RetroZilla/security/nss/lib/softoken/sftkhmac.c

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "seccomon.h"
#include "secerr.h"
#include "blapi.h"
#include "pkcs11i.h"
#include "softoken.h"
#include "hmacct.h"

/* MACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash
 * type. */
static HASH_HashType
MACMechanismToHash(CK_MECHANISM_TYPE mech)
{
    switch (mech) {
	case CKM_MD5_HMAC:
	case CKM_SSL3_MD5_MAC:
	    return HASH_AlgMD5;
	case CKM_SHA_1_HMAC:
	case CKM_SSL3_SHA1_MAC:
	    return HASH_AlgSHA1;
	case CKM_SHA224_HMAC:
	    return HASH_AlgSHA224;
	case CKM_SHA256_HMAC:
	    return HASH_AlgSHA256;
	case CKM_SHA384_HMAC:
	    return HASH_AlgSHA384;
	case CKM_SHA512_HMAC:
	    return HASH_AlgSHA512;
    }
    return HASH_AlgNULL;
}

static sftk_MACConstantTimeCtx *
SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key)
{
    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
	(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;
    sftk_MACConstantTimeCtx *ctx;
    HASH_HashType alg;
    SFTKAttribute *keyval;
    unsigned char secret[sizeof(ctx->secret)];
    unsigned int secretLength;

    if (mech->ulParameterLen != sizeof(CK_NSS_MAC_CONSTANT_TIME_PARAMS)) {
	return NULL;
    }

    alg = MACMechanismToHash(params->macAlg);
    if (alg == HASH_AlgNULL) {
	return NULL;
    }

    keyval = sftk_FindAttribute(key,CKA_VALUE);
    if (keyval == NULL) {
	return NULL;
    }
    secretLength = keyval->attrib.ulValueLen;
    if (secretLength > sizeof(secret)) {
	sftk_FreeAttribute(keyval);
	return NULL;
    }
    memcpy(secret, keyval->attrib.pValue, secretLength);
    sftk_FreeAttribute(keyval);

    ctx = PORT_Alloc(sizeof(sftk_MACConstantTimeCtx));
    if (!ctx) {
	return NULL;
    }

    memcpy(ctx->secret, secret, secretLength);
    ctx->secretLength = secretLength;
    ctx->hash = HASH_GetRawHashObject(alg);
    ctx->totalLength = params->ulBodyTotalLen;

    return ctx;
}

sftk_MACConstantTimeCtx *
sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)
{
    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
	(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;
    sftk_MACConstantTimeCtx *ctx;

    if (params->ulHeaderLen > sizeof(ctx->header)) {
	return NULL;
    }
    ctx = SetupMAC(mech, key);
    if (!ctx) {
	return NULL;
    }

    ctx->headerLength = params->ulHeaderLen;
    memcpy(ctx->header, params->pHeader, params->ulHeaderLen);
    return ctx;
}

sftk_MACConstantTimeCtx *
sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)
{
    CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =
	(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;
    unsigned int padLength = 40, j;
    sftk_MACConstantTimeCtx *ctx;

    if (params->macAlg != CKM_SSL3_MD5_MAC &&
	params->macAlg != CKM_SSL3_SHA1_MAC) {
	return NULL;
    }
    ctx = SetupMAC(mech, key);
    if (!ctx) {
	return NULL;
    }

    if (params->macAlg == CKM_SSL3_MD5_MAC) {
	padLength = 48;
    }

    ctx->headerLength =
	ctx->secretLength +
	padLength +
	params->ulHeaderLen;

    if (ctx->headerLength > sizeof(ctx->header)) {
	goto loser;
    }

    j = 0;
    memcpy(&ctx->header[j], ctx->secret, ctx->secretLength);
    j += ctx->secretLength;
    memset(&ctx->header[j], 0x36, padLength);
    j += padLength;
    memcpy(&ctx->header[j], params->pHeader, params->ulHeaderLen);

    return ctx;

loser:
    PORT_Free(ctx);
    return NULL;
}

void
sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len)
{
    sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx;
    PORT_CheckSuccess(HMAC_ConstantTime(
	ctx->mac, NULL, sizeof(ctx->mac),
	ctx->hash,
	ctx->secret, ctx->secretLength,
	ctx->header, ctx->headerLength,
	data, len,
	ctx->totalLength));
}

void
sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len)
{
    sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx;
    PORT_CheckSuccess(SSLv3_MAC_ConstantTime(
	ctx->mac, NULL, sizeof(ctx->mac),
	ctx->hash,
	ctx->secret, ctx->secretLength,
	ctx->header, ctx->headerLength,
	data, len,
	ctx->totalLength));
}

void
sftk_MACConstantTime_EndHash(void *pctx, void *out, unsigned int *outLength,
			     unsigned int maxLength)
{
    const sftk_MACConstantTimeCtx *ctx = (sftk_MACConstantTimeCtx *) pctx;
    unsigned int toCopy = ctx->hash->length;
    if (toCopy > maxLength) {
	toCopy = maxLength;
    }
    memcpy(out, ctx->mac, toCopy);
    if (outLength) {
	*outLength = toCopy;
    }
}

void
sftk_MACConstantTime_DestroyContext(void *pctx, PRBool free)
{
    PORT_Free(pctx);
}
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`/* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at http://mozilla.org/MPL/2.0/. */`

			`#include "seccomon.h"`
			`#include "secerr.h"`
			`#include "blapi.h"`
			`#include "pkcs11i.h"`
			`#include "softoken.h"`
			`#include "hmacct.h"`

			`/* MACMechanismToHash converts a PKCS#11 MAC mechanism into a freebl hash`
			`* type. */`
			`static HASH_HashType`
			`MACMechanismToHash(CK_MECHANISM_TYPE mech)`
			`{`
			`switch (mech) {`
			`case CKM_MD5_HMAC:`
			`case CKM_SSL3_MD5_MAC:`
			`return HASH_AlgMD5;`
			`case CKM_SHA_1_HMAC:`
			`case CKM_SSL3_SHA1_MAC:`
			`return HASH_AlgSHA1;`
			`case CKM_SHA224_HMAC:`
			`return HASH_AlgSHA224;`
			`case CKM_SHA256_HMAC:`
			`return HASH_AlgSHA256;`
			`case CKM_SHA384_HMAC:`
			`return HASH_AlgSHA384;`
			`case CKM_SHA512_HMAC:`
			`return HASH_AlgSHA512;`
			`}`
			`return HASH_AlgNULL;`
			`}`

			`static sftk_MACConstantTimeCtx *`
			`SetupMAC(CK_MECHANISM_PTR mech, SFTKObject *key)`
			`{`
			`CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =`
			`(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;`
			`sftk_MACConstantTimeCtx *ctx;`
			`HASH_HashType alg;`
			`SFTKAttribute *keyval;`
			`unsigned char secret[sizeof(ctx->secret)];`
			`unsigned int secretLength;`

			`if (mech->ulParameterLen != sizeof(CK_NSS_MAC_CONSTANT_TIME_PARAMS)) {`
			`return NULL;`
			`}`

			`alg = MACMechanismToHash(params->macAlg);`
			`if (alg == HASH_AlgNULL) {`
			`return NULL;`
			`}`

			`keyval = sftk_FindAttribute(key,CKA_VALUE);`
			`if (keyval == NULL) {`
			`return NULL;`
			`}`
			`secretLength = keyval->attrib.ulValueLen;`
			`if (secretLength > sizeof(secret)) {`
			`sftk_FreeAttribute(keyval);`
			`return NULL;`
			`}`
			`memcpy(secret, keyval->attrib.pValue, secretLength);`
			`sftk_FreeAttribute(keyval);`

			`ctx = PORT_Alloc(sizeof(sftk_MACConstantTimeCtx));`
			`if (!ctx) {`
			`return NULL;`
			`}`

			`memcpy(ctx->secret, secret, secretLength);`
			`ctx->secretLength = secretLength;`
			`ctx->hash = HASH_GetRawHashObject(alg);`
			`ctx->totalLength = params->ulBodyTotalLen;`

			`return ctx;`
			`}`

			`sftk_MACConstantTimeCtx *`
			`sftk_HMACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)`
			`{`
			`CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =`
			`(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;`
			`sftk_MACConstantTimeCtx *ctx;`

			`if (params->ulHeaderLen > sizeof(ctx->header)) {`
			`return NULL;`
			`}`
			`ctx = SetupMAC(mech, key);`
			`if (!ctx) {`
			`return NULL;`
			`}`

			`ctx->headerLength = params->ulHeaderLen;`
			`memcpy(ctx->header, params->pHeader, params->ulHeaderLen);`
			`return ctx;`
			`}`

			`sftk_MACConstantTimeCtx *`
			`sftk_SSLv3MACConstantTime_New(CK_MECHANISM_PTR mech, SFTKObject *key)`
			`{`
			`CK_NSS_MAC_CONSTANT_TIME_PARAMS *params =`
			`(CK_NSS_MAC_CONSTANT_TIME_PARAMS *) mech->pParameter;`
			`unsigned int padLength = 40, j;`
			`sftk_MACConstantTimeCtx *ctx;`

			`if (params->macAlg != CKM_SSL3_MD5_MAC &&`
			`params->macAlg != CKM_SSL3_SHA1_MAC) {`
			`return NULL;`
			`}`
			`ctx = SetupMAC(mech, key);`
			`if (!ctx) {`
			`return NULL;`
			`}`

			`if (params->macAlg == CKM_SSL3_MD5_MAC) {`
			`padLength = 48;`
			`}`

			`ctx->headerLength =`
			`ctx->secretLength +`
			`padLength +`
			`params->ulHeaderLen;`

			`if (ctx->headerLength > sizeof(ctx->header)) {`
			`goto loser;`
			`}`

			`j = 0;`
			`memcpy(&ctx->header[j], ctx->secret, ctx->secretLength);`
			`j += ctx->secretLength;`
			`memset(&ctx->header[j], 0x36, padLength);`
			`j += padLength;`
			`memcpy(&ctx->header[j], params->pHeader, params->ulHeaderLen);`

			`return ctx;`

			`loser:`
			`PORT_Free(ctx);`
			`return NULL;`
			`}`

			`void`
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20): bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796 2018-07-12 15:44:51 +02:00			`sftk_HMACConstantTime_Update(void pctx, const void data, unsigned int len)`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`{`
			`sftk_MACConstantTimeCtx ctx = (sftk_MACConstantTimeCtx ) pctx;`
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20): bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796 2018-07-12 15:44:51 +02:00			`PORT_CheckSuccess(HMAC_ConstantTime(`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ctx->mac, NULL, sizeof(ctx->mac),`
			`ctx->hash,`
			`ctx->secret, ctx->secretLength,`
			`ctx->header, ctx->headerLength,`
			`data, len,`
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20): bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796 2018-07-12 15:44:51 +02:00			`ctx->totalLength));`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`}`

			`void`
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20): bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796 2018-07-12 15:44:51 +02:00			`sftk_SSLv3MACConstantTime_Update(void pctx, const void data, unsigned int len)`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`{`
			`sftk_MACConstantTimeCtx ctx = (sftk_MACConstantTimeCtx ) pctx;`
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20): bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796 2018-07-12 15:44:51 +02:00			`PORT_CheckSuccess(SSLv3_MAC_ConstantTime(`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`ctx->mac, NULL, sizeof(ctx->mac),`
			`ctx->hash,`
			`ctx->secret, ctx->secretLength,`
			`ctx->header, ctx->headerLength,`
			`data, len,`
cherry-picked mozilla NSS upstream changes (to rev bad5fd065fa1, which is on par with 3.20): bug1001332, 56b691c003ad, bug1086145, bug1054069, bug1155922, bug991783, bug1125025, bug1162521, bug1162644, bug1132941, bug1164364, bug1166205, bug1166163, bug1166515, bug1138554, bug1167046, bug1167043, bug1169451, bug1172128, bug1170322, bug102794, bug1128184, bug557830, bug1174648, bug1180244, bug1177784, bug1173413, bug1169174, bug1084669, bug951455, bug1183395, bug1177430, bug1183827, bug1160139, bug1154106, bug1142209, bug1185033, bug1193467, bug1182667(with sha512 changes backed out, which breaks VC6 compilation), bug1158489, bug337796 2018-07-12 15:44:51 +02:00			`ctx->totalLength));`
NSS: update to 3.15.5 2018-05-04 16:08:28 +02:00			`}`

			`void`
			`sftk_MACConstantTime_EndHash(void pctx, void out, unsigned int *outLength,`
			`unsigned int maxLength)`
			`{`
			`const sftk_MACConstantTimeCtx ctx = (sftk_MACConstantTimeCtx ) pctx;`
			`unsigned int toCopy = ctx->hash->length;`
			`if (toCopy > maxLength) {`
			`toCopy = maxLength;`
			`}`
			`memcpy(out, ctx->mac, toCopy);`
			`if (outLength) {`
			`*outLength = toCopy;`
			`}`
			`}`

			`void`
			`sftk_MACConstantTime_DestroyContext(void *pctx, PRBool free)`
			`{`
			`PORT_Free(pctx);`
			`}`