| OLD | NEW |
|---|
| (Empty) |
| 1 /* tlsprf.c - TLS Pseudo Random Function (PRF) implementation | |
| 2 * | |
| 3 * This Source Code Form is subject to the terms of the Mozilla Public | |
| 4 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 6 | |
| 7 #include "pkcs11i.h" | |
| 8 #include "blapi.h" | |
| 9 #include "secerr.h" | |
| 10 | |
| 11 #define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb))) | |
| 12 | |
| 13 static void sftk_TLSPRFNull(void *data, PRBool freeit) | |
| 14 { | |
| 15 return; | |
| 16 } | |
| 17 | |
| 18 typedef struct { | |
| 19 PRUint32 cxSize; /* size of allocated block, in bytes. */ | |
| 20 PRUint32 cxBufSize; /* sizeof buffer at cxBufPtr. */ | |
| 21 unsigned char *cxBufPtr; /* points to real buffer, may be cxBuf. */ | |
| 22 PRUint32 cxKeyLen; /* bytes of cxBufPtr containing key. */ | |
| 23 PRUint32 cxDataLen; /* bytes of cxBufPtr containing data. */ | |
| 24 SECStatus cxRv; /* records failure of void functions. */ | |
| 25 PRBool cxIsFIPS; /* true if conforming to FIPS 198. */ | |
| 26 HASH_HashType cxHashAlg; /* hash algorithm to use for TLS 1.2+ */ | |
| 27 unsigned int cxOutLen; /* bytes of output if nonzero */ | |
| 28 unsigned char cxBuf[512]; /* actual size may be larger than 512. */ | |
| 29 } TLSPRFContext; | |
| 30 | |
| 31 static void | |
| 32 sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, | |
| 33 unsigned int data_len) | |
| 34 { | |
| 35 PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen; | |
| 36 | |
| 37 if (cx->cxRv != SECSuccess) /* function has previously failed. */ | |
| 38 return; | |
| 39 if (bytesUsed + data_len > cx->cxBufSize) { | |
| 40 /* We don't use realloc here because | |
| 41 ** (a) realloc doesn't zero out the old block, and | |
| 42 ** (b) if realloc fails, we lose the old block. | |
| 43 */ | |
| 44 PRUint32 newBufSize = bytesUsed + data_len + 512; | |
| 45 unsigned char * newBuf = (unsigned char *)PORT_Alloc(newBufSize); | |
| 46 if (!newBuf) { | |
| 47 cx->cxRv = SECFailure; | |
| 48 return; | |
| 49 } | |
| 50 PORT_Memcpy(newBuf, cx->cxBufPtr, bytesUsed); | |
| 51 if (cx->cxBufPtr != cx->cxBuf) { | |
| 52 PORT_ZFree(cx->cxBufPtr, bytesUsed); | |
| 53 } | |
| 54 cx->cxBufPtr = newBuf; | |
| 55 cx->cxBufSize = newBufSize; | |
| 56 } | |
| 57 PORT_Memcpy(cx->cxBufPtr + bytesUsed, data, data_len); | |
| 58 cx->cxDataLen += data_len; | |
| 59 } | |
| 60 | |
| 61 static void | |
| 62 sftk_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout, | |
| 63 unsigned int *pDigestLen, unsigned int maxDigestLen) | |
| 64 { | |
| 65 *pDigestLen = 0; /* tells Verify that no data has been input yet. */ | |
| 66 } | |
| 67 | |
| 68 /* Compute the PRF values from the data previously input. */ | |
| 69 static SECStatus | |
| 70 sftk_TLSPRFUpdate(TLSPRFContext *cx, | |
| 71 unsigned char *sig, /* output goes here. */ | |
| 72 unsigned int * sigLen, /* how much output. */ | |
| 73 unsigned int maxLen, /* output buffer size */ | |
| 74 unsigned char *hash, /* unused. */ | |
| 75 unsigned int hashLen) /* unused. */ | |
| 76 { | |
| 77 SECStatus rv; | |
| 78 SECItem sigItem; | |
| 79 SECItem seedItem; | |
| 80 SECItem secretItem; | |
| 81 | |
| 82 if (cx->cxRv != SECSuccess) | |
| 83 return cx->cxRv; | |
| 84 | |
| 85 secretItem.data = cx->cxBufPtr; | |
| 86 secretItem.len = cx->cxKeyLen; | |
| 87 | |
| 88 seedItem.data = cx->cxBufPtr + cx->cxKeyLen; | |
| 89 seedItem.len = cx->cxDataLen; | |
| 90 | |
| 91 sigItem.data = sig; | |
| 92 if (cx->cxOutLen == 0) { | |
| 93 sigItem.len = maxLen; | |
| 94 } else if (cx->cxOutLen <= maxLen) { | |
| 95 sigItem.len = cx->cxOutLen; | |
| 96 } else { | |
| 97 PORT_SetError(SEC_ERROR_OUTPUT_LEN); | |
| 98 return SECFailure; | |
| 99 } | |
| 100 | |
| 101 if (cx->cxHashAlg != HASH_AlgNULL) { | |
| 102 rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem, | |
| 103 cx->cxIsFIPS); | |
| 104 } else { | |
| 105 rv = TLS_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS); | |
| 106 } | |
| 107 if (rv == SECSuccess && sigLen != NULL) | |
| 108 *sigLen = sigItem.len; | |
| 109 return rv; | |
| 110 | |
| 111 } | |
| 112 | |
| 113 static SECStatus | |
| 114 sftk_TLSPRFVerify(TLSPRFContext *cx, | |
| 115 unsigned char *sig, /* input, for comparison. */ | |
| 116 unsigned int sigLen, /* length of sig. */ | |
| 117 unsigned char *hash, /* data to be verified. */ | |
| 118 unsigned int hashLen) /* size of hash data. */ | |
| 119 { | |
| 120 unsigned char * tmp = (unsigned char *)PORT_Alloc(sigLen); | |
| 121 unsigned int tmpLen = sigLen; | |
| 122 SECStatus rv; | |
| 123 | |
| 124 if (!tmp) | |
| 125 return SECFailure; | |
| 126 if (hashLen) { | |
| 127 /* hashLen is non-zero when the user does a one-step verify. | |
| 128 ** In this case, none of the data has been input yet. | |
| 129 */ | |
| 130 sftk_TLSPRFHashUpdate(cx, hash, hashLen); | |
| 131 } | |
| 132 rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0); | |
| 133 if (rv == SECSuccess) { | |
| 134 rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen)); | |
| 135 } | |
| 136 PORT_ZFree(tmp, sigLen); | |
| 137 return rv; | |
| 138 } | |
| 139 | |
| 140 static void | |
| 141 sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit) | |
| 142 { | |
| 143 if (freeit) { | |
| 144 if (cx->cxBufPtr != cx->cxBuf) | |
| 145 PORT_ZFree(cx->cxBufPtr, cx->cxBufSize); | |
| 146 PORT_ZFree(cx, cx->cxSize); | |
| 147 } | |
| 148 } | |
| 149 | |
| 150 CK_RV | |
| 151 sftk_TLSPRFInit(SFTKSessionContext *context, | |
| 152 SFTKObject * key, | |
| 153 CK_KEY_TYPE key_type, | |
| 154 HASH_HashType hash_alg, | |
| 155 unsigned int out_len) | |
| 156 { | |
| 157 SFTKAttribute * keyVal; | |
| 158 TLSPRFContext * prf_cx; | |
| 159 CK_RV crv = CKR_HOST_MEMORY; | |
| 160 PRUint32 keySize; | |
| 161 PRUint32 blockSize; | |
| 162 | |
| 163 if (key_type != CKK_GENERIC_SECRET) | |
| 164 return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */ | |
| 165 | |
| 166 context->multi = PR_TRUE; | |
| 167 | |
| 168 keyVal = sftk_FindAttribute(key, CKA_VALUE); | |
| 169 keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen; | |
| 170 blockSize = keySize + sizeof(TLSPRFContext); | |
| 171 prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize); | |
| 172 if (!prf_cx) | |
| 173 goto done; | |
| 174 prf_cx->cxSize = blockSize; | |
| 175 prf_cx->cxKeyLen = keySize; | |
| 176 prf_cx->cxDataLen = 0; | |
| 177 prf_cx->cxBufSize = blockSize - SFTK_OFFSETOF(TLSPRFContext, cxBuf); | |
| 178 prf_cx->cxRv = SECSuccess; | |
| 179 prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); | |
| 180 prf_cx->cxBufPtr = prf_cx->cxBuf; | |
| 181 prf_cx->cxHashAlg = hash_alg; | |
| 182 prf_cx->cxOutLen = out_len; | |
| 183 if (keySize) | |
| 184 PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize); | |
| 185 | |
| 186 context->hashInfo = (void *) prf_cx; | |
| 187 context->cipherInfo = (void *) prf_cx; | |
| 188 context->hashUpdate = (SFTKHash) sftk_TLSPRFHashUpdate; | |
| 189 context->end = (SFTKEnd) sftk_TLSPRFEnd; | |
| 190 context->update = (SFTKCipher) sftk_TLSPRFUpdate; | |
| 191 context->verify = (SFTKVerify) sftk_TLSPRFVerify; | |
| 192 context->destroy = (SFTKDestroy) sftk_TLSPRFNull; | |
| 193 context->hashdestroy = (SFTKDestroy) sftk_TLSPRFHashDestroy; | |
| 194 crv = CKR_OK; | |
| 195 | |
| 196 done: | |
| 197 if (keyVal) | |
| 198 sftk_FreeAttribute(keyVal); | |
| 199 return crv; | |
| 200 } | |
| 201 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2078763002:
Delete bundled copy of NSS and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss@master