/* MAC is generated per PKCS 12 section 6. It is expected that key, msg
* and mac_dest are pre allocated, non-NULL arrays. msg_len is passed in
* because it is not known how long the message actually is. String
* manipulation routines will not necessarily work because msg may have
* imbedded NULLs
*/
SECItem *
sec_pkcs12_generate_mac(SECItem *key,
SECItem *msg,
PRBool old_method)
{
SECStatus res = SECFailure;
SECItem *mac = NULL;
PK11Context *pk11cx = NULL;
SECItem ignore = {0};
if((key == NULL) || (msg == NULL)) {
return NULL;
}
if(old_method == PR_TRUE) {
return sec_pkcs12_generate_old_mac(key, msg);
}
/* allocate return item */
mac = SECITEM_AllocItem(NULL, NULL, SHA1_LENGTH);
if (mac == NULL) {
return NULL;
}
pk11cx = PK11_CreateContextByRawKey(NULL, CKM_SHA_1_HMAC, PK11_OriginDerive,
CKA_SIGN, key, &ignore, NULL);
if (pk11cx == NULL) {
goto loser;
}
res = PK11_DigestBegin(pk11cx);
if (res == SECFailure) {
goto loser;
}
res = PK11_DigestOp(pk11cx, msg->data, msg->len);
if (res == SECFailure) {
goto loser;
}
res = PK11_DigestFinal(pk11cx, mac->data, &mac->len, SHA1_LENGTH);
if (res == SECFailure) {
goto loser;
}
PK11_DestroyContext(pk11cx, PR_TRUE);
pk11cx = NULL;
loser:
if(res != SECSuccess) {
SECITEM_ZfreeItem(mac, PR_TRUE);
mac = NULL;
if (pk11cx) {
PK11_DestroyContext(pk11cx, PR_TRUE);
}
}
return mac;
}
void hmac_final(u_char *output, struct hmac_ctx *ctx)
{
unsigned int outlen = 0;
SECStatus status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen,
ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
ctx->ctx_nss = NULL;
ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(ctx->h));
PR_ASSERT(ctx->ctx_nss != NULL);
status = PK11_DigestBegin(ctx->ctx_nss);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestKey(ctx->ctx_nss, ctx->okey);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestOp(ctx->ctx_nss, output, outlen);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen,
ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
if (ctx->ikey != NULL)
PK11_FreeSymKey(ctx->ikey);
if (ctx->okey != NULL)
PK11_FreeSymKey(ctx->okey);
/* DBG(DBG_CRYPT, DBG_log("NSS: hmac final end")); */
}
/*
* create a new context which is the clone of the state of old context.
*/
PK11Context *
PK11_CloneContext(PK11Context *old)
{
PK11Context *newcx;
PRBool needFree = PR_FALSE;
SECStatus rv = SECSuccess;
void *data;
unsigned long len;
newcx = pk11_CreateNewContextInSlot(old->type, old->slot, old->operation,
old->key, old->param);
if (newcx == NULL)
return NULL;
/* now clone the save state. First we need to find the save state
* of the old session. If the old context owns it's session,
* the state needs to be saved, otherwise the state is in saveData. */
if (old->ownSession) {
PK11_EnterContextMonitor(old);
data = pk11_saveContext(old, NULL, &len);
PK11_ExitContextMonitor(old);
needFree = PR_TRUE;
} else {
data = old->savedData;
len = old->savedLength;
}
if (data == NULL) {
PK11_DestroyContext(newcx, PR_TRUE);
return NULL;
}
/* now copy that state into our new context. Again we have different
* work if the new context owns it's own session. If it does, we
* restore the state gathered above. If it doesn't, we copy the
* saveData pointer... */
if (newcx->ownSession) {
PK11_EnterContextMonitor(newcx);
rv = pk11_restoreContext(newcx, data, len);
PK11_ExitContextMonitor(newcx);
} else {
PORT_Assert(newcx->savedData != NULL);
if ((newcx->savedData == NULL) || (newcx->savedLength < len)) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
rv = SECFailure;
} else {
PORT_Memcpy(newcx->savedData, data, len);
newcx->savedLength = len;
}
}
if (needFree)
PORT_Free(data);
if (rv != SECSuccess) {
PK11_DestroyContext(newcx, PR_TRUE);
return NULL;
}
return newcx;
}
/*
* J A R _ d i g e s t _ f i l e
*
* Calculates the MD5 and SHA1 digests for a file
* present on disk, and returns these in JAR_Digest struct.
*
*/
int
JAR_digest_file (char *filename, JAR_Digest *dig)
{
JAR_FILE fp;
PK11Context *md5 = 0;
PK11Context *sha1 = 0;
unsigned char *buf = (unsigned char *) PORT_ZAlloc (FILECHUNQ);
int num;
unsigned int md5_length, sha1_length;
if (buf == NULL) {
/* out of memory */
return JAR_ERR_MEMORY;
}
if ((fp = JAR_FOPEN (filename, "rb")) == 0) {
/* perror (filename); FIX XXX XXX XXX XXX XXX XXX */
PORT_Free (buf);
return JAR_ERR_FNF;
}
md5 = PK11_CreateDigestContext (SEC_OID_MD5);
sha1 = PK11_CreateDigestContext (SEC_OID_SHA1);
if (md5 == NULL || sha1 == NULL) {
/* can't generate digest contexts */
PORT_Free (buf);
JAR_FCLOSE (fp);
return JAR_ERR_GENERAL;
}
PK11_DigestBegin (md5);
PK11_DigestBegin (sha1);
while (1) {
if ((num = JAR_FREAD (fp, buf, FILECHUNQ)) == 0)
break;
PK11_DigestOp (md5, buf, num);
PK11_DigestOp (sha1, buf, num);
}
PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
PK11_DestroyContext (md5, PR_TRUE);
PK11_DestroyContext (sha1, PR_TRUE);
PORT_Free (buf);
JAR_FCLOSE (fp);
return 0;
}
static int
DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID)
{
int nb;
unsigned char ibuf[4096], digest[32];
PK11Context *hashcx;
unsigned int len;
SECStatus rv;
hashcx = PK11_CreateDigestContext(hashOID->offset);
if (hashcx == NULL) {
return -1;
}
PK11_DigestBegin(hashcx);
for (;;) {
if (feof(inFile)) break;
nb = fread(ibuf, 1, sizeof(ibuf), inFile);
if (nb != sizeof(ibuf)) {
if (nb == 0) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
PK11_DestroyContext(hashcx,PR_TRUE);
return -1;
}
/* eof */
break;
}
}
rv = PK11_DigestOp(hashcx, ibuf, nb);
if (rv != SECSuccess) {
PK11_DestroyContext(hashcx, PR_TRUE);
return -1;
}
}
rv = PK11_DigestFinal(hashcx, digest, &len, 32);
PK11_DestroyContext(hashcx, PR_TRUE);
if (rv != SECSuccess) return -1;
nb = fwrite(digest, 1, len, outFile);
if (nb != len) {
PORT_SetError(SEC_ERROR_IO);
return -1;
}
return 0;
}
void
nsCryptoHMAC::destructorSafeDestroyNSSReference()
{
if (mHMACContext)
PK11_DestroyContext(mHMACContext, true);
mHMACContext = nullptr;
}
void inline sha512_result(sha512_context *ctx, u_int8_t * hash, int hashlen) {
unsigned int len;
SECStatus s = PK11_DigestFinal(ctx->ctx_nss, hash, &len, hashlen);
PR_ASSERT(len==hashlen);
PR_ASSERT(s==SECSuccess);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
}
/* void init (in unsigned long aAlgorithm, in nsIKeyObject aKeyObject); */
NS_IMETHODIMP
nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject)
{
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
if (mHMACContext)
{
PK11_DestroyContext(mHMACContext, true);
mHMACContext = nullptr;
}
CK_MECHANISM_TYPE HMACMechType;
switch (aAlgorithm)
{
case nsCryptoHMAC::MD2:
HMACMechType = CKM_MD2_HMAC; break;
case nsCryptoHMAC::MD5:
HMACMechType = CKM_MD5_HMAC; break;
case nsCryptoHMAC::SHA1:
HMACMechType = CKM_SHA_1_HMAC; break;
case nsCryptoHMAC::SHA256:
HMACMechType = CKM_SHA256_HMAC; break;
case nsCryptoHMAC::SHA384:
HMACMechType = CKM_SHA384_HMAC; break;
case nsCryptoHMAC::SHA512:
HMACMechType = CKM_SHA512_HMAC; break;
default:
return NS_ERROR_INVALID_ARG;
}
NS_ENSURE_ARG_POINTER(aKeyObject);
nsresult rv;
int16_t keyType;
rv = aKeyObject->GetType(&keyType);
NS_ENSURE_SUCCESS(rv, rv);
NS_ENSURE_TRUE(keyType == nsIKeyObject::SYM_KEY, NS_ERROR_INVALID_ARG);
PK11SymKey* key;
// GetKeyObj doesn't addref the key
rv = aKeyObject->GetKeyObj((void**)&key);
NS_ENSURE_SUCCESS(rv, rv);
SECItem rawData;
rawData.data = 0;
rawData.len = 0;
mHMACContext = PK11_CreateContextBySymKey(
HMACMechType, CKA_SIGN, key, &rawData);
NS_ENSURE_TRUE(mHMACContext, NS_ERROR_FAILURE);
SECStatus ss = PK11_DigestBegin(mHMACContext);
NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
return NS_OK;
}
char *oauth_body_hash_data(size_t length, const char *data) {
PK11SlotInfo *slot = NULL;
PK11Context *context = NULL;
unsigned char digest[20]; // Is there a way to tell how large the output is?
unsigned int len;
SECStatus s;
char *rv=NULL;
oauth_init_nss();
slot = PK11_GetInternalKeySlot();
if (!slot) goto looser;
context = PK11_CreateDigestContext(SEC_OID_SHA1);
if (!context) goto looser;
s = PK11_DigestBegin(context);
if (s != SECSuccess) goto looser;
s = PK11_DigestOp(context, (unsigned char*) data, length);
if (s != SECSuccess) goto looser;
s = PK11_DigestFinal(context, digest, &len, sizeof digest);
if (s != SECSuccess) goto looser;
unsigned char *dgst = xmalloc(len*sizeof(char)); // oauth_body_hash_encode frees the digest..
memcpy(dgst, digest, len);
rv=oauth_body_hash_encode(len, dgst);
looser:
if (context) PK11_DestroyContext(context, PR_TRUE);
if (slot) PK11_FreeSlot(slot);
return rv;
}
static int nss_hash_init(void **pctx, SECOidTag hash_alg)
{
PK11Context *ctx;
/* we have to initialize NSS if not initialized alraedy */
#ifdef HAVE_NSS_INITCONTEXT
if(!NSS_IsInitialized() && !nss_context) {
static NSSInitParameters params;
params.length = sizeof params;
nss_context = NSS_InitContext("", "", "", "", ¶ms, NSS_INIT_READONLY
| NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB | NSS_INIT_FORCEOPEN
| NSS_INIT_NOROOTINIT | NSS_INIT_OPTIMIZESPACE | NSS_INIT_PK11RELOAD);
}
#endif
ctx = PK11_CreateDigestContext(hash_alg);
if(!ctx)
return /* failure */ 0;
if(PK11_DigestBegin(ctx) != SECSuccess) {
PK11_DestroyContext(ctx, PR_TRUE);
return /* failure */ 0;
}
*pctx = ctx;
return /* success */ 1;
}
int sxi_hmac_sha1_init_ex(sxi_hmac_sha1_ctx *ctx,
const void *key, int key_len)
{
if (!ctx)
return 0;
/* NOTE: params must be provided, but may be empty */
SECItem noParams;
noParams.type = siBuffer;
noParams.data = 0;
noParams.len = 0;
if (ctx->context)
PK11_DestroyContext(ctx->context, PR_TRUE);
if (ctx->key)
PK11_FreeSymKey(ctx->key);
if (ctx->keysec)
SECITEM_FreeItem(ctx->keysec, PR_TRUE);
ctx->keysec = SECITEM_AllocItem(NULL, NULL, key_len);
if (ctx->keysec) {
memcpy(ctx->keysec->data, key, key_len);
ctx->key = PK11_ImportSymKey(ctx->slot, CKM_SHA_1_HMAC, PK11_OriginDerive, CKA_SIGN,
ctx->keysec, &noParams);
if(ctx->key) {
ctx->context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, ctx->key, &noParams);
if (ctx->context && PK11_DigestBegin(ctx->context) == SECSuccess)
return 1;
}
}
return 0;
}
static void nss_hash_final(void **pctx, unsigned char *out, unsigned int len)
{
PK11Context *ctx = *pctx;
unsigned int outlen;
PK11_DigestFinal(ctx, out, &outlen, len);
PK11_DestroyContext(ctx, PR_TRUE);
}
void
hmac_final(u_char *output, struct hmac_ctx *ctx)
{
#ifndef HAVE_LIBNSS
const struct hash_desc *h = ctx->h;
h->hash_final(output, &ctx->hash_ctx);
h->hash_init(&ctx->hash_ctx);
h->hash_update(&ctx->hash_ctx, ctx->buf2, HMAC_BUFSIZE);
h->hash_update(&ctx->hash_ctx, output, h->hash_digest_len);
h->hash_final(output, &ctx->hash_ctx);
#else
unsigned int outlen = 0;
SECStatus status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
ctx->ctx_nss = NULL;
ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(ctx->h));
PR_ASSERT(ctx->ctx_nss!=NULL);
status=PK11_DigestBegin(ctx->ctx_nss);
PR_ASSERT(status==SECSuccess);
status=PK11_DigestKey(ctx->ctx_nss, ctx->okey);
PR_ASSERT(status==SECSuccess);
status = PK11_DigestOp(ctx->ctx_nss, output, outlen);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
if(ctx->ikey !=NULL) {
PK11_FreeSymKey(ctx->ikey);
}
if(ctx->okey != NULL) {
PK11_FreeSymKey(ctx->okey);
}
/* DBG(DBG_CRYPT, DBG_log("NSS: hmac final end")); */
#endif
}
/*
* for Secure Messaging in Secure Channel
*/
TPS_PUBLIC PRStatus Util::EncryptData(PK11SymKey *encSessionKey,
Buffer &input, Buffer &output)
{
PRStatus rv = PR_FAILURE;
SECStatus s = SECFailure;
//static SECItem noParams = { siBuffer, 0, 0 };
static unsigned char d[8] = { 0,0,0,0,0,0,0,0 };
static SECItem ivParams = { siBuffer, d, 8 };
PK11Context *context = NULL;
unsigned char result[8];
int len;
int i;
/* this is ECB mode
context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, encSessionKey,
&noParams);
*/
// use CBC mode
context = PK11_CreateContextBySymKey(CKM_DES3_CBC, CKA_ENCRYPT, encSessionKey,
&ivParams);
if (!context) {
goto done;
}
for(i = 0;i < (int)input.size();i += 8) {
s = PK11_CipherOp(context, result, &len, 8,
(unsigned char *)(((BYTE*)input)+i), 8);
if (s != SECSuccess) {
goto done;
}
output.replace(i, result, 8);
}
rv = PR_SUCCESS;
// RA::Debug("Util::EncryptData", "success");
done:
//#define VRFY_ENC_SESSION_KEY
// fix this to use CBC mode later
#ifdef VRFY_ENC_SESSION_KEY
Buffer enc_key_buffer = Buffer((BYTE *) PK11_GetKeyData(encSessionKey)->data, PK11_GetKeyData(encSessionKey)->len);
RA::DebugBuffer("Util::EncryptData", "Verifying Encrypted Data",
&output);
Buffer out1 = Buffer(16, (BYTE)0);
PRStatus status = Util::DecryptData(enc_key_buffer, output, out1);
RA::DebugBuffer("Util::EncryptData", "Decrypted Data",
&out1);
#endif
if( context != NULL ) {
PK11_DestroyContext( context, PR_TRUE );
context = NULL;
}
return rv;
}
static void
ssl_DestroyKeyMaterial(ssl3KeyMaterial *keyMaterial)
{
PK11_FreeSymKey(keyMaterial->key);
PK11_FreeSymKey(keyMaterial->macKey);
if (keyMaterial->macContext != NULL) {
PK11_DestroyContext(keyMaterial->macContext, PR_TRUE);
}
}
PK11SymKey * PK11_Derive_osw(PK11SymKey *base, CK_MECHANISM_TYPE mechanism
, SECItem *param, CK_MECHANISM_TYPE target
, CK_ATTRIBUTE_TYPE operation, int keysize)
{
SECOidTag oid;
PK11Context *ctx;
unsigned char dkey[HMAC_BUFSIZE];
SECItem dkey_param;
SECStatus status;
unsigned int len=0;
CK_EXTRACT_PARAMS bs;
chunk_t dkey_chunk;
if( ((mechanism == CKM_SHA256_KEY_DERIVATION) ||
(mechanism == CKM_SHA384_KEY_DERIVATION)||
(mechanism == CKM_SHA512_KEY_DERIVATION)) && (param == NULL) && (keysize ==0)) {
switch (mechanism) {
case CKM_SHA256_KEY_DERIVATION: oid = SEC_OID_SHA256; break;
case CKM_SHA384_KEY_DERIVATION: oid = SEC_OID_SHA384; break;
case CKM_SHA512_KEY_DERIVATION: oid = SEC_OID_SHA512; break;
default: DBG(DBG_CRYPT, DBG_log("PK11_Derive_osw: Invalid NSS mechanism ")); break; /*should not reach here*/
}
ctx = PK11_CreateDigestContext(oid);
PR_ASSERT(ctx!=NULL);
status=PK11_DigestBegin(ctx);
PR_ASSERT(status == SECSuccess);
status=PK11_DigestKey(ctx, base);
PR_ASSERT(status == SECSuccess);
PK11_DigestFinal(ctx, dkey, &len, sizeof dkey);
PK11_DestroyContext(ctx, PR_TRUE);
dkey_chunk.ptr = dkey;
dkey_chunk.len = len;
PK11SymKey *tkey1 = pk11_derive_wrapper_osw(base, CKM_CONCATENATE_DATA_AND_BASE, dkey_chunk, CKM_EXTRACT_KEY_FROM_KEY, CKA_DERIVE, 0);
PR_ASSERT(tkey1!=NULL);
bs=0;
dkey_param.data = (unsigned char*)&bs;
dkey_param.len = sizeof (bs);
PK11SymKey *tkey2 = PK11_Derive(tkey1, CKM_EXTRACT_KEY_FROM_KEY, &dkey_param, target, operation, len);
PR_ASSERT(tkey2!=NULL);
if(tkey1!=NULL) {
PK11_FreeSymKey(tkey1);
}
return tkey2;
}
else {
return PK11_Derive(base, mechanism, param, target, operation, keysize);
}
}
/*
* This is to get FIPS compliance until we can convert
* libjar to use PK11_ hashing functions. It returns PR_FALSE
* if we can't get a PK11 Context.
*/
PRBool
PK11_HashOK(SECOidTag algID) {
PK11Context *cx;
cx = PK11_CreateDigestContext(algID);
if (cx == NULL) return PR_FALSE;
PK11_DestroyContext(cx, PR_TRUE);
return PR_TRUE;
}
void sxi_md_cleanup(sxi_md_ctx **ctxptr)
{
if (!ctxptr || !*ctxptr)
return;
if ((*ctxptr)->context)
PK11_DestroyContext((*ctxptr)->context, PR_TRUE);
free(*ctxptr);
*ctxptr = NULL;
}
static int sss_nss_crypto_ctx_destructor(struct sss_nss_crypto_ctx *cctx)
{
if (cctx->ectx) PK11_DestroyContext(cctx->ectx, PR_TRUE);
if (cctx->sparam) SECITEM_FreeItem(cctx->sparam, PR_TRUE);
if (cctx->slot) PK11_FreeSlot(cctx->slot);
if (cctx->keyobj) PK11_FreeSymKey(cctx->keyobj);
return EOK;
}
static int decrypt_nss (
knet_handle_t knet_h,
const unsigned char *buf_in,
const ssize_t buf_in_len,
unsigned char *buf_out,
ssize_t *buf_out_len)
{
struct nsscrypto_instance *instance = knet_h->crypto_instance->model_instance;
PK11Context* decrypt_context = NULL;
SECItem decrypt_param;
int tmp1_outlen = 0;
unsigned int tmp2_outlen = 0;
unsigned char *salt = (unsigned char *)buf_in;
unsigned char *data = salt + SALT_SIZE;
int datalen = buf_in_len - SALT_SIZE;
int err = -1;
/* Create cipher context for decryption */
decrypt_param.type = siBuffer;
decrypt_param.data = salt;
decrypt_param.len = SALT_SIZE;
decrypt_context = PK11_CreateContextBySymKey(cipher_to_nss[instance->crypto_cipher_type],
CKA_DECRYPT,
instance->nss_sym_key, &decrypt_param);
if (!decrypt_context) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "PK11_CreateContext (decrypt) failed (err %d)",
PR_GetError());
goto out;
}
if (PK11_CipherOp(decrypt_context, buf_out, &tmp1_outlen,
KNET_DATABUFSIZE_CRYPT, data, datalen) != SECSuccess) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "PK11_CipherOp (decrypt) failed (err %d)",
PR_GetError());
goto out;
}
if (PK11_DigestFinal(decrypt_context, buf_out + tmp1_outlen, &tmp2_outlen,
KNET_DATABUFSIZE_CRYPT - tmp1_outlen) != SECSuccess) {
log_err(knet_h, KNET_SUB_NSSCRYPTO, "PK11_DigestFinal (decrypt) failed (err %d)",
PR_GetError());
goto out;
}
*buf_out_len = tmp1_outlen + tmp2_outlen;
err = 0;
out:
if (decrypt_context) {
PK11_DestroyContext(decrypt_context, PR_TRUE);
}
return err;
}
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
* the message digest and zeroing the context.
*/
void lsMD5Final(unsigned char digest[MD5_DIGEST_SIZE], lsMD5_CTX *context)
{
unsigned int length;
SECStatus status = PK11_DigestFinal(context->ctx_nss, digest, &length,
MD5_DIGEST_SIZE);
passert(status == SECSuccess);
passert(length == MD5_DIGEST_SIZE);
PK11_DestroyContext(context->ctx_nss, PR_TRUE);
}
void
crypto_md5_final(CryptoMd5 md5, uint8 * out_data)
{
unsigned int len;
SECStatus s = PK11_DigestFinal(md5->context, out_data, &len, 16);
check(s, "Error finalizing md5");
ASSERT(len == 16);
PK11_DestroyContext(md5->context, PR_TRUE);
xfree(md5);
}
void
crypto_rc4_free(CryptoRc4 rc4)
{
unsigned int outLen;
SECStatus s = PK11_DigestFinal(rc4->context, NULL, &outLen, 0);
check(s, "Error finalizing rc4");
ASSERT(!outLen);
PK11_DestroyContext(rc4->context, PR_TRUE);
xfree(rc4);
}
void
crypto_sha1_final(CryptoSha1 sha1, uint8 * out_data)
{
unsigned int len;
SECStatus s = PK11_DigestFinal(sha1->context, out_data, &len, 20);
check(s, "Error finalizing sha1");
ASSERT(len == 20);
PK11_DestroyContext(sha1->context, PR_TRUE);
xfree(sha1);
}
static void sha512_hash_final(u_char *hash, sha512_context *ctx)
{
unsigned int len;
SECStatus s;
s = PK11_DigestFinal(ctx->ctx_nss, hash, &len, SHA2_512_DIGEST_SIZE);
passert(s == SECSuccess);
passert(len == SHA2_512_DIGEST_SIZE);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
}
static SECStatus
ssl_MacBuffer(PK11SymKey *key, CK_MECHANISM_TYPE mech,
const unsigned char *in, unsigned int len,
unsigned char *mac, unsigned int *macLen, unsigned int maxMacLen)
{
PK11Context *ctx;
SECItem macParam = { 0, NULL, 0 };
unsigned int computedLen;
SECStatus rv;
ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN, key, &macParam);
if (!ctx) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
rv = PK11_DigestBegin(ctx);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
goto loser;
}
rv = PK11_DigestOp(ctx, in, len);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
goto loser;
}
rv = PK11_DigestFinal(ctx, mac, &computedLen, maxMacLen);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
goto loser;
}
*macLen = maxMacLen;
PK11_DestroyContext(ctx, PR_TRUE);
return SECSuccess;
loser:
PK11_DestroyContext(ctx, PR_TRUE);
return SECFailure;
}
void Curl_nss_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len)
{
PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
unsigned int MD5out;
PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen));
PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len));
PK11_DestroyContext(MD5pw, PR_TRUE);
}
/**
* @brief Clean encryption / decryption context.
* @note After cleanup, a context is free to be reused if necessary.
* @param f The context to use.
* @return Returns APR_ENOTIMPL if not supported.
*/
static apr_status_t crypto_block_cleanup(apr_crypto_block_t *block)
{
if (block->ctx) {
PK11_DestroyContext(block->ctx, PR_TRUE);
block->ctx = NULL;
}
return APR_SUCCESS;
}
gboolean
crypto_md5_hash (const char *salt,
const gsize salt_len,
const char *password,
gsize password_len,
char *buffer,
gsize buflen,
GError **error)
{
PK11Context *ctx;
int nkey = buflen;
unsigned int digest_len;
int count = 0;
char digest[MD5_HASH_LEN];
char *p = buffer;
if (salt)
g_return_val_if_fail (salt_len >= 8, FALSE);
g_return_val_if_fail (password != NULL, FALSE);
g_return_val_if_fail (password_len > 0, FALSE);
g_return_val_if_fail (buffer != NULL, FALSE);
g_return_val_if_fail (buflen > 0, FALSE);
ctx = PK11_CreateDigestContext (SEC_OID_MD5);
if (!ctx) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_MD5_INIT_FAILED,
_("Failed to initialize the MD5 context: %d."),
PORT_GetError ());
return FALSE;
}
while (nkey > 0) {
int i = 0;
PK11_DigestBegin (ctx);
if (count++)
PK11_DigestOp (ctx, (const unsigned char *) digest, digest_len);
PK11_DigestOp (ctx, (const unsigned char *) password, password_len);
if (salt)
PK11_DigestOp (ctx, (const unsigned char *) salt, 8); /* Only use 8 bytes of salt */
PK11_DigestFinal (ctx, (unsigned char *) digest, &digest_len, sizeof (digest));
while (nkey && (i < digest_len)) {
*(p++) = digest[i++];
nkey--;
}
}
memset (digest, 0, sizeof (digest));
PK11_DestroyContext (ctx, PR_TRUE);
return TRUE;
}
SECStatus
PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, const unsigned char *in,
PRInt32 len)
{
PK11Context *context;
unsigned int max_length;
unsigned int out_length;
SECStatus rv;
/* len will be passed to PK11_DigestOp as unsigned. */
if (len < 0) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
context = PK11_CreateDigestContext(hashAlg);
if (context == NULL)
return SECFailure;
rv = PK11_DigestBegin(context);
if (rv != SECSuccess) {
PK11_DestroyContext(context, PR_TRUE);
return rv;
}
rv = PK11_DigestOp(context, in, len);
if (rv != SECSuccess) {
PK11_DestroyContext(context, PR_TRUE);
return rv;
}
/* XXX This really should have been an argument to this function! */
max_length = HASH_ResultLenByOidTag(hashAlg);
PORT_Assert(max_length);
if (!max_length)
max_length = HASH_LENGTH_MAX;
rv = PK11_DigestFinal(context, out, &out_length, max_length);
PK11_DestroyContext(context, PR_TRUE);
return rv;
}
