Mercurial > trustbridge > nss-cmake-static

diff nss/lib/softoken/sftkhmac.c @ 0:1e5118fa0cb1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nss/lib/softoken/sftkhmac.c	Mon Jul 28 10:47:06 2014 +0200
@@ -0,0 +1,192 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "seccomon.h"
+#include "secerr.h"
+#include "blapi.h"
+#include "pkcs11i.h"
+#include "softoken.h"
+#include "hmacct.h"
+
+/* MACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash
+ * type. */
+static HASH_HashType
+MACMechanismToHash(CK_MECHANISM_TYPE mech)
+{
+    switch (mech) {
+	case CKM_MD5_HMAC:
+	case CKM_SSL3_MD5_MAC:
+	    return HASH_AlgMD5;
+	case CKM_SHA_1_HMAC:
+	case CKM_SSL3_SHA1_MAC:
+	    return HASH_AlgSHA1;
+	case CKM_SHA224_HMAC:
+	    return HASH_AlgSHA224;
+	case CKM_SHA256_HMAC:
+	    return HASH_AlgSHA256;
+	case CKM_SHA384_HMAC:
+	    return HASH_AlgSHA384;
+	case CKM_SHA512_HMAC:
+	    return HASH_AlgSHA512;
+    }
+    return HASH_AlgNULL;
+}
+
+static sftk_MACConstantTimeCtx *
+SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key)
+{
+    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
+	(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;
+    sftk_MACConstantTimeCtx *ctx;
+    HASH_HashType alg;
+    SFTKAttribute *keyval;
+    unsigned char secret[sizeof(ctx->secret)];
+    unsigned int secretLength;
+
+    if (mech->ulParameterLen != sizeof(CK_NSS_MAC_CONSTANT_TIME_PARAMS)) {
+	return NULL;
+    }
+
+    alg = MACMechanismToHash(params->macAlg);
+    if (alg == HASH_AlgNULL) {
+	return NULL;
+    }
+
+    keyval = sftk_FindAttribute(key,CKA_VALUE);
+    if (keyval == NULL) {
+	return NULL;
+    }
+    secretLength = keyval->attrib.ulValueLen;
+    if (secretLength > sizeof(secret)) {
+	sftk_FreeAttribute(keyval);
+	return NULL;
+    }
+    memcpy(secret, keyval->attrib.pValue, secretLength);
+    sftk_FreeAttribute(keyval);
+
+    ctx = PORT_Alloc(sizeof(sftk_MACConstantTimeCtx));
+    if (!ctx) {
+	return NULL;
+    }
+
+    memcpy(ctx->secret, secret, secretLength);
+    ctx->secretLength = secretLength;
+    ctx->hash = HASH_GetRawHashObject(alg);
+    ctx->totalLength = params->ulBodyTotalLen;
+
+    return ctx;
+}
+
+sftk_MACConstantTimeCtx *
+sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)
+{
+    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
+	(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;
+    sftk_MACConstantTimeCtx *ctx;
+
+    if (params->ulHeaderLen > sizeof(ctx->header)) {
+	return NULL;
+    }
+    ctx = SetupMAC(mech, key);
+    if (!ctx) {
+	return NULL;
+    }
+
+    ctx->headerLength = params->ulHeaderLen;
+    memcpy(ctx->header, params->pHeader, params->ulHeaderLen);
+    return ctx;
+}
+
+sftk_MACConstantTimeCtx *
+sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)
+{
+    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
+	(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;
+    unsigned int padLength = 40, j;
+    sftk_MACConstantTimeCtx *ctx;
+
+    if (params->macAlg != CKM_SSL3_MD5_MAC &&
+	params->macAlg != CKM_SSL3_SHA1_MAC) {
+	return NULL;
+    }
+    ctx = SetupMAC(mech, key);
+    if (!ctx) {
+	return NULL;
+    }
+
+    if (params->macAlg == CKM_SSL3_MD5_MAC) {
+	padLength = 48;
+    }
+
+    ctx->headerLength =
+	ctx->secretLength +
+	padLength +
+	params->ulHeaderLen;
+
+    if (ctx->headerLength > sizeof(ctx->header)) {
+	goto loser;
+    }
+
+    j = 0;
+    memcpy(&ctx->header[j], ctx->secret, ctx->secretLength);
+    j += ctx->secretLength;
+    memset(&ctx->header[j], 0x36, padLength);
+    j += padLength;
+    memcpy(&ctx->header[j], params->pHeader, params->ulHeaderLen);
+
+    return ctx;
+
+loser:
+    PORT_Free(ctx);
+    return NULL;
+}
+
+void
+sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len)
+{
+    sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx;
+    SECStatus rv = HMAC_ConstantTime(
+	ctx->mac, NULL, sizeof(ctx->mac),
+	ctx->hash,
+	ctx->secret, ctx->secretLength,
+	ctx->header, ctx->headerLength,
+	data, len,
+	ctx->totalLength);
+    PORT_Assert(rv == SECSuccess);
+}
+
+void
+sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len)
+{
+    sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx;
+    SECStatus rv = SSLv3_MAC_ConstantTime(
+	ctx->mac, NULL, sizeof(ctx->mac),
+	ctx->hash,
+	ctx->secret, ctx->secretLength,
+	ctx->header, ctx->headerLength,
+	data, len,
+	ctx->totalLength);
+    PORT_Assert(rv == SECSuccess);
+}
+
+void
+sftk_MACConstantTime_EndHash(void *pctx, void *out, unsigned int *outLength,
+			     unsigned int maxLength)
+{
+    const sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx;
+    unsigned int toCopy = ctx->hash->length;
+    if (toCopy > maxLength) {
+	toCopy = maxLength;
+    }
+    memcpy(out, ctx->mac, toCopy);
+    if (outLength) {
+	*outLength = toCopy;
+    }
+}
+
+void
+sftk_MACConstantTime_DestroyContext(void *pctx, PRBool free)
+{
+    PORT_Free(pctx);
+}
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)