Mercurial > trustbridge > nss-cmake-static
comparison nss/lib/softoken/sftkhmac.c @ 0:1e5118fa0cb1
This is NSS with a Cmake Buildsyste
To compile a static NSS library for Windows we've used the
Chromium-NSS fork and added a Cmake buildsystem to compile
it statically for Windows. See README.chromium for chromium
changes and README.trustbridge for our modifications.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Mon, 28 Jul 2014 10:47:06 +0200 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
-1:000000000000 | 0:1e5118fa0cb1 |
---|---|
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 | |
5 #include "seccomon.h" | |
6 #include "secerr.h" | |
7 #include "blapi.h" | |
8 #include "pkcs11i.h" | |
9 #include "softoken.h" | |
10 #include "hmacct.h" | |
11 | |
12 /* MACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash | |
13 * type. */ | |
14 static HASH_HashType | |
15 MACMechanismToHash(CK_MECHANISM_TYPE mech) | |
16 { | |
17 switch (mech) { | |
18 case CKM_MD5_HMAC: | |
19 case CKM_SSL3_MD5_MAC: | |
20 return HASH_AlgMD5; | |
21 case CKM_SHA_1_HMAC: | |
22 case CKM_SSL3_SHA1_MAC: | |
23 return HASH_AlgSHA1; | |
24 case CKM_SHA224_HMAC: | |
25 return HASH_AlgSHA224; | |
26 case CKM_SHA256_HMAC: | |
27 return HASH_AlgSHA256; | |
28 case CKM_SHA384_HMAC: | |
29 return HASH_AlgSHA384; | |
30 case CKM_SHA512_HMAC: | |
31 return HASH_AlgSHA512; | |
32 } | |
33 return HASH_AlgNULL; | |
34 } | |
35 | |
36 static sftk_MACConstantTimeCtx * | |
37 SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key) | |
38 { | |
39 CK_NSS_MAC_CONSTANT_TIME_PARAMS *params = | |
40 (CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter; | |
41 sftk_MACConstantTimeCtx *ctx; | |
42 HASH_HashType alg; | |
43 SFTKAttribute *keyval; | |
44 unsigned char secret[sizeof(ctx->secret)]; | |
45 unsigned int secretLength; | |
46 | |
47 if (mech->ulParameterLen != sizeof(CK_NSS_MAC_CONSTANT_TIME_PARAMS)) { | |
48 return NULL; | |
49 } | |
50 | |
51 alg = MACMechanismToHash(params->macAlg); | |
52 if (alg == HASH_AlgNULL) { | |
53 return NULL; | |
54 } | |
55 | |
56 keyval = sftk_FindAttribute(key,CKA_VALUE); | |
57 if (keyval == NULL) { | |
58 return NULL; | |
59 } | |
60 secretLength = keyval->attrib.ulValueLen; | |
61 if (secretLength > sizeof(secret)) { | |
62 sftk_FreeAttribute(keyval); | |
63 return NULL; | |
64 } | |
65 memcpy(secret, keyval->attrib.pValue, secretLength); | |
66 sftk_FreeAttribute(keyval); | |
67 | |
68 ctx = PORT_Alloc(sizeof(sftk_MACConstantTimeCtx)); | |
69 if (!ctx) { | |
70 return NULL; | |
71 } | |
72 | |
73 memcpy(ctx->secret, secret, secretLength); | |
74 ctx->secretLength = secretLength; | |
75 ctx->hash = HASH_GetRawHashObject(alg); | |
76 ctx->totalLength = params->ulBodyTotalLen; | |
77 | |
78 return ctx; | |
79 } | |
80 | |
81 sftk_MACConstantTimeCtx * | |
82 sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key) | |
83 { | |
84 CK_NSS_MAC_CONSTANT_TIME_PARAMS *params = | |
85 (CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter; | |
86 sftk_MACConstantTimeCtx *ctx; | |
87 | |
88 if (params->ulHeaderLen > sizeof(ctx->header)) { | |
89 return NULL; | |
90 } | |
91 ctx = SetupMAC(mech, key); | |
92 if (!ctx) { | |
93 return NULL; | |
94 } | |
95 | |
96 ctx->headerLength = params->ulHeaderLen; | |
97 memcpy(ctx->header, params->pHeader, params->ulHeaderLen); | |
98 return ctx; | |
99 } | |
100 | |
101 sftk_MACConstantTimeCtx * | |
102 sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key) | |
103 { | |
104 CK_NSS_MAC_CONSTANT_TIME_PARAMS *params = | |
105 (CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter; | |
106 unsigned int padLength = 40, j; | |
107 sftk_MACConstantTimeCtx *ctx; | |
108 | |
109 if (params->macAlg != CKM_SSL3_MD5_MAC && | |
110 params->macAlg != CKM_SSL3_SHA1_MAC) { | |
111 return NULL; | |
112 } | |
113 ctx = SetupMAC(mech, key); | |
114 if (!ctx) { | |
115 return NULL; | |
116 } | |
117 | |
118 if (params->macAlg == CKM_SSL3_MD5_MAC) { | |
119 padLength = 48; | |
120 } | |
121 | |
122 ctx->headerLength = | |
123 ctx->secretLength + | |
124 padLength + | |
125 params->ulHeaderLen; | |
126 | |
127 if (ctx->headerLength > sizeof(ctx->header)) { | |
128 goto loser; | |
129 } | |
130 | |
131 j = 0; | |
132 memcpy(&ctx->header[j], ctx->secret, ctx->secretLength); | |
133 j += ctx->secretLength; | |
134 memset(&ctx->header[j], 0x36, padLength); | |
135 j += padLength; | |
136 memcpy(&ctx->header[j], params->pHeader, params->ulHeaderLen); | |
137 | |
138 return ctx; | |
139 | |
140 loser: | |
141 PORT_Free(ctx); | |
142 return NULL; | |
143 } | |
144 | |
145 void | |
146 sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len) | |
147 { | |
148 sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; | |
149 SECStatus rv = HMAC_ConstantTime( | |
150 ctx->mac, NULL, sizeof(ctx->mac), | |
151 ctx->hash, | |
152 ctx->secret, ctx->secretLength, | |
153 ctx->header, ctx->headerLength, | |
154 data, len, | |
155 ctx->totalLength); | |
156 PORT_Assert(rv == SECSuccess); | |
157 } | |
158 | |
159 void | |
160 sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len) | |
161 { | |
162 sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; | |
163 SECStatus rv = SSLv3_MAC_ConstantTime( | |
164 ctx->mac, NULL, sizeof(ctx->mac), | |
165 ctx->hash, | |
166 ctx->secret, ctx->secretLength, | |
167 ctx->header, ctx->headerLength, | |
168 data, len, | |
169 ctx->totalLength); | |
170 PORT_Assert(rv == SECSuccess); | |
171 } | |
172 | |
173 void | |
174 sftk_MACConstantTime_EndHash(void *pctx, void *out, unsigned int *outLength, | |
175 unsigned int maxLength) | |
176 { | |
177 const sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx; | |
178 unsigned int toCopy = ctx->hash->length; | |
179 if (toCopy > maxLength) { | |
180 toCopy = maxLength; | |
181 } | |
182 memcpy(out, ctx->mac, toCopy); | |
183 if (outLength) { | |
184 *outLength = toCopy; | |
185 } | |
186 } | |
187 | |
188 void | |
189 sftk_MACConstantTime_DestroyContext(void *pctx, PRBool free) | |
190 { | |
191 PORT_Free(pctx); | |
192 } |