SECStatus tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2in, SSLHashType baseHash, PK11SymKey **prkp) { CK_NSS_HKDFParams params; SECItem paramsi; SECStatus rv; SECItem *salt; PK11SymKey *prk; static const PRUint8 zeroKeyBuf[HASH_LENGTH_MAX]; PK11SymKey *zeroKey = NULL; PK11SlotInfo *slot = NULL; PK11SymKey *ikm2; params.bExtract = CK_TRUE; params.bExpand = CK_FALSE; params.pInfo = NULL; params.ulInfoLen = 0UL; if (ikm1) { /* TODO([email protected]): This violates the PKCS#11 key boundary * but is imposed on us by the present HKDF interface. */ rv = PK11_ExtractKeyValue(ikm1); if (rv != SECSuccess) return rv; salt = PK11_GetKeyData(ikm1); if (!salt) return SECFailure; params.pSalt = salt->data; params.ulSaltLen = salt->len; PORT_Assert(salt->len > 0); } else { /* Per documentation for CKM_NSS_HKDF_*: * * If the optional salt is given, it is used; otherwise, the salt is * set to a sequence of zeros equal in length to the HMAC output. */ params.pSalt = NULL; params.ulSaltLen = 0UL; } paramsi.data = (unsigned char *)¶ms; paramsi.len = sizeof(params); PORT_Assert(kTlsHkdfInfo[baseHash].pkcs11Mech); PORT_Assert(kTlsHkdfInfo[baseHash].hashSize); PORT_Assert(kTlsHkdfInfo[baseHash].hash == baseHash); /* A zero ikm2 is a key of hash-length 0s. */ if (!ikm2in) { SECItem zeroItem = { siBuffer, (unsigned char *)zeroKeyBuf, kTlsHkdfInfo[baseHash].hashSize }; slot = PK11_GetInternalSlot(); if (!slot) { return SECFailure; } zeroKey = PK11_ImportSymKey(slot, kTlsHkdfInfo[baseHash].pkcs11Mech, PK11_OriginUnwrap, CKA_DERIVE, &zeroItem, NULL); if (!zeroKey) return SECFailure; ikm2 = zeroKey; } else { ikm2 = ikm2in; } PORT_Assert(ikm2); PRINT_BUF(50, (NULL, "HKDF Extract: IKM1/Salt", params.pSalt, params.ulSaltLen)); PRINT_KEY(50, (NULL, "HKDF Extract: IKM2", ikm2)); prk = PK11_Derive(ikm2, kTlsHkdfInfo[baseHash].pkcs11Mech, ¶msi, kTlsHkdfInfo[baseHash].pkcs11Mech, CKA_DERIVE, kTlsHkdfInfo[baseHash].hashSize); if (zeroKey) PK11_FreeSymKey(zeroKey); if (slot) PK11_FreeSlot(slot); if (!prk) return SECFailure; PRINT_KEY(50, (NULL, "HKDF Extract", prk)); *prkp = prk; return SECSuccess; }
void PrintFindData2(LPCTSTR szFilePath, FILE *stream) { FILETIME ft; SYSTEMTIME st; DWORD dwVerInfoSize; DWORD dwVerHnd=0; BOOL bRetCode; LPSTR lpBuffer; UINT* dwBytes = new UINT; char *fileName; char fullName[256]; dwVerInfoSize = GetFileVersionInfoSize(szFilePath, &dwVerHnd); if (dwVerInfoSize) { LPTSTR lpstrVffInfo; HANDLE hMem; hMem = GlobalAlloc(GMEM_MOVEABLE, dwVerInfoSize); lpstrVffInfo = (TCHAR *)GlobalLock(hMem); GetFileVersionInfo(szFilePath, dwVerHnd, dwVerInfoSize, lpstrVffInfo); // Company Name #define PRINT_KEY(x) \ bRetCode = VerQueryValue((LPVOID)lpstrVffInfo, TEXT("\\StringFileInfo\\000004E4\\"##x), (LPVOID *)&lpBuffer, dwBytes);\ if(bRetCode)\ {\ _ftprintf(stream, _T("%s:%s, "), ##x, lpBuffer);\ }\ else\ _ftprintf(stream, _T(", ")); PRINT_KEY(_T("CompanyName")); PRINT_KEY(_T("FileDescription")); PRINT_KEY(_T("FileVersion")); PRINT_KEY(_T("InternalName")); PRINT_KEY(_T("LegalCopyright")); PRINT_KEY(_T("OriginalFilename")); PRINT_KEY(_T("ProductName")); PRINT_KEY(_T("ProductVersion")); PRINT_KEY(_T("Comments")); PRINT_KEY(_T("LegalTrademarks")); PRINT_KEY(_T("PrivateBuild")); PRINT_KEY(_T("SpecialBuild")); _ftprintf(stream, _T("\n")); } else _ftprintf(stream, _T(", , , , , , , , , , ,\n")); }
SECStatus tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash, const PRUint8 *handshakeHash, unsigned int handshakeHashLen, const char *label, unsigned int labelLen, CK_MECHANISM_TYPE algorithm, unsigned int keySize, PK11SymKey **keyp) { CK_NSS_HKDFParams params; SECItem paramsi = { siBuffer, NULL, 0 }; /* Size of info array needs to be big enough to hold the maximum Prefix, * Label, plus HandshakeHash. If it's ever to small, the code will abort. */ PRUint8 info[256]; PRUint8 *ptr = info; unsigned int infoLen; PK11SymKey *derived; const char *kLabelPrefix = "TLS 1.3, "; const unsigned int kLabelPrefixLen = strlen(kLabelPrefix); if (handshakeHash) { PORT_Assert(handshakeHashLen == kTlsHkdfInfo[baseHash].hashSize * 2); } else { PORT_Assert(!handshakeHashLen); } /* * [draft-ietf-tls-tls13-11] Section 7.1: * * HKDF-Expand-Label(Secret, Label, HashValue, Length) = * HKDF-Expand(Secret, HkdfLabel, Length) * * Where HkdfLabel is specified as: * * struct HkdfLabel { * uint16 length; * opaque label<9..255>; * opaque hash_value<0..255>; * }; * * Where: * - HkdfLabel.length is Length * - HkdfLabel.hash_value is HashValue. * - HkdfLabel.label is "TLS 1.3, " + Label * */ infoLen = 2 + 1 + kLabelPrefixLen + labelLen + 1 + handshakeHashLen; if (infoLen > sizeof(info)) { PORT_Assert(0); goto abort; } ptr = tls13_EncodeUintX(keySize, 2, ptr); ptr = tls13_EncodeUintX(labelLen + kLabelPrefixLen, 1, ptr); PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen); ptr += kLabelPrefixLen; PORT_Memcpy(ptr, label, labelLen); ptr += labelLen; ptr = tls13_EncodeUintX(handshakeHashLen, 1, ptr); if (handshakeHash) { PORT_Memcpy(ptr, handshakeHash, handshakeHashLen); ptr += handshakeHashLen; } PORT_Assert((ptr - info) == infoLen); params.bExtract = CK_FALSE; params.bExpand = CK_TRUE; params.pInfo = info; params.ulInfoLen = infoLen; paramsi.data = (unsigned char *)¶ms; paramsi.len = sizeof(params); derived = PK11_DeriveWithFlags(prk, kTlsHkdfInfo[baseHash].pkcs11Mech, ¶msi, algorithm, CKA_DERIVE, keySize, CKF_SIGN | CKF_VERIFY); if (!derived) return SECFailure; *keyp = derived; #ifdef TRACE if (ssl_trace >= 10) { /* Make sure the label is null terminated. */ char labelStr[100]; PORT_Memcpy(labelStr, label, labelLen); labelStr[labelLen] = 0; SSL_TRC(50, ("HKDF Expand: label=[TLS 1.3, ] + '%s',requested length=%d", labelStr, keySize)); } PRINT_KEY(50, (NULL, "PRK", prk)); PRINT_BUF(50, (NULL, "Hash", handshakeHash, handshakeHashLen)); PRINT_BUF(50, (NULL, "Info", info, infoLen)); PRINT_KEY(50, (NULL, "Derived key", derived)); #endif return SECSuccess; abort: PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE); return SECFailure; }
bool ossimPredatorKlvTable::addKeys(const ossim_uint8* buffer, ossim_uint32 length) { std::vector<ossim_uint8> bufferToParse; bufferToParse = theNeedToParseBuffer; if(buffer) { bufferToParse.insert(bufferToParse.end(), buffer, buffer + length); } theNeedToParseBuffer.clear(); ossim_uint32 currentIdx = 0; ossim_uint32 totalLen = bufferToParse.size(); const ossim_uint8* bufPtr = &bufferToParse.front(); if(totalLen < 1) return false; while(std::equal(theKlvKey, theKlvKey + 4, &bufPtr[currentIdx])) // while we are looking at klv keys keep parsing { if((currentIdx+16) >= totalLen) { theNeedToParseBuffer.clear(); theNeedToParseBuffer.insert(theNeedToParseBuffer.end(), &bufPtr[currentIdx], &bufPtr[totalLen]); return true; } ossimPredatorKlvTable::Node node; ossim_uint32 saveIdx = currentIdx; node.theId = findPredatorKlvIndex(&bufPtr[currentIdx]); if(node.theId < 0) { if(traceDebug()) { ossim_uint32 tempId = currentIdx + 16; std::cout << "**************UNDEFINED KEY**************\n"; std::cout << "WITH SIZE === " << klv_decode_length(bufPtr, tempId) << std::endl; PRINT_KEY(&bufPtr[currentIdx]); } //ossim_uint32 tempId = currentIdx + 16; //std::cout << "**************UNDEFINED KEY**************\n"; //std::cout << "WITH SIZE === " << klv_decode_length(bufPtr, tempId) << std::endl; // PRINT_KEY(&bufPtr[currentIdx]); // //ossim_float32 f = *reinterpret_cast<const ossim_float32*>(&bufPtr[tempId]); //theEndian.swap(f); // std::cout << "POSSIBLE VALUE === " << f << std::endl; } //PRINT_KEY(&bufPtr[currentIdx]); currentIdx += 16; int klvLength = klv_decode_length(bufPtr, currentIdx); if(klvLength > 0) { if((currentIdx + klvLength) <= totalLen) { node.theValue.insert(node.theValue.end(), &bufPtr[currentIdx], &bufPtr[currentIdx + klvLength]); currentIdx += klvLength; if(node.theId >=0) { if((node.theId == KLV_BASIC_UNIVERSAL_METADATA_SET)|| (node.theId == KLV_KEY_SECURITY_CLASSIFICATION_SET)) { theNeedToParseBuffer.insert(theNeedToParseBuffer.end(), node.theValue.begin(), node.theValue.end()); theNeedToParseBuffer.insert(theNeedToParseBuffer.end(), &bufPtr[currentIdx], &bufPtr[totalLen]); return addKeys(0,0); } else if(node.theId == KLV_UAS_DATALINK_LOCAL_DATASET) { addUasDatalinkLocalDataSet(node.theValue); return addKeys(0,0); } else { theKlvParameters.insert(std::make_pair(static_cast<ossimPredatorKlvIndex>(node.theId), node)); // std::cout << "VALUE = " << getValueAsString((PredatorKlvIndex)node.theId) << std::endl; // std::cout << "SIZE = " << klvLength << std::endl; } } } else { theNeedToParseBuffer.insert(theNeedToParseBuffer.end(), &bufPtr[saveIdx], &bufPtr[totalLen]); return true; } } if(currentIdx >= totalLen) return false; } return false; }