/* MAC is generated per PKCS 12 section 6. It is expected that key, msg * and mac_dest are pre allocated, non-NULL arrays. msg_len is passed in * because it is not known how long the message actually is. String * manipulation routines will not necessarily work because msg may have * imbedded NULLs */ SECItem * sec_pkcs12_generate_mac(SECItem *key, SECItem *msg, PRBool old_method) { SECStatus res = SECFailure; SECItem *mac = NULL; PK11Context *pk11cx = NULL; SECItem ignore = {0}; if((key == NULL) || (msg == NULL)) { return NULL; } if(old_method == PR_TRUE) { return sec_pkcs12_generate_old_mac(key, msg); } /* allocate return item */ mac = SECITEM_AllocItem(NULL, NULL, SHA1_LENGTH); if (mac == NULL) { return NULL; } pk11cx = PK11_CreateContextByRawKey(NULL, CKM_SHA_1_HMAC, PK11_OriginDerive, CKA_SIGN, key, &ignore, NULL); if (pk11cx == NULL) { goto loser; } res = PK11_DigestBegin(pk11cx); if (res == SECFailure) { goto loser; } res = PK11_DigestOp(pk11cx, msg->data, msg->len); if (res == SECFailure) { goto loser; } res = PK11_DigestFinal(pk11cx, mac->data, &mac->len, SHA1_LENGTH); if (res == SECFailure) { goto loser; } PK11_DestroyContext(pk11cx, PR_TRUE); pk11cx = NULL; loser: if(res != SECSuccess) { SECITEM_ZfreeItem(mac, PR_TRUE); mac = NULL; if (pk11cx) { PK11_DestroyContext(pk11cx, PR_TRUE); } } return mac; }
void hmac_final(u_char *output, struct hmac_ctx *ctx) { unsigned int outlen = 0; SECStatus status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len); PR_ASSERT(status == SECSuccess); PR_ASSERT(outlen == ctx->hmac_digest_len); PK11_DestroyContext(ctx->ctx_nss, PR_TRUE); ctx->ctx_nss = NULL; ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(ctx->h)); PR_ASSERT(ctx->ctx_nss != NULL); status = PK11_DigestBegin(ctx->ctx_nss); PR_ASSERT(status == SECSuccess); status = PK11_DigestKey(ctx->ctx_nss, ctx->okey); PR_ASSERT(status == SECSuccess); status = PK11_DigestOp(ctx->ctx_nss, output, outlen); PR_ASSERT(status == SECSuccess); status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len); PR_ASSERT(status == SECSuccess); PR_ASSERT(outlen == ctx->hmac_digest_len); PK11_DestroyContext(ctx->ctx_nss, PR_TRUE); if (ctx->ikey != NULL) PK11_FreeSymKey(ctx->ikey); if (ctx->okey != NULL) PK11_FreeSymKey(ctx->okey); /* DBG(DBG_CRYPT, DBG_log("NSS: hmac final end")); */ }
/* * create a new context which is the clone of the state of old context. */ PK11Context * PK11_CloneContext(PK11Context *old) { PK11Context *newcx; PRBool needFree = PR_FALSE; SECStatus rv = SECSuccess; void *data; unsigned long len; newcx = pk11_CreateNewContextInSlot(old->type, old->slot, old->operation, old->key, old->param); if (newcx == NULL) return NULL; /* now clone the save state. First we need to find the save state * of the old session. If the old context owns it's session, * the state needs to be saved, otherwise the state is in saveData. */ if (old->ownSession) { PK11_EnterContextMonitor(old); data = pk11_saveContext(old, NULL, &len); PK11_ExitContextMonitor(old); needFree = PR_TRUE; } else { data = old->savedData; len = old->savedLength; } if (data == NULL) { PK11_DestroyContext(newcx, PR_TRUE); return NULL; } /* now copy that state into our new context. Again we have different * work if the new context owns it's own session. If it does, we * restore the state gathered above. If it doesn't, we copy the * saveData pointer... */ if (newcx->ownSession) { PK11_EnterContextMonitor(newcx); rv = pk11_restoreContext(newcx, data, len); PK11_ExitContextMonitor(newcx); } else { PORT_Assert(newcx->savedData != NULL); if ((newcx->savedData == NULL) || (newcx->savedLength < len)) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); rv = SECFailure; } else { PORT_Memcpy(newcx->savedData, data, len); newcx->savedLength = len; } } if (needFree) PORT_Free(data); if (rv != SECSuccess) { PK11_DestroyContext(newcx, PR_TRUE); return NULL; } return newcx; }
/* * J A R _ d i g e s t _ f i l e * * Calculates the MD5 and SHA1 digests for a file * present on disk, and returns these in JAR_Digest struct. * */ int JAR_digest_file (char *filename, JAR_Digest *dig) { JAR_FILE fp; PK11Context *md5 = 0; PK11Context *sha1 = 0; unsigned char *buf = (unsigned char *) PORT_ZAlloc (FILECHUNQ); int num; unsigned int md5_length, sha1_length; if (buf == NULL) { /* out of memory */ return JAR_ERR_MEMORY; } if ((fp = JAR_FOPEN (filename, "rb")) == 0) { /* perror (filename); FIX XXX XXX XXX XXX XXX XXX */ PORT_Free (buf); return JAR_ERR_FNF; } md5 = PK11_CreateDigestContext (SEC_OID_MD5); sha1 = PK11_CreateDigestContext (SEC_OID_SHA1); if (md5 == NULL || sha1 == NULL) { /* can't generate digest contexts */ PORT_Free (buf); JAR_FCLOSE (fp); return JAR_ERR_GENERAL; } PK11_DigestBegin (md5); PK11_DigestBegin (sha1); while (1) { if ((num = JAR_FREAD (fp, buf, FILECHUNQ)) == 0) break; PK11_DigestOp (md5, buf, num); PK11_DigestOp (sha1, buf, num); } PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH); PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH); PK11_DestroyContext (md5, PR_TRUE); PK11_DestroyContext (sha1, PR_TRUE); PORT_Free (buf); JAR_FCLOSE (fp); return 0; }
static int DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID) { int nb; unsigned char ibuf[4096], digest[32]; PK11Context *hashcx; unsigned int len; SECStatus rv; hashcx = PK11_CreateDigestContext(hashOID->offset); if (hashcx == NULL) { return -1; } PK11_DigestBegin(hashcx); for (;;) { if (feof(inFile)) break; nb = fread(ibuf, 1, sizeof(ibuf), inFile); if (nb != sizeof(ibuf)) { if (nb == 0) { if (ferror(inFile)) { PORT_SetError(SEC_ERROR_IO); PK11_DestroyContext(hashcx,PR_TRUE); return -1; } /* eof */ break; } } rv = PK11_DigestOp(hashcx, ibuf, nb); if (rv != SECSuccess) { PK11_DestroyContext(hashcx, PR_TRUE); return -1; } } rv = PK11_DigestFinal(hashcx, digest, &len, 32); PK11_DestroyContext(hashcx, PR_TRUE); if (rv != SECSuccess) return -1; nb = fwrite(digest, 1, len, outFile); if (nb != len) { PORT_SetError(SEC_ERROR_IO); return -1; } return 0; }
void nsCryptoHMAC::destructorSafeDestroyNSSReference() { if (mHMACContext) PK11_DestroyContext(mHMACContext, true); mHMACContext = nullptr; }
void inline sha512_result(sha512_context *ctx, u_int8_t * hash, int hashlen) { unsigned int len; SECStatus s = PK11_DigestFinal(ctx->ctx_nss, hash, &len, hashlen); PR_ASSERT(len==hashlen); PR_ASSERT(s==SECSuccess); PK11_DestroyContext(ctx->ctx_nss, PR_TRUE); }
/* void init (in unsigned long aAlgorithm, in nsIKeyObject aKeyObject); */ NS_IMETHODIMP nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject) { nsNSSShutDownPreventionLock locker; if (isAlreadyShutDown()) { return NS_ERROR_NOT_AVAILABLE; } if (mHMACContext) { PK11_DestroyContext(mHMACContext, true); mHMACContext = nullptr; } CK_MECHANISM_TYPE HMACMechType; switch (aAlgorithm) { case nsCryptoHMAC::MD2: HMACMechType = CKM_MD2_HMAC; break; case nsCryptoHMAC::MD5: HMACMechType = CKM_MD5_HMAC; break; case nsCryptoHMAC::SHA1: HMACMechType = CKM_SHA_1_HMAC; break; case nsCryptoHMAC::SHA256: HMACMechType = CKM_SHA256_HMAC; break; case nsCryptoHMAC::SHA384: HMACMechType = CKM_SHA384_HMAC; break; case nsCryptoHMAC::SHA512: HMACMechType = CKM_SHA512_HMAC; break; default: return NS_ERROR_INVALID_ARG; } NS_ENSURE_ARG_POINTER(aKeyObject); nsresult rv; int16_t keyType; rv = aKeyObject->GetType(&keyType); NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_TRUE(keyType == nsIKeyObject::SYM_KEY, NS_ERROR_INVALID_ARG); PK11SymKey* key; // GetKeyObj doesn't addref the key rv = aKeyObject->GetKeyObj((void**)&key); NS_ENSURE_SUCCESS(rv, rv); SECItem rawData; rawData.data = 0; rawData.len = 0; mHMACContext = PK11_CreateContextBySymKey( HMACMechType, CKA_SIGN, key, &rawData); NS_ENSURE_TRUE(mHMACContext, NS_ERROR_FAILURE); SECStatus ss = PK11_DigestBegin(mHMACContext); NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE); return NS_OK; }
char *oauth_body_hash_data(size_t length, const char *data) { PK11SlotInfo *slot = NULL; PK11Context *context = NULL; unsigned char digest[20]; // Is there a way to tell how large the output is? unsigned int len; SECStatus s; char *rv=NULL; oauth_init_nss(); slot = PK11_GetInternalKeySlot(); if (!slot) goto looser; context = PK11_CreateDigestContext(SEC_OID_SHA1); if (!context) goto looser; s = PK11_DigestBegin(context); if (s != SECSuccess) goto looser; s = PK11_DigestOp(context, (unsigned char*) data, length); if (s != SECSuccess) goto looser; s = PK11_DigestFinal(context, digest, &len, sizeof digest); if (s != SECSuccess) goto looser; unsigned char *dgst = xmalloc(len*sizeof(char)); // oauth_body_hash_encode frees the digest.. memcpy(dgst, digest, len); rv=oauth_body_hash_encode(len, dgst); looser: if (context) PK11_DestroyContext(context, PR_TRUE); if (slot) PK11_FreeSlot(slot); return rv; }
static int nss_hash_init(void **pctx, SECOidTag hash_alg) { PK11Context *ctx; /* we have to initialize NSS if not initialized alraedy */ #ifdef HAVE_NSS_INITCONTEXT if(!NSS_IsInitialized() && !nss_context) { static NSSInitParameters params; params.length = sizeof params; nss_context = NSS_InitContext("", "", "", "", ¶ms, NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN | NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD); } #endif ctx = PK11_CreateDigestContext(hash_alg); if(!ctx) return /* failure */ 0; if(PK11_DigestBegin(ctx) != SECSuccess) { PK11_DestroyContext(ctx, PR_TRUE); return /* failure */ 0; } *pctx = ctx; return /* success */ 1; }
int sxi_hmac_sha1_init_ex(sxi_hmac_sha1_ctx *ctx, const void *key, int key_len) { if (!ctx) return 0; /* NOTE: params must be provided, but may be empty */ SECItem noParams; noParams.type = siBuffer; noParams.data = 0; noParams.len = 0; if (ctx->context) PK11_DestroyContext(ctx->context, PR_TRUE); if (ctx->key) PK11_FreeSymKey(ctx->key); if (ctx->keysec) SECITEM_FreeItem(ctx->keysec, PR_TRUE); ctx->keysec = SECITEM_AllocItem(NULL, NULL, key_len); if (ctx->keysec) { memcpy(ctx->keysec->data, key, key_len); ctx->key = PK11_ImportSymKey(ctx->slot, CKM_SHA_1_HMAC, PK11_OriginDerive, CKA_SIGN, ctx->keysec, &noParams); if(ctx->key) { ctx->context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, ctx->key, &noParams); if (ctx->context && PK11_DigestBegin(ctx->context) == SECSuccess) return 1; } } return 0; }
static void nss_hash_final(void **pctx, unsigned char *out, unsigned int len) { PK11Context *ctx = *pctx; unsigned int outlen; PK11_DigestFinal(ctx, out, &outlen, len); PK11_DestroyContext(ctx, PR_TRUE); }
void hmac_final(u_char *output, struct hmac_ctx *ctx) { #ifndef HAVE_LIBNSS const struct hash_desc *h = ctx->h; h->hash_final(output, &ctx->hash_ctx); h->hash_init(&ctx->hash_ctx); h->hash_update(&ctx->hash_ctx, ctx->buf2, HMAC_BUFSIZE); h->hash_update(&ctx->hash_ctx, output, h->hash_digest_len); h->hash_final(output, &ctx->hash_ctx); #else unsigned int outlen = 0; SECStatus status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len); PR_ASSERT(status == SECSuccess); PR_ASSERT(outlen == ctx->hmac_digest_len); PK11_DestroyContext(ctx->ctx_nss, PR_TRUE); ctx->ctx_nss = NULL; ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(ctx->h)); PR_ASSERT(ctx->ctx_nss!=NULL); status=PK11_DigestBegin(ctx->ctx_nss); PR_ASSERT(status==SECSuccess); status=PK11_DigestKey(ctx->ctx_nss, ctx->okey); PR_ASSERT(status==SECSuccess); status = PK11_DigestOp(ctx->ctx_nss, output, outlen); PR_ASSERT(status == SECSuccess); status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len); PR_ASSERT(status == SECSuccess); PR_ASSERT(outlen == ctx->hmac_digest_len); PK11_DestroyContext(ctx->ctx_nss, PR_TRUE); if(ctx->ikey !=NULL) { PK11_FreeSymKey(ctx->ikey); } if(ctx->okey != NULL) { PK11_FreeSymKey(ctx->okey); } /* DBG(DBG_CRYPT, DBG_log("NSS: hmac final end")); */ #endif }
/* * for Secure Messaging in Secure Channel */ TPS_PUBLIC PRStatus Util::EncryptData(PK11SymKey *encSessionKey, Buffer &input, Buffer &output) { PRStatus rv = PR_FAILURE; SECStatus s = SECFailure; //static SECItem noParams = { siBuffer, 0, 0 }; static unsigned char d[8] = { 0,0,0,0,0,0,0,0 }; static SECItem ivParams = { siBuffer, d, 8 }; PK11Context *context = NULL; unsigned char result[8]; int len; int i; /* this is ECB mode context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, encSessionKey, &noParams); */ // use CBC mode context = PK11_CreateContextBySymKey(CKM_DES3_CBC, CKA_ENCRYPT, encSessionKey, &ivParams); if (!context) { goto done; } for(i = 0;i < (int)input.size();i += 8) { s = PK11_CipherOp(context, result, &len, 8, (unsigned char *)(((BYTE*)input)+i), 8); if (s != SECSuccess) { goto done; } output.replace(i, result, 8); } rv = PR_SUCCESS; // RA::Debug("Util::EncryptData", "success"); done: //#define VRFY_ENC_SESSION_KEY // fix this to use CBC mode later #ifdef VRFY_ENC_SESSION_KEY Buffer enc_key_buffer = Buffer((BYTE *) PK11_GetKeyData(encSessionKey)->data, PK11_GetKeyData(encSessionKey)->len); RA::DebugBuffer("Util::EncryptData", "Verifying Encrypted Data", &output); Buffer out1 = Buffer(16, (BYTE)0); PRStatus status = Util::DecryptData(enc_key_buffer, output, out1); RA::DebugBuffer("Util::EncryptData", "Decrypted Data", &out1); #endif if( context != NULL ) { PK11_DestroyContext( context, PR_TRUE ); context = NULL; } return rv; }
static void ssl_DestroyKeyMaterial(ssl3KeyMaterial *keyMaterial) { PK11_FreeSymKey(keyMaterial->key); PK11_FreeSymKey(keyMaterial->macKey); if (keyMaterial->macContext != NULL) { PK11_DestroyContext(keyMaterial->macContext, PR_TRUE); } }
PK11SymKey * PK11_Derive_osw(PK11SymKey *base, CK_MECHANISM_TYPE mechanism , SECItem *param, CK_MECHANISM_TYPE target , CK_ATTRIBUTE_TYPE operation, int keysize) { SECOidTag oid; PK11Context *ctx; unsigned char dkey[HMAC_BUFSIZE]; SECItem dkey_param; SECStatus status; unsigned int len=0; CK_EXTRACT_PARAMS bs; chunk_t dkey_chunk; if( ((mechanism == CKM_SHA256_KEY_DERIVATION) || (mechanism == CKM_SHA384_KEY_DERIVATION)|| (mechanism == CKM_SHA512_KEY_DERIVATION)) && (param == NULL) && (keysize ==0)) { switch (mechanism) { case CKM_SHA256_KEY_DERIVATION: oid = SEC_OID_SHA256; break; case CKM_SHA384_KEY_DERIVATION: oid = SEC_OID_SHA384; break; case CKM_SHA512_KEY_DERIVATION: oid = SEC_OID_SHA512; break; default: DBG(DBG_CRYPT, DBG_log("PK11_Derive_osw: Invalid NSS mechanism ")); break; /*should not reach here*/ } ctx = PK11_CreateDigestContext(oid); PR_ASSERT(ctx!=NULL); status=PK11_DigestBegin(ctx); PR_ASSERT(status == SECSuccess); status=PK11_DigestKey(ctx, base); PR_ASSERT(status == SECSuccess); PK11_DigestFinal(ctx, dkey, &len, sizeof dkey); PK11_DestroyContext(ctx, PR_TRUE); dkey_chunk.ptr = dkey; dkey_chunk.len = len; PK11SymKey *tkey1 = pk11_derive_wrapper_osw(base, CKM_CONCATENATE_DATA_AND_BASE, dkey_chunk, CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE, 0); PR_ASSERT(tkey1!=NULL); bs=0; dkey_param.data = (unsigned char*)&bs; dkey_param.len = sizeof (bs); PK11SymKey *tkey2 = PK11_Derive(tkey1, CKM_EXTRACT_KEY_FROM_KEY, &dkey_param, target, operation, len); PR_ASSERT(tkey2!=NULL); if(tkey1!=NULL) { PK11_FreeSymKey(tkey1); } return tkey2; } else { return PK11_Derive(base, mechanism, param, target, operation, keysize); } }
/* * This is to get FIPS compliance until we can convert * libjar to use PK11_ hashing functions. It returns PR_FALSE * if we can't get a PK11 Context. */ PRBool PK11_HashOK(SECOidTag algID) { PK11Context *cx; cx = PK11_CreateDigestContext(algID); if (cx == NULL) return PR_FALSE; PK11_DestroyContext(cx, PR_TRUE); return PR_TRUE; }
void sxi_md_cleanup(sxi_md_ctx **ctxptr) { if (!ctxptr || !*ctxptr) return; if ((*ctxptr)->context) PK11_DestroyContext((*ctxptr)->context, PR_TRUE); free(*ctxptr); *ctxptr = NULL; }
static int sss_nss_crypto_ctx_destructor(struct sss_nss_crypto_ctx *cctx) { if (cctx->ectx) PK11_DestroyContext(cctx->ectx, PR_TRUE); if (cctx->sparam) SECITEM_FreeItem(cctx->sparam, PR_TRUE); if (cctx->slot) PK11_FreeSlot(cctx->slot); if (cctx->keyobj) PK11_FreeSymKey(cctx->keyobj); return EOK; }
static int decrypt_nss ( knet_handle_t knet_h, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len) { struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance; PK11Context* decrypt_context = NULL; SECItem decrypt_param; int tmp1_outlen = 0; unsigned int tmp2_outlen = 0; unsigned char *salt = (unsigned char *)buf_in; unsigned char *data = salt + SALT_SIZE; int datalen = buf_in_len - SALT_SIZE; int err = -1; /* Create cipher context for decryption */ decrypt_param.type = siBuffer; decrypt_param.data = salt; decrypt_param.len = SALT_SIZE; decrypt_context = PK11_CreateContextBySymKey(cipher_to_nss[instance->crypto_cipher_type], CKA_DECRYPT, instance->nss_sym_key, &decrypt_param); if (!decrypt_context) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "PK11_CreateContext (decrypt) failed (err %d)", PR_GetError()); goto out; } if (PK11_CipherOp(decrypt_context, buf_out, &tmp1_outlen, KNET_DATABUFSIZE_CRYPT, data, datalen) != SECSuccess) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "PK11_CipherOp (decrypt) failed (err %d)", PR_GetError()); goto out; } if (PK11_DigestFinal(decrypt_context, buf_out + tmp1_outlen, &tmp2_outlen, KNET_DATABUFSIZE_CRYPT - tmp1_outlen) != SECSuccess) { log_err(knet_h, KNET_SUB_NSSCRYPTO, "PK11_DigestFinal (decrypt) failed (err %d)", PR_GetError()); goto out; } *buf_out_len = tmp1_outlen + tmp2_outlen; err = 0; out: if (decrypt_context) { PK11_DestroyContext(decrypt_context, PR_TRUE); } return err; }
/* MD5 finalization. Ends an MD5 message-digest operation, writing the * the message digest and zeroing the context. */ void lsMD5Final(unsigned char digest[MD5_DIGEST_SIZE], lsMD5_CTX *context) { unsigned int length; SECStatus status = PK11_DigestFinal(context->ctx_nss, digest, &length, MD5_DIGEST_SIZE); passert(status == SECSuccess); passert(length == MD5_DIGEST_SIZE); PK11_DestroyContext(context->ctx_nss, PR_TRUE); }
void crypto_md5_final(CryptoMd5 md5, uint8 * out_data) { unsigned int len; SECStatus s = PK11_DigestFinal(md5->context, out_data, &len, 16); check(s, "Error finalizing md5"); ASSERT(len == 16); PK11_DestroyContext(md5->context, PR_TRUE); xfree(md5); }
void crypto_rc4_free(CryptoRc4 rc4) { unsigned int outLen; SECStatus s = PK11_DigestFinal(rc4->context, NULL, &outLen, 0); check(s, "Error finalizing rc4"); ASSERT(!outLen); PK11_DestroyContext(rc4->context, PR_TRUE); xfree(rc4); }
void crypto_sha1_final(CryptoSha1 sha1, uint8 * out_data) { unsigned int len; SECStatus s = PK11_DigestFinal(sha1->context, out_data, &len, 20); check(s, "Error finalizing sha1"); ASSERT(len == 20); PK11_DestroyContext(sha1->context, PR_TRUE); xfree(sha1); }
static void sha512_hash_final(u_char *hash, sha512_context *ctx) { unsigned int len; SECStatus s; s = PK11_DigestFinal(ctx->ctx_nss, hash, &len, SHA2_512_DIGEST_SIZE); passert(s == SECSuccess); passert(len == SHA2_512_DIGEST_SIZE); PK11_DestroyContext(ctx->ctx_nss, PR_TRUE); }
static SECStatus ssl_MacBuffer(PK11SymKey *key, CK_MECHANISM_TYPE mech, const unsigned char *in, unsigned int len, unsigned char *mac, unsigned int *macLen, unsigned int maxMacLen) { PK11Context *ctx; SECItem macParam = { 0, NULL, 0 }; unsigned int computedLen; SECStatus rv; ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN, key, &macParam); if (!ctx) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } rv = PK11_DigestBegin(ctx); if (rv != SECSuccess) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); goto loser; } rv = PK11_DigestOp(ctx, in, len); if (rv != SECSuccess) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); goto loser; } rv = PK11_DigestFinal(ctx, mac, &computedLen, maxMacLen); if (rv != SECSuccess) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); goto loser; } *macLen = maxMacLen; PK11_DestroyContext(ctx, PR_TRUE); return SECSuccess; loser: PK11_DestroyContext(ctx, PR_TRUE); return SECFailure; }
void Curl_nss_md5sum(unsigned char *tmp, /* input */ size_t tmplen, unsigned char *md5sum, /* output */ size_t md5len) { PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5); unsigned int MD5out; PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen)); PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len)); PK11_DestroyContext(MD5pw, PR_TRUE); }
/** * @brief Clean encryption / decryption context. * @note After cleanup, a context is free to be reused if necessary. * @param f The context to use. * @return Returns APR_ENOTIMPL if not supported. */ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *block) { if (block->ctx) { PK11_DestroyContext(block->ctx, PR_TRUE); block->ctx = NULL; } return APR_SUCCESS; }
gboolean crypto_md5_hash (const char *salt, const gsize salt_len, const char *password, gsize password_len, char *buffer, gsize buflen, GError **error) { PK11Context *ctx; int nkey = buflen; unsigned int digest_len; int count = 0; char digest[MD5_HASH_LEN]; char *p = buffer; if (salt) g_return_val_if_fail (salt_len >= 8, FALSE); g_return_val_if_fail (password != NULL, FALSE); g_return_val_if_fail (password_len > 0, FALSE); g_return_val_if_fail (buffer != NULL, FALSE); g_return_val_if_fail (buflen > 0, FALSE); ctx = PK11_CreateDigestContext (SEC_OID_MD5); if (!ctx) { g_set_error (error, NM_CRYPTO_ERROR, NM_CRYPTO_ERR_MD5_INIT_FAILED, _("Failed to initialize the MD5 context: %d."), PORT_GetError ()); return FALSE; } while (nkey > 0) { int i = 0; PK11_DigestBegin (ctx); if (count++) PK11_DigestOp (ctx, (const unsigned char *) digest, digest_len); PK11_DigestOp (ctx, (const unsigned char *) password, password_len); if (salt) PK11_DigestOp (ctx, (const unsigned char *) salt, 8); /* Only use 8 bytes of salt */ PK11_DigestFinal (ctx, (unsigned char *) digest, &digest_len, sizeof (digest)); while (nkey && (i < digest_len)) { *(p++) = digest[i++]; nkey--; } } memset (digest, 0, sizeof (digest)); PK11_DestroyContext (ctx, PR_TRUE); return TRUE; }
SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, const unsigned char *in, PRInt32 len) { PK11Context *context; unsigned int max_length; unsigned int out_length; SECStatus rv; /* len will be passed to PK11_DigestOp as unsigned. */ if (len < 0) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } context = PK11_CreateDigestContext(hashAlg); if (context == NULL) return SECFailure; rv = PK11_DigestBegin(context); if (rv != SECSuccess) { PK11_DestroyContext(context, PR_TRUE); return rv; } rv = PK11_DigestOp(context, in, len); if (rv != SECSuccess) { PK11_DestroyContext(context, PR_TRUE); return rv; } /* XXX This really should have been an argument to this function! */ max_length = HASH_ResultLenByOidTag(hashAlg); PORT_Assert(max_length); if (!max_length) max_length = HASH_LENGTH_MAX; rv = PK11_DigestFinal(context, out, &out_length, max_length); PK11_DestroyContext(context, PR_TRUE); return rv; }