1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "seccomon.h"
#include "secerr.h"
#include "blapi.h"
#include "pkcs11i.h"
#include "softoken.h"
#include "hmacct.h"
/* MACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash
* type. */
static HASH_HashType
MACMechanismToHash(CK_MECHANISM_TYPE mech)
{
switch (mech) {
case CKM_MD5_HMAC:
case CKM_SSL3_MD5_MAC:
return HASH_AlgMD5;
case CKM_SHA_1_HMAC:
case CKM_SSL3_SHA1_MAC:
return HASH_AlgSHA1;
case CKM_SHA224_HMAC:
return HASH_AlgSHA224;
case CKM_SHA256_HMAC:
return HASH_AlgSHA256;
case CKM_SHA384_HMAC:
return HASH_AlgSHA384;
case CKM_SHA512_HMAC:
return HASH_AlgSHA512;
}
return HASH_AlgNULL;
}
static sftk_MACConstantTimeCtx *
SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key)
{
CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
(CK_NSS_MAC_CONSTANT_TIME_PARAMS *)mech->pParameter;
sftk_MACConstantTimeCtx *ctx;
HASH_HashType alg;
SFTKAttribute *keyval;
unsigned char secret[sizeof(ctx->secret)];
unsigned int secretLength;
if (mech->ulParameterLen != sizeof(CK_NSS_MAC_CONSTANT_TIME_PARAMS)) {
return NULL;
}
alg = MACMechanismToHash(params->macAlg);
if (alg == HASH_AlgNULL) {
return NULL;
}
keyval = sftk_FindAttribute(key, CKA_VALUE);
if (keyval == NULL) {
return NULL;
}
secretLength = keyval->attrib.ulValueLen;
if (secretLength > sizeof(secret)) {
sftk_FreeAttribute(keyval);
return NULL;
}
memcpy(secret, keyval->attrib.pValue, secretLength);
sftk_FreeAttribute(keyval);
ctx = PORT_Alloc(sizeof(sftk_MACConstantTimeCtx));
if (!ctx) {
return NULL;
}
memcpy(ctx->secret, secret, secretLength);
ctx->secretLength = secretLength;
ctx->hash = HASH_GetRawHashObject(alg);
ctx->totalLength = params->ulBodyTotalLen;
return ctx;
}
sftk_MACConstantTimeCtx *
sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)
{
CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
(CK_NSS_MAC_CONSTANT_TIME_PARAMS *)mech->pParameter;
sftk_MACConstantTimeCtx *ctx;
if (params->ulHeaderLen > sizeof(ctx->header)) {
return NULL;
}
ctx = SetupMAC(mech, key);
if (!ctx) {
return NULL;
}
ctx->headerLength = params->ulHeaderLen;
memcpy(ctx->header, params->pHeader, params->ulHeaderLen);
return ctx;
}
sftk_MACConstantTimeCtx *
sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)
{
CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
(CK_NSS_MAC_CONSTANT_TIME_PARAMS *)mech->pParameter;
unsigned int padLength = 40, j;
sftk_MACConstantTimeCtx *ctx;
if (params->macAlg != CKM_SSL3_MD5_MAC &&
params->macAlg != CKM_SSL3_SHA1_MAC) {
return NULL;
}
ctx = SetupMAC(mech, key);
if (!ctx) {
return NULL;
}
if (params->macAlg == CKM_SSL3_MD5_MAC) {
padLength = 48;
}
ctx->headerLength =
ctx->secretLength +
padLength +
params->ulHeaderLen;
if (ctx->headerLength > sizeof(ctx->header)) {
goto loser;
}
j = 0;
memcpy(&ctx->header[j], ctx->secret, ctx->secretLength);
j += ctx->secretLength;
memset(&ctx->header[j], 0x36, padLength);
j += padLength;
memcpy(&ctx->header[j], params->pHeader, params->ulHeaderLen);
return ctx;
loser:
PORT_Free(ctx);
return NULL;
}
void
sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len)
{
sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *)pctx;
PORT_CheckSuccess(HMAC_ConstantTime(
ctx->mac, NULL, sizeof(ctx->mac),
ctx->hash,
ctx->secret, ctx->secretLength,
ctx->header, ctx->headerLength,
data, len,
ctx->totalLength));
}
void
sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len)
{
sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *)pctx;
PORT_CheckSuccess(SSLv3_MAC_ConstantTime(
ctx->mac, NULL, sizeof(ctx->mac),
ctx->hash,
ctx->secret, ctx->secretLength,
ctx->header, ctx->headerLength,
data, len,
ctx->totalLength));
}
void
sftk_MACConstantTime_EndHash(void *pctx, void *out, unsigned int *outLength,
unsigned int maxLength)
{
const sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *)pctx;
unsigned int toCopy = ctx->hash->length;
if (toCopy > maxLength) {
toCopy = maxLength;
}
memcpy(out, ctx->mac, toCopy);
if (outLength) {
*outLength = toCopy;
}
}
void
sftk_MACConstantTime_DestroyContext(void *pctx, PRBool free)
{
PORT_Free(pctx);
}
|