// Let derIssuer be the DER encoding of the issuer of aCert.
// Let derPublicKey be the DER encoding of the public key of aIssuerCert.
// Let serialNumber be the bytes of the serial number of aCert.
// The value calculated is SHA384(derIssuer || derPublicKey || serialNumber).
// Because the DER encodings include the length of the data encoded,
// there do not exist A(derIssuerA, derPublicKeyA, serialNumberA) and
// B(derIssuerB, derPublicKeyB, serialNumberB) such that the concatenation of
// each triplet results in the same string of bytes but where each part in A is
// not equal to its counterpart in B. This is important because as a result it
// is computationally infeasible to find collisions that would subvert this
// cache (given that SHA384 is a cryptographically-secure hash function).
static SECStatus
CertIDHash(SHA384Buffer& buf, const CERTCertificate* aCert,
const CERTCertificate* aIssuerCert)
{
ScopedPK11Context context(PK11_CreateDigestContext(SEC_OID_SHA384));
if (!context) {
return SECFailure;
}
SECStatus rv = PK11_DigestBegin(context.get());
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), aCert->derIssuer.data,
aCert->derIssuer.len);
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), aIssuerCert->derPublicKey.data,
aIssuerCert->derPublicKey.len);
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), aCert->serialNumber.data,
aCert->serialNumber.len);
if (rv != SECSuccess) {
return rv;
}
uint32_t outLen = 0;
rv = PK11_DigestFinal(context.get(), buf, &outLen, SHA384_LENGTH);
if (outLen != SHA384_LENGTH) {
return SECFailure;
}
return rv;
}
// Let derIssuer be the DER encoding of the issuer of aCert.
// Let derPublicKey be the DER encoding of the public key of aIssuerCert.
// Let serialNumber be the bytes of the serial number of aCert.
// The value calculated is SHA384(derIssuer || derPublicKey || serialNumber).
// Because the DER encodings include the length of the data encoded,
// there do not exist A(derIssuerA, derPublicKeyA, serialNumberA) and
// B(derIssuerB, derPublicKeyB, serialNumberB) such that the concatenation of
// each triplet results in the same string of bytes but where each part in A is
// not equal to its counterpart in B. This is important because as a result it
// is computationally infeasible to find collisions that would subvert this
// cache (given that SHA384 is a cryptographically-secure hash function).
static SECStatus
CertIDHash(SHA384Buffer& buf, const CertID& certID)
{
ScopedPK11Context context(PK11_CreateDigestContext(SEC_OID_SHA384));
if (!context) {
return SECFailure;
}
SECStatus rv = PK11_DigestBegin(context.get());
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), certID.issuer.data, certID.issuer.len);
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), certID.issuerSubjectPublicKeyInfo.data,
certID.issuerSubjectPublicKeyInfo.len);
if (rv != SECSuccess) {
return rv;
}
rv = PK11_DigestOp(context.get(), certID.serialNumber.data,
certID.serialNumber.len);
if (rv != SECSuccess) {
return rv;
}
uint32_t outLen = 0;
rv = PK11_DigestFinal(context.get(), buf, &outLen, SHA384_LENGTH);
if (outLen != SHA384_LENGTH) {
return SECFailure;
}
return rv;
}
gboolean
crypto_md5_hash (const char *salt,
const gsize salt_len,
const char *password,
gsize password_len,
char *buffer,
gsize buflen,
GError **error)
{
PK11Context *ctx;
int nkey = buflen;
unsigned int digest_len;
int count = 0;
char digest[MD5_HASH_LEN];
char *p = buffer;
if (salt)
g_return_val_if_fail (salt_len >= 8, FALSE);
g_return_val_if_fail (password != NULL, FALSE);
g_return_val_if_fail (password_len > 0, FALSE);
g_return_val_if_fail (buffer != NULL, FALSE);
g_return_val_if_fail (buflen > 0, FALSE);
ctx = PK11_CreateDigestContext (SEC_OID_MD5);
if (!ctx) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERR_MD5_INIT_FAILED,
_("Failed to initialize the MD5 context: %d."),
PORT_GetError ());
return FALSE;
}
while (nkey > 0) {
int i = 0;
PK11_DigestBegin (ctx);
if (count++)
PK11_DigestOp (ctx, (const unsigned char *) digest, digest_len);
PK11_DigestOp (ctx, (const unsigned char *) password, password_len);
if (salt)
PK11_DigestOp (ctx, (const unsigned char *) salt, 8); /* Only use 8 bytes of salt */
PK11_DigestFinal (ctx, (unsigned char *) digest, &digest_len, sizeof (digest));
while (nkey && (i < digest_len)) {
*(p++) = digest[i++];
nkey--;
}
}
memset (digest, 0, sizeof (digest));
PK11_DestroyContext (ctx, PR_TRUE);
return TRUE;
}
/*
* J A R _ d i g e s t _ f i l e
*
* Calculates the MD5 and SHA1 digests for a file
* present on disk, and returns these in JAR_Digest struct.
*
*/
int
JAR_digest_file (char *filename, JAR_Digest *dig)
{
JAR_FILE fp;
PK11Context *md5 = 0;
PK11Context *sha1 = 0;
unsigned char *buf = (unsigned char *) PORT_ZAlloc (FILECHUNQ);
int num;
unsigned int md5_length, sha1_length;
if (buf == NULL) {
/* out of memory */
return JAR_ERR_MEMORY;
}
if ((fp = JAR_FOPEN (filename, "rb")) == 0) {
/* perror (filename); FIX XXX XXX XXX XXX XXX XXX */
PORT_Free (buf);
return JAR_ERR_FNF;
}
md5 = PK11_CreateDigestContext (SEC_OID_MD5);
sha1 = PK11_CreateDigestContext (SEC_OID_SHA1);
if (md5 == NULL || sha1 == NULL) {
/* can't generate digest contexts */
PORT_Free (buf);
JAR_FCLOSE (fp);
return JAR_ERR_GENERAL;
}
PK11_DigestBegin (md5);
PK11_DigestBegin (sha1);
while (1) {
if ((num = JAR_FREAD (fp, buf, FILECHUNQ)) == 0)
break;
PK11_DigestOp (md5, buf, num);
PK11_DigestOp (sha1, buf, num);
}
PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
PK11_DestroyContext (md5, PR_TRUE);
PK11_DestroyContext (sha1, PR_TRUE);
PORT_Free (buf);
JAR_FCLOSE (fp);
return 0;
}
static void cpg_deliver_fn (
cpg_handle_t handle,
const struct cpg_name *group_name,
uint32_t nodeid,
uint32_t pid,
void *m,
size_t msg_len)
{
const struct my_msg *msg2 = m;
unsigned char sha1_compare[20];
unsigned int i;
unsigned int sha1_len;
printf ("msg '%s'\n", msg2->buffer);
PK11_DigestBegin(sha1_context);
PK11_DigestOp(sha1_context, msg2->buffer, msg2->msg_size);
PK11_DigestFinal(sha1_context, sha1_compare, &sha1_len, sizeof(sha1_compare));
printf ("SIZE %d HASH: ", msg2->msg_size);
for (i = 0; i < 20; i++) {
printf ("%x", sha1_compare[i]);
}
printf ("\n");
if (memcmp (sha1_compare, msg2->sha1, 20) != 0) {
printf ("incorrect hash\n");
exit (1);
}
deliveries++;
}
/***********************************************************************
*
* PK11MessageDigest.update
*
*/
JNIEXPORT void JNICALL
Java_org_mozilla_jss_pkcs11_PK11MessageDigest_update
(JNIEnv *env, jclass clazz, jobject proxyObj, jbyteArray inbufBA,
jint offset, jint len)
{
PK11Context *context = NULL;
jbyte* bytes = NULL;
if( JSS_PK11_getCipherContext(env, proxyObj, &context) != PR_SUCCESS ) {
/* exception was thrown */
goto finish;
}
PR_ASSERT( (*env)->GetArrayLength(env, inbufBA) >= offset+len );
bytes = (*env)->GetByteArrayElements(env, inbufBA, NULL);
if( bytes == NULL ) {
ASSERT_OUTOFMEM(env);
goto finish;
}
if( PK11_DigestOp(context, (unsigned char*)(bytes+offset), len)
!= SECSuccess )
{
JSS_throwMsg(env, DIGEST_EXCEPTION, "Digest operation failed");
goto finish;
}
finish:
if(bytes) {
(*env)->ReleaseByteArrayElements(env, inbufBA, bytes, JNI_ABORT);
}
}
char *oauth_body_hash_data(size_t length, const char *data) {
PK11SlotInfo *slot = NULL;
PK11Context *context = NULL;
unsigned char digest[20]; // Is there a way to tell how large the output is?
unsigned int len;
SECStatus s;
char *rv=NULL;
oauth_init_nss();
slot = PK11_GetInternalKeySlot();
if (!slot) goto looser;
context = PK11_CreateDigestContext(SEC_OID_SHA1);
if (!context) goto looser;
s = PK11_DigestBegin(context);
if (s != SECSuccess) goto looser;
s = PK11_DigestOp(context, (unsigned char*) data, length);
if (s != SECSuccess) goto looser;
s = PK11_DigestFinal(context, digest, &len, sizeof digest);
if (s != SECSuccess) goto looser;
unsigned char *dgst = xmalloc(len*sizeof(char)); // oauth_body_hash_encode frees the digest..
memcpy(dgst, digest, len);
rv=oauth_body_hash_encode(len, dgst);
looser:
if (context) PK11_DestroyContext(context, PR_TRUE);
if (slot) PK11_FreeSlot(slot);
return rv;
}
void sha512_write(sha512_context *ctx, const unsigned char *datap, int length)
{
SECStatus status = PK11_DigestOp(ctx->ctx_nss, datap, length);
PR_ASSERT(status == SECSuccess);
DBG(DBG_CRYPT, DBG_log("NSS: sha512 write end"));
}
void hmac_final(u_char *output, struct hmac_ctx *ctx)
{
unsigned int outlen = 0;
SECStatus status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen,
ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
ctx->ctx_nss = NULL;
ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(ctx->h));
PR_ASSERT(ctx->ctx_nss != NULL);
status = PK11_DigestBegin(ctx->ctx_nss);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestKey(ctx->ctx_nss, ctx->okey);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestOp(ctx->ctx_nss, output, outlen);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen,
ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
if (ctx->ikey != NULL)
PK11_FreeSymKey(ctx->ikey);
if (ctx->okey != NULL)
PK11_FreeSymKey(ctx->okey);
/* DBG(DBG_CRYPT, DBG_log("NSS: hmac final end")); */
}
/* MAC is generated per PKCS 12 section 6. It is expected that key, msg
* and mac_dest are pre allocated, non-NULL arrays. msg_len is passed in
* because it is not known how long the message actually is. String
* manipulation routines will not necessarily work because msg may have
* imbedded NULLs
*/
SECItem *
sec_pkcs12_generate_mac(SECItem *key,
SECItem *msg,
PRBool old_method)
{
SECStatus res = SECFailure;
SECItem *mac = NULL;
PK11Context *pk11cx = NULL;
SECItem ignore = {0};
if((key == NULL) || (msg == NULL)) {
return NULL;
}
if(old_method == PR_TRUE) {
return sec_pkcs12_generate_old_mac(key, msg);
}
/* allocate return item */
mac = SECITEM_AllocItem(NULL, NULL, SHA1_LENGTH);
if (mac == NULL) {
return NULL;
}
pk11cx = PK11_CreateContextByRawKey(NULL, CKM_SHA_1_HMAC, PK11_OriginDerive,
CKA_SIGN, key, &ignore, NULL);
if (pk11cx == NULL) {
goto loser;
}
res = PK11_DigestBegin(pk11cx);
if (res == SECFailure) {
goto loser;
}
res = PK11_DigestOp(pk11cx, msg->data, msg->len);
if (res == SECFailure) {
goto loser;
}
res = PK11_DigestFinal(pk11cx, mac->data, &mac->len, SHA1_LENGTH);
if (res == SECFailure) {
goto loser;
}
PK11_DestroyContext(pk11cx, PR_TRUE);
pk11cx = NULL;
loser:
if(res != SECSuccess) {
SECITEM_ZfreeItem(mac, PR_TRUE);
mac = NULL;
if (pk11cx) {
PK11_DestroyContext(pk11cx, PR_TRUE);
}
}
return mac;
}
int sxi_hmac_sha1_update(sxi_hmac_sha1_ctx *ctx, const void *d, int len)
{
if (!ctx)
return 0;
if (PK11_DigestOp(ctx->context, d, len) != SECSuccess)
return 0;
return 1;
}
// Let derIssuer be the DER encoding of the issuer of aCert.
// Let derPublicKey be the DER encoding of the public key of aIssuerCert.
// Let serialNumber be the bytes of the serial number of aCert.
// The value calculated is SHA384(derIssuer || derPublicKey || serialNumber).
// Because the DER encodings include the length of the data encoded,
// there do not exist A(derIssuerA, derPublicKeyA, serialNumberA) and
// B(derIssuerB, derPublicKeyB, serialNumberB) such that the concatenation of
// each triplet results in the same string of bytes but where each part in A is
// not equal to its counterpart in B. This is important because as a result it
// is computationally infeasible to find collisions that would subvert this
// cache (given that SHA384 is a cryptographically-secure hash function).
static SECStatus
CertIDHash(SHA384Buffer& buf, const CertID& certID, const char* aIsolationKey)
{
ScopedPK11Context context(PK11_CreateDigestContext(SEC_OID_SHA384));
if (!context) {
return SECFailure;
}
SECStatus rv = PK11_DigestBegin(context.get());
if (rv != SECSuccess) {
return rv;
}
SECItem certIDIssuer = UnsafeMapInputToSECItem(certID.issuer);
rv = PK11_DigestOp(context.get(), certIDIssuer.data, certIDIssuer.len);
if (rv != SECSuccess) {
return rv;
}
SECItem certIDIssuerSubjectPublicKeyInfo =
UnsafeMapInputToSECItem(certID.issuerSubjectPublicKeyInfo);
rv = PK11_DigestOp(context.get(), certIDIssuerSubjectPublicKeyInfo.data,
certIDIssuerSubjectPublicKeyInfo.len);
if (rv != SECSuccess) {
return rv;
}
SECItem certIDSerialNumber =
UnsafeMapInputToSECItem(certID.serialNumber);
rv = PK11_DigestOp(context.get(), certIDSerialNumber.data,
certIDSerialNumber.len);
if (rv != SECSuccess) {
return rv;
}
if (aIsolationKey) {
rv = PK11_DigestOp(context.get(), (const unsigned char*) aIsolationKey,
strlen(aIsolationKey));
if (rv != SECSuccess) {
return rv;
}
}
uint32_t outLen = 0;
rv = PK11_DigestFinal(context.get(), buf, &outLen, SHA384_LENGTH);
if (outLen != SHA384_LENGTH) {
return SECFailure;
}
return rv;
}
void Curl_nss_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len)
{
PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
unsigned int MD5out;
PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen));
PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len));
PK11_DestroyContext(MD5pw, PR_TRUE);
}
void hmac_update(struct hmac_ctx *ctx,
const u_char *data, size_t data_len)
{
DBG(DBG_CRYPT, DBG_dump("hmac_update data value: ", data, data_len));
if (data_len > 0) {
DBG(DBG_CRYPT, DBG_log("hmac_update: inside if"));
SECStatus status = PK11_DigestOp(ctx->ctx_nss, data, data_len);
DBG(DBG_CRYPT, DBG_log("hmac_update: after digest"));
PR_ASSERT(status == SECSuccess);
DBG(DBG_CRYPT, DBG_log("hmac_update: after assert"));
}
}
static void delivery_callback (
cpg_handle_t handle,
const struct cpg_name *groupName,
uint32_t nodeid,
uint32_t pid,
void *msg,
size_t msg_len)
{
log_entry_t *log_pt;
msg_t *msg_pt = (msg_t*)msg;
msg_status_t status = MSG_OK;
char status_buf[20];
unsigned char sha1_compare[20];
unsigned int sha1_len;
if (record_messages_g == 0) {
return;
}
if (nodeid != msg_pt->nodeid) {
status = MSG_NODEID_ERR;
}
if (pid != msg_pt->pid) {
status = MSG_PID_ERR;
}
if (msg_len != msg_pt->size) {
status = MSG_SIZE_ERR;
}
PK11_DigestBegin(sha1_context);
PK11_DigestOp(sha1_context, msg_pt->payload, (msg_pt->size - sizeof (msg_t)));
PK11_DigestFinal(sha1_context, sha1_compare, &sha1_len, sizeof(sha1_compare));
if (memcmp (sha1_compare, msg_pt->sha1, 20) != 0) {
qb_log (LOG_ERR, "msg seq:%d; incorrect hash",
msg_pt->seq);
status = MSG_SHA1_ERR;
}
log_pt = malloc (sizeof(log_entry_t));
qb_list_init (&log_pt->list);
snprintf (log_pt->log, LOG_STR_SIZE, "%u:%d:%d:%s;",
msg_pt->nodeid, msg_pt->seq, my_seq,
err_status_string (status_buf, 20, status));
qb_list_add_tail (&log_pt->list, &msg_log_head);
total_stored_msgs++;
total_msgs_revd++;
my_seq++;
if ((total_msgs_revd % 1000) == 0) {
qb_log (LOG_INFO, "rx %d", total_msgs_revd);
}
}
/*
* J A R _ c a l c u l a t e _ d i g e s t
*
* Quick calculation of a digest for
* the specified block of memory. Will calculate
* for all supported algorithms, now MD5.
*
* This version supports huge pointers for WIN16.
*
*/
JAR_Digest * PR_CALLBACK
JAR_calculate_digest(void *data, long length)
{
PK11Context *md5 = 0;
PK11Context *sha1 = 0;
JAR_Digest *dig = PORT_ZNew(JAR_Digest);
long chunq;
unsigned int md5_length, sha1_length;
if (dig == NULL) {
/* out of memory allocating digest */
return NULL;
}
md5 = PK11_CreateDigestContext(SEC_OID_MD5);
sha1 = PK11_CreateDigestContext(SEC_OID_SHA1);
if (length >= 0) {
PK11_DigestBegin (md5);
PK11_DigestBegin (sha1);
do {
chunq = length;
PK11_DigestOp(md5, (unsigned char*)data, chunq);
PK11_DigestOp(sha1, (unsigned char*)data, chunq);
length -= chunq;
data = ((char *) data + chunq);
}
while (length > 0);
PK11_DigestFinal (md5, dig->md5, &md5_length, MD5_LENGTH);
PK11_DigestFinal (sha1, dig->sha1, &sha1_length, SHA1_LENGTH);
PK11_DestroyContext (md5, PR_TRUE);
PK11_DestroyContext (sha1, PR_TRUE);
}
return dig;
}
void sxi_sha256(const unsigned char *d, size_t n,unsigned char *md)
{
unsigned len;
PK11Context *context = PK11_CreateDigestContext(SEC_OID_SHA256);
if (!context || PK11_DigestBegin(context) != SECSuccess ||
PK11_DigestOp(context, d, n) != SECSuccess ||
PK11_DigestFinal(context, md, &len, SHA256_DIGEST_LENGTH) != SECSuccess)
{
/* TODO: log */
}
if (context)
PK11_DestroyContext(context, PR_TRUE);
}
void
hmac_update(struct hmac_ctx *ctx,
const u_char *data, size_t data_len)
{
#ifdef HAVE_LIBNSS
if(data_len > 0) {
SECStatus status = PK11_DigestOp(ctx->ctx_nss, data, data_len);
PR_ASSERT(status == SECSuccess);
}
#else
ctx->h->hash_update(&ctx->hash_ctx, data, data_len);
#endif
}
/*
* @param(IN) salt salt in binary format
* @param(IN) saltSize number of bytes for the salt
* @param(IN) clearPasswd clearPasswd
* @param(OUT) the hashed password with salt in ascii b64 format
*
* #sample keyfile line
* j2ee;{SSHA}WRWaz20fzw3zN9x5Uzyyk5Wfvrbe4m40rYTPrA==;staff,eng
*/
void sshaPasswd(const char* salt, const int saltSize,const char* clearPasswd,NSString& hashed)
{
//PRBool workaround= PR_FALSE; //PR_TRUE;
const int digestLen = SHA1_LENGTH; //20
unsigned char H[512];
char* pwdAndSalt=NULL;
hashed.clear();
if (!clearPasswd) {
return;
}
int tobeHashedLen = 0;
pwdAndSalt = addSalt(clearPasswd, salt, saltSize,tobeHashedLen);
//if (workaround==PR_TRUE) {
//https_SHA1_Hash(H,pwdAndSalt); //refer lib/libadmin/password.cpp
//} else {
//const int keylen = PRIVATE_KEY_LEN;
//unsigned char DigestPrivatekey[PRIVATE_KEY_LEN];
//PK11_GenerateRandom(DigestPrivatekey, keylen);
PK11Context * SHA1Ctx = PK11_CreateDigestContext(SEC_OID_SHA1);
if (SHA1Ctx==NULL) {
FREE(pwdAndSalt);
return;
}
PK11_DigestBegin(SHA1Ctx);
//PK11_DigestOp(SHA1Ctx, (unsigned char*)pwdAndSalt, strlen(pwdAndSalt) );
PK11_DigestOp(SHA1Ctx, (unsigned char*)pwdAndSalt, tobeHashedLen );
PK11_DigestFinal(SHA1Ctx, (unsigned char *)H, (unsigned int*)&digestLen, sizeof(H));
PK11_DestroyContext(SHA1Ctx, 1);
PR_ASSERT(digestLen==20);
//}
char* base64Val=NULL;
if (salt!=NULL && saltSize>0) {
memcpy(H+20,salt,saltSize); //append salt to hashed passwd
base64Val = BTOA_DataToAscii(H,digestLen+saltSize); //base64.h
} else {
base64Val = BTOA_DataToAscii(H,digestLen); //base64.h
}
hashed.append(SSHA_TAG );
hashed.append(base64Val);
if (base64Val)
PORT_Free(base64Val);
base64Val = NULL;
FREE(pwdAndSalt);
return;
}
static int nr_crypto_nss_hmac(UCHAR *key, int keyl, UCHAR *buf, int bufl,
UCHAR *result) {
CK_MECHANISM_TYPE mech = CKM_SHA_1_HMAC;
PK11SlotInfo *slot = 0;
MOZ_ASSERT(keyl > 0);
SECItem keyi = { siBuffer, key, static_cast<unsigned int>(keyl)};
PK11SymKey *skey = 0;
PK11Context *hmac_ctx = 0;
SECStatus status;
unsigned int hmac_len;
SECItem param = { siBuffer, nullptr, 0 };
int err = R_INTERNAL;
slot = PK11_GetInternalKeySlot();
if (!slot)
goto abort;
skey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap,
CKA_SIGN, &keyi, nullptr);
if (!skey)
goto abort;
hmac_ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN,
skey, ¶m);
if (!hmac_ctx)
goto abort;
status = PK11_DigestBegin(hmac_ctx);
if (status != SECSuccess)
goto abort;
status = PK11_DigestOp(hmac_ctx, buf, bufl);
if (status != SECSuccess)
goto abort;
status = PK11_DigestFinal(hmac_ctx, result, &hmac_len, 20);
if (status != SECSuccess)
goto abort;
MOZ_ASSERT(hmac_len == 20);
err = 0;
abort:
if(hmac_ctx) PK11_DestroyContext(hmac_ctx, PR_TRUE);
if (skey) PK11_FreeSymKey(skey);
if (slot) PK11_FreeSlot(slot);
return err;
}
static int
DigestFile(FILE *outFile, FILE *inFile, SECOidData *hashOID)
{
int nb;
unsigned char ibuf[4096], digest[32];
PK11Context *hashcx;
unsigned int len;
SECStatus rv;
hashcx = PK11_CreateDigestContext(hashOID->offset);
if (hashcx == NULL) {
return -1;
}
PK11_DigestBegin(hashcx);
for (;;) {
if (feof(inFile)) break;
nb = fread(ibuf, 1, sizeof(ibuf), inFile);
if (nb != sizeof(ibuf)) {
if (nb == 0) {
if (ferror(inFile)) {
PORT_SetError(SEC_ERROR_IO);
PK11_DestroyContext(hashcx,PR_TRUE);
return -1;
}
/* eof */
break;
}
}
rv = PK11_DigestOp(hashcx, ibuf, nb);
if (rv != SECSuccess) {
PK11_DestroyContext(hashcx, PR_TRUE);
return -1;
}
}
rv = PK11_DigestFinal(hashcx, digest, &len, 32);
PK11_DestroyContext(hashcx, PR_TRUE);
if (rv != SECSuccess) return -1;
nb = fwrite(digest, 1, len, outFile);
if (nb != len) {
PORT_SetError(SEC_ERROR_IO);
return -1;
}
return 0;
}
NS_IMETHODIMP
DigestOutputStream::Write(const char* aBuf, uint32_t aCount, uint32_t* retval)
{
nsNSSShutDownPreventionLock lock;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
nsresult rv = MapSECStatus(PK11_DigestOp(mDigestContext,
uint8_t_ptr_cast(aBuf), aCount));
NS_ENSURE_SUCCESS(rv, rv);
return mOutputStream->Write(aBuf, aCount, retval);
}
/*
* This code is mostly cargo-cult taken from here:
* http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn5.html
*
* It should implement HMAC with the given mechanism (SHA: 1, 256, 384, 512).
*/
static bool hmac(SECItem *key, CK_MECHANISM_TYPE mech, const SECItem *in,
struct digest_buffer *out)
{
SECItem param = { siBuffer, NULL, 0 };
PK11SlotInfo *slot = NULL;
PK11SymKey *symkey = NULL;
PK11Context *ctx = NULL;
bool ret = false;
SECStatus s;
slot = PK11_GetBestSlot(mech, NULL);
if (slot == NULL) {
slot = PK11_GetInternalKeySlot();
if (slot == NULL) {
goto done;
}
}
symkey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap,
CKA_SIGN, key, NULL);
if (symkey == NULL)
goto done;
ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN, symkey, ¶m);
if (ctx == NULL)
goto done;
s = PK11_DigestBegin(ctx);
if (s != SECSuccess)
goto done;
s = PK11_DigestOp(ctx, in->data, in->len);
if (s != SECSuccess)
goto done;
s = PK11_DigestFinal(ctx, out->buf, &out->len, sizeof(out->buf));
if (s != SECSuccess)
goto done;
ret = true;
done:
if (ctx != NULL)
PK11_DestroyContext(ctx, PR_TRUE);
if (symkey != NULL)
PK11_FreeSymKey(symkey);
if (slot != NULL)
PK11_FreeSlot(slot);
return ret;
}
/* void update ([array, size_is (aLen), const] in octet aData, in unsigned long aLen); */
NS_IMETHODIMP nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen)
{
nsNSSShutDownPreventionLock locker;
if (!mHMACContext)
return NS_ERROR_NOT_INITIALIZED;
if (!aData)
return NS_ERROR_INVALID_ARG;
SECStatus ss = PK11_DigestOp(mHMACContext, aData, aLen);
NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
return NS_OK;
}
void
hmac_final(u_char *output, struct hmac_ctx *ctx)
{
#ifndef HAVE_LIBNSS
const struct hash_desc *h = ctx->h;
h->hash_final(output, &ctx->hash_ctx);
h->hash_init(&ctx->hash_ctx);
h->hash_update(&ctx->hash_ctx, ctx->buf2, HMAC_BUFSIZE);
h->hash_update(&ctx->hash_ctx, output, h->hash_digest_len);
h->hash_final(output, &ctx->hash_ctx);
#else
unsigned int outlen = 0;
SECStatus status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
ctx->ctx_nss = NULL;
ctx->ctx_nss = PK11_CreateDigestContext(nss_hash_oid(ctx->h));
PR_ASSERT(ctx->ctx_nss!=NULL);
status=PK11_DigestBegin(ctx->ctx_nss);
PR_ASSERT(status==SECSuccess);
status=PK11_DigestKey(ctx->ctx_nss, ctx->okey);
PR_ASSERT(status==SECSuccess);
status = PK11_DigestOp(ctx->ctx_nss, output, outlen);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestFinal(ctx->ctx_nss, output, &outlen, ctx->hmac_digest_len);
PR_ASSERT(status == SECSuccess);
PR_ASSERT(outlen == ctx->hmac_digest_len);
PK11_DestroyContext(ctx->ctx_nss, PR_TRUE);
if(ctx->ikey !=NULL) {
PK11_FreeSymKey(ctx->ikey);
}
if(ctx->okey != NULL) {
PK11_FreeSymKey(ctx->okey);
}
/* DBG(DBG_CRYPT, DBG_log("NSS: hmac final end")); */
#endif
}
char *oauth_sign_hmac_sha1_raw (const char *m, const size_t ml, const char *k, const size_t kl) {
PK11SlotInfo *slot = NULL;
PK11SymKey *pkey = NULL;
PK11Context *context = NULL;
unsigned char digest[20]; // Is there a way to tell how large the output is?
unsigned int len;
SECStatus s;
SECItem keyItem, noParams;
char *rv=NULL;
keyItem.type = siBuffer;
keyItem.data = (unsigned char*) k;
keyItem.len = kl;
noParams.type = siBuffer;
noParams.data = NULL;
noParams.len = 0;
oauth_init_nss();
slot = PK11_GetInternalKeySlot();
if (!slot) goto looser;
pkey = PK11_ImportSymKey(slot, CKM_SHA_1_HMAC, PK11_OriginUnwrap, CKA_SIGN, &keyItem, NULL);
if (!pkey) goto looser;
context = PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, CKA_SIGN, pkey, &noParams);
if (!context) goto looser;
s = PK11_DigestBegin(context);
if (s != SECSuccess) goto looser;
s = PK11_DigestOp(context, (unsigned char*) m, ml);
if (s != SECSuccess) goto looser;
s = PK11_DigestFinal(context, digest, &len, sizeof digest);
if (s != SECSuccess) goto looser;
rv=oauth_encode_base64(len, digest);
looser:
if (context) PK11_DestroyContext(context, PR_TRUE);
if (pkey) PK11_FreeSymKey(pkey);
if (slot) PK11_FreeSlot(slot);
return rv;
}
static SECStatus
ssl_MacBuffer(PK11SymKey *key, CK_MECHANISM_TYPE mech,
const unsigned char *in, unsigned int len,
unsigned char *mac, unsigned int *macLen, unsigned int maxMacLen)
{
PK11Context *ctx;
SECItem macParam = { 0, NULL, 0 };
unsigned int computedLen;
SECStatus rv;
ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN, key, &macParam);
if (!ctx) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
rv = PK11_DigestBegin(ctx);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
goto loser;
}
rv = PK11_DigestOp(ctx, in, len);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
goto loser;
}
rv = PK11_DigestFinal(ctx, mac, &computedLen, maxMacLen);
if (rv != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
goto loser;
}
*macLen = maxMacLen;
PK11_DestroyContext(ctx, PR_TRUE);
return SECSuccess;
loser:
PK11_DestroyContext(ctx, PR_TRUE);
return SECFailure;
}
void sha384_hash_buffer(unsigned char *ib, int ile, unsigned char *ob, unsigned int ole)
{
sha512_context ctx;
unsigned int length;
if (ole < 1)
return;
memset(ob, 0, ole);
if (ole > 48)
ole = 48;
sha384_init(&ctx);
SECStatus status = PK11_DigestOp(ctx.ctx_nss, ib, ile);
PR_ASSERT(status == SECSuccess);
status = PK11_DigestFinal(ctx.ctx_nss, ob, &length, ole);
PR_ASSERT(length == ole);
PR_ASSERT(status == SECSuccess);
PK11_DestroyContext(ctx.ctx_nss, PR_TRUE);
DBG(DBG_CRYPT, DBG_log("NSS: sha384 init end"));
}
SECStatus
PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, const unsigned char *in,
PRInt32 len)
{
PK11Context *context;
unsigned int max_length;
unsigned int out_length;
SECStatus rv;
/* len will be passed to PK11_DigestOp as unsigned. */
if (len < 0) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
context = PK11_CreateDigestContext(hashAlg);
if (context == NULL)
return SECFailure;
rv = PK11_DigestBegin(context);
if (rv != SECSuccess) {
PK11_DestroyContext(context, PR_TRUE);
return rv;
}
rv = PK11_DigestOp(context, in, len);
if (rv != SECSuccess) {
PK11_DestroyContext(context, PR_TRUE);
return rv;
}
/* XXX This really should have been an argument to this function! */
max_length = HASH_ResultLenByOidTag(hashAlg);
PORT_Assert(max_length);
if (!max_length)
max_length = HASH_LENGTH_MAX;
rv = PK11_DigestFinal(context, out, &out_length, max_length);
PK11_DestroyContext(context, PR_TRUE);
return rv;
}
char *oauth_body_hash_file(char *filename) {
PK11SlotInfo *slot = NULL;
PK11Context *context = NULL;
unsigned char digest[20]; // Is there a way to tell how large the output is?
unsigned int len;
SECStatus s;
char *rv=NULL;
size_t bl;
unsigned char fb[BUFSIZ];
FILE *F= fopen(filename, "r");
if (!F) return NULL;
oauth_init_nss();
slot = PK11_GetInternalKeySlot();
if (!slot) goto looser;
context = PK11_CreateDigestContext(SEC_OID_SHA1);
if (!context) goto looser;
s = PK11_DigestBegin(context);
if (s != SECSuccess) goto looser;
while (!feof(F) && (bl=fread(fb,sizeof(char),BUFSIZ, F))>0) {
s = PK11_DigestOp(context, (unsigned char*) fb, bl);
if (s != SECSuccess) goto looser;
}
s = PK11_DigestFinal(context, digest, &len, sizeof digest);
if (s != SECSuccess) goto looser;
unsigned char *dgst = xmalloc(len*sizeof(char)); // oauth_body_hash_encode frees the digest..
memcpy(dgst, digest, len);
rv=oauth_body_hash_encode(len, dgst);
looser:
fclose(F);
if (context) PK11_DestroyContext(context, PR_TRUE);
if (slot) PK11_FreeSlot(slot);
return rv;
}
