 initialization. Begins an MD5 operation, writing a new context.
*/
void lsMD5Init(lsMD5_CTX *context)
{
SECStatus status;
context->ctx_nss = PK11_CreateDigestContext(SEC_OID_MD5);
passert(context->ctx_nss != NULL);
status = PK11_DigestBegin(context->ctx_nss);
passert(status == SECSuccess);
}
/* void reset (); */
NS_IMETHODIMP nsCryptoHMAC::Reset()
{
nsNSSShutDownPreventionLock locker;
SECStatus ss = PK11_DigestBegin(mHMACContext);
NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
return NS_OK;
}
void sha256_init(sha256_context *ctx)
{
DBG(DBG_CRYPT, DBG_log("NSS: sha256 init start"));
SECStatus status;
ctx->ctx_nss = NULL;
ctx->ctx_nss = PK11_CreateDigestContext(SEC_OID_SHA256);
PR_ASSERT(ctx->ctx_nss != NULL);
status = PK11_DigestBegin(ctx->ctx_nss);
PR_ASSERT(status == SECSuccess);
DBG(DBG_CRYPT, DBG_log("NSS: sha256 init end"));
}
/* Initialize the SHS values */
void shsInit(SHS_INFO *shsInfo)
{
if (k5_nss_init()) {
shsInfo->nss_ctxt = NULL;
return;
}
shsInfo->nss_ctxt = PK11_CreateDigestContext(SEC_OID_SHA1);
if (shsInfo->nss_ctxt == NULL)
return;
PK11_DigestBegin((PK11Context *)shsInfo->nss_ctxt);
}
gboolean
crypto_md5_hash (const char *salt,
const gsize salt_len,
const char *password,
gsize password_len,
char *buffer,
gsize buflen,
GError **error)
{
PK11Context *ctx;
int nkey = buflen;
unsigned int digest_len;
int count = 0;
char digest[MD5_HASH_LEN];
char *p = buffer;
if (salt)
g_return_val_if_fail (salt_len >= 8, FALSE);
g_return_val_if_fail (password != NULL, FALSE);
g_return_val_if_fail (password_len > 0, FALSE);
g_return_val_if_fail (buffer != NULL, FALSE);
g_return_val_if_fail (buflen > 0, FALSE);
ctx = PK11_CreateDigestContext (SEC_OID_MD5);
if (!ctx) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_MD5_INIT_FAILED,
_("Failed to initialize the MD5 context: %d."),
PORT_GetError ());
return FALSE;
}
while (nkey > 0) {
int i = 0;
PK11_DigestBegin (ctx);
if (count++)
PK11_DigestOp (ctx, (const unsigned char *) digest, digest_len);
PK11_DigestOp (ctx, (const unsigned char *) password, password_len);
if (salt)
PK11_DigestOp (ctx, (const unsigned char *) salt, 8); /* Only use 8 bytes of salt */
PK11_DigestFinal (ctx, (unsigned char *) digest, &digest_len, sizeof (digest));
while (nkey && (i < digest_len)) {
*(p++) = digest[i++];
nkey--;
}
}
memset (digest, 0, sizeof (digest));
PK11_DestroyContext (ctx, PR_TRUE);
return TRUE;
}
static void delivery_callback (
cpg_handle_t handle,
const struct cpg_name *groupName,
uint32_t nodeid,
uint32_t pid,
void *msg,
size_t msg_len)
{
log_entry_t *log_pt;
msg_t *msg_pt = (msg_t*)msg;
msg_status_t status = MSG_OK;
char status_buf[20];
unsigned char sha1_compare[20];
unsigned int sha1_len;
if (record_messages_g == 0) {
return;
}
if (nodeid != msg_pt->nodeid) {
status = MSG_NODEID_ERR;
}
if (pid != msg_pt->pid) {
status = MSG_PID_ERR;
}
if (msg_len != msg_pt->size) {
status = MSG_SIZE_ERR;
}
PK11_DigestBegin(sha1_context);
PK11_DigestOp(sha1_context, msg_pt->payload, (msg_pt->size - sizeof (msg_t)));
PK11_DigestFinal(sha1_context, sha1_compare, &sha1_len, sizeof(sha1_compare));
if (memcmp (sha1_compare, msg_pt->sha1, 20) != 0) {
qb_log (LOG_ERR, "msg seq:%d; incorrect hash",
msg_pt->seq);
status = MSG_SHA1_ERR;
}
log_pt = malloc (sizeof(log_entry_t));
qb_list_init (&log_pt->list);
snprintf (log_pt->log, LOG_STR_SIZE, "%u:%d:%d:%s;",
msg_pt->nodeid, msg_pt->seq, my_seq,
err_status_string (status_buf, 20, status));
qb_list_add_tail (&log_pt->list, &msg_log_head);
total_stored_msgs++;
total_msgs_revd++;
my_seq++;
if ((total_msgs_revd % 1000) == 0) {
qb_log (LOG_INFO, "rx %d", total_msgs_revd);
}
}
void sxi_sha256(const unsigned char *d, size_t n,unsigned char *md)
{
unsigned len;
PK11Context *context = PK11_CreateDigestContext(SEC_OID_SHA256);
if (!context || PK11_DigestBegin(context) != SECSuccess ||
PK11_DigestOp(context, d, n) != SECSuccess ||
PK11_DigestFinal(context, md, &len, SHA256_DIGEST_LENGTH) != SECSuccess)
{
/* TODO: log */
}
if (context)
PK11_DestroyContext(context, PR_TRUE);
}
/*
* J A R _ c a l c u l a t e _ d i g e s t
*
* Quick calculation of a digest for
* the specified block of memory. Will calculate
* for all supported algorithms, now MD5.
*
* This version supports huge pointers for WIN16.
*
*/
JAR_Digest * PR_CALLBACK
JAR_calculate_digest(void *data, long length)
{
PK11Context *md5 = 0;
PK11Context *sha1 = 0;
JAR_Digest *dig = PORT_ZNew(JAR_Digest);
long chunq;
unsigned int md5_length, sha1_length;
if (dig == NULL) {
/* out of memory allocating digest */
return NULL;
}
md5 = PK11_CreateDigestContext(SEC_OID_MD5);
sha1 = PK11_CreateDigestContext(SEC_OID_SHA1);
if (length >= 0) {
PK11_DigestBegin (md5);
PK11_DigestBegin (sha1);
do {
chunq = length;
PK11_DigestOp(md5, (unsigned char*)data, chunq);
PK11_DigestOp(sha1, (unsigned char*)data, chunq);
length -= chunq;
data = ((char *) data + chunq);
}
while (length > 0);
PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
PK11_DestroyContext (md5, PR_TRUE);
PK11_DestroyContext (sha1, PR_TRUE);
}
return dig;
}
/*
* @param(IN) salt salt in binary format
* @param(IN) saltSize number of bytes for the salt
* @param(IN) clearPasswd clearPasswd
* @param(OUT) the hashed password with salt in ascii b64 format
*
* #sample keyfile line
* j2ee;{SSHA}WRWaz20fzw3zN9x5Uzyyk5Wfvrbe4m40rYTPrA==;staff,eng
*/
void sshaPasswd(const char* salt, const int saltSize,const char* clearPasswd,NSString& hashed)
{
//PRBool workaround= PR_FALSE; //PR_TRUE;
const int digestLen = SHA1_LENGTH; //20
unsigned char H[512];
char* pwdAndSalt=NULL;
hashed.clear();
if (!clearPasswd) {
return;
}
int tobeHashedLen = 0;
pwdAndSalt = addSalt(clearPasswd, salt, saltSize,tobeHashedLen);
//if (workaround==PR_TRUE) {
//https_SHA1_Hash(H,pwdAndSalt); //refer lib/libadmin/password.cpp
//} else {
//const int keylen = PRIVATE_KEY_LEN;
//unsigned char DigestPrivatekey[PRIVATE_KEY_LEN];
//PK11_GenerateRandom(DigestPrivatekey, keylen);
PK11Context * SHA1Ctx = PK11_CreateDigestContext(SEC_OID_SHA1);
if (SHA1Ctx==NULL) {
FREE(pwdAndSalt);
return;
}
PK11_DigestBegin(SHA1Ctx);
//PK11_DigestOp(SHA1Ctx, (unsigned char*)pwdAndSalt, strlen(pwdAndSalt) );
PK11_DigestOp(SHA1Ctx, (unsigned char*)pwdAndSalt, tobeHashedLen );
PK11_DigestFinal(SHA1Ctx, (unsigned char *)H, (unsigned int*)&digestLen, sizeof(H));
PK11_DestroyContext(SHA1Ctx, 1);
PR_ASSERT(digestLen==20);
//}
char* base64Val=NULL;
if (salt!=NULL && saltSize>0) {
memcpy(H+20,salt,saltSize); //append salt to hashed passwd
base64Val = BTOA_DataToAscii(H,digestLen+saltSize); //base64.h
} else {
base64Val = BTOA_DataToAscii(H,digestLen); //base64.h
}
hashed.append(SSHA_TAG );
hashed.append(base64Val);
if (base64Val)
PORT_Free(base64Val);
base64Val = NULL;
FREE(pwdAndSalt);
return;
}
static int nr_crypto_nss_hmac(UCHAR *key, int keyl, UCHAR *buf, int bufl,
UCHAR *result) {
CK_MECHANISM_TYPE mech = CKM_SHA_1_HMAC;
PK11SlotInfo *slot = 0;
MOZ_ASSERT(keyl > 0);
SECItem keyi = { siBuffer, key, static_cast<unsigned int>(keyl)};
PK11SymKey *skey = 0;
PK11Context *hmac_ctx = 0;
SECStatus status;
unsigned int hmac_len;
SECItem param = { siBuffer, nullptr, 0 };
int err = R_INTERNAL;
slot = PK11_GetInternalKeySlot();
if (!slot)
goto abort;
skey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap,
CKA_SIGN, &keyi, nullptr);
if (!skey)
goto abort;
hmac_ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN,
skey, ¶m);
if (!hmac_ctx)
goto abort;
status = PK11_DigestBegin(hmac_ctx);
if (status != SECSuccess)
goto abort;
status = PK11_DigestOp(hmac_ctx, buf, bufl);
if (status != SECSuccess)
goto abort;
status = PK11_DigestFinal(hmac_ctx, result, &hmac_len, 20);
if (status != SECSuccess)
goto abort;
MOZ_ASSERT(hmac_len == 20);
err = 0;
abort:
if(hmac_ctx) PK11_DestroyContext(hmac_ctx, PR_TRUE);
if (skey) PK11_FreeSymKey(skey);
if (slot) PK11_FreeSlot(slot);
return err;
}
/*
* This code is mostly cargo-cult taken from here:
* http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn5.html
*
* It should implement HMAC with the given mechanism (SHA: 1, 256, 384, 512).
*/
static bool hmac(SECItem *key, CK_MECHANISM_TYPE mech, const SECItem *in,
struct digest_buffer *out)
{
SECItem param = { siBuffer, NULL, 0 };
PK11SlotInfo *slot = NULL;
PK11SymKey *symkey = NULL;
PK11Context *ctx = NULL;
bool ret = false;
SECStatus s;
slot = PK11_GetBestSlot(mech, NULL);
if (slot == NULL) {
slot = PK11_GetInternalKeySlot();
if (slot == NULL) {
goto done;
}
}
symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap,
CKA_SIGN, key, NULL);
if (symkey == NULL)
goto done;
ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN, symkey, ¶m);
if (ctx == NULL)
goto done;
s = PK11_DigestBegin(ctx);
if (s != SECSuccess)
goto done;
s = PK11_DigestOp(ctx, in->data, in->len);
if (s != SECSuccess)
goto done;
s = PK11_DigestFinal(ctx, out->buf, &out->len, sizeof(out->buf));
if (s != SECSuccess)
goto done;
ret = true;
done:
if (ctx != NULL)
PK11_DestroyContext(ctx, PR_TRUE);
if (symkey != NULL)
PK11_FreeSymKey(symkey);
if (slot != NULL)
PK11_FreeSlot(slot);
return ret;
}
static int
DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID)
{
int nb;
unsigned char ibuf[4096], digest[32];
PK11Context *hashcx;
unsigned int len;
SECStatus rv;
hashcx = PK11_CreateDigestContext(hashOID->offset);
if (hashcx == NULL) {
return -1;
}
PK11_DigestBegin(hashcx);
for (;;) {
if (feof(inFile)) break;
nb = fread(ibuf, 1, sizeof(ibuf), inFile);
if (nb != sizeof(ibuf)) {
if (nb == 0) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
PK11_DestroyContext(hashcx,PR_TRUE);
return -1;
}
/* eof */
break;
}
}
rv = PK11_DigestOp(hashcx, ibuf, nb);
if (rv != SECSuccess) {
PK11_DestroyContext(hashcx, PR_TRUE);
return -1;
}
}
rv = PK11_DigestFinal(hashcx, digest, &len, 32);
PK11_DestroyContext(hashcx, PR_TRUE);
if (rv != SECSuccess) return -1;
nb = fwrite(digest, 1, len, outFile);
if (nb != len) {
PORT_SetError(SEC_ERROR_IO);
return -1;
}
return 0;
}
void
hmac_final(u_char *output, struct hmac_ctx *ctx)
{
#ifndef HAVE_LIBNSS
const struct hash_desc *h = ctx->h;
h->hash_final(output, &ctx->hash_ctx);
h->hash_init(&ctx->hash_ctx);
h->hash_update(&ctx->hash_ctx, ctx->buf2, HMAC_BUFSIZE);
h->hash_update(&ctx->hash_ctx, output, h->hash_digest_len);
h->hash_final(output, &ctx->hash_ctx);
#else
unsigned int outlen = 0;
SECStatus status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
ctx->ctx_nss = NULL;
ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(ctx->h));
PR_ASSERT(ctx->ctx_nss!=NULL);
status=PK11_DigestBegin(ctx->ctx_nss);
PR_ASSERT(status==SECSuccess);
status=PK11_DigestKey(ctx->ctx_nss, ctx->okey);
PR_ASSERT(status==SECSuccess);
status = PK11_DigestOp(ctx->ctx_nss, output, outlen);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
if(ctx->ikey !=NULL) {
PK11_FreeSymKey(ctx->ikey);
}
if(ctx->okey != NULL) {
PK11_FreeSymKey(ctx->okey);
}
/* DBG(DBG_CRYPT, DBG_log("NSS: hmac final end")); */
#endif
}
void clear()
{
SECStatus s;
PK11_DestroyContext(m_context, PR_TRUE);
m_context = PK11_CreateDigestContext(m_hashAlgo);
if (! m_context) {
qDebug() << "CreateDigestContext failed";
return;
}
s = PK11_DigestBegin(m_context);
if (s != SECSuccess) {
qDebug() << "DigestBegin failed";
return;
}
}
// Let derIssuer be the DER encoding of the issuer of aCert.
// Let derPublicKey be the DER encoding of the public key of aIssuerCert.
// Let serialNumber be the bytes of the serial number of aCert.
// The value calculated is SHA384(derIssuer || derPublicKey || serialNumber).
// Because the DER encodings include the length of the data encoded,
// there do not exist A(derIssuerA, derPublicKeyA, serialNumberA) and
// B(derIssuerB, derPublicKeyB, serialNumberB) such that the concatenation of
// each triplet results in the same string of bytes but where each part in A is
// not equal to its counterpart in B. This is important because as a result it
// is computationally infeasible to find collisions that would subvert this
// cache (given that SHA384 is a cryptographically-secure hash function).
static SECStatus
CertIDHash(SHA384Buffer& buf, const CertID& certID, const char* aIsolationKey)
{
ScopedPK11Context context(PK11_CreateDigestContext(SEC_OID_SHA384));
if (!context) {
return SECFailure;
}
SECStatus rv = PK11_DigestBegin(context.get());
if (rv != SECSuccess) {
return rv;
}
SECItem certIDIssuer = UnsafeMapInputToSECItem(certID.issuer);
rv = PK11_DigestOp(context.get(), certIDIssuer.data, certIDIssuer.len);
if (rv != SECSuccess) {
return rv;
}
SECItem certIDIssuerSubjectPublicKeyInfo =
UnsafeMapInputToSECItem(certID.issuerSubjectPublicKeyInfo);
rv = PK11_DigestOp(context.get(), certIDIssuerSubjectPublicKeyInfo.data,
certIDIssuerSubjectPublicKeyInfo.len);
if (rv != SECSuccess) {
return rv;
}
SECItem certIDSerialNumber =
UnsafeMapInputToSECItem(certID.serialNumber);
rv = PK11_DigestOp(context.get(), certIDSerialNumber.data,
certIDSerialNumber.len);
if (rv != SECSuccess) {
return rv;
}
if (aIsolationKey) {
rv = PK11_DigestOp(context.get(), (const unsigned char*) aIsolationKey,
strlen(aIsolationKey));
if (rv != SECSuccess) {
return rv;
}
}
uint32_t outLen = 0;
rv = PK11_DigestFinal(context.get(), buf, &outLen, SHA384_LENGTH);
if (outLen != SHA384_LENGTH) {
return SECFailure;
}
return rv;
}
char *oauth_sign_hmac_sha1_raw (const char *m, const size_t ml, const char *k, const size_t kl) {
PK11SlotInfo *slot = NULL;
PK11SymKey *pkey = NULL;
PK11Context *context = NULL;
unsigned char digest[20]; // Is there a way to tell how large the output is?
unsigned int len;
SECStatus s;
SECItem keyItem, noParams;
char *rv=NULL;
keyItem.type = siBuffer;
keyItem.data = (unsigned char*) k;
keyItem.len = kl;
noParams.type = siBuffer;
noParams.data = NULL;
noParams.len = 0;
oauth_init_nss();
slot = PK11_GetInternalKeySlot();
if (!slot) goto looser;
pkey = PK11_ImportSymKey(slot, CKM_SHA_1_HMAC, PK11_OriginUnwrap, CKA_SIGN, &keyItem, NULL);
if (!pkey) goto looser;
context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, pkey, &noParams);
if (!context) goto looser;
s = PK11_DigestBegin(context);
if (s != SECSuccess) goto looser;
s = PK11_DigestOp(context, (unsigned char*) m, ml);
if (s != SECSuccess) goto looser;
s = PK11_DigestFinal(context, digest, &len, sizeof digest);
if (s != SECSuccess) goto looser;
rv=oauth_encode_base64(len, digest);
looser:
if (context) PK11_DestroyContext(context, PR_TRUE);
if (pkey) PK11_FreeSymKey(pkey);
if (slot) PK11_FreeSlot(slot);
return rv;
}
