Coverage Report

Created: 2024-11-21 07:03

/src/nss-nspr/nss/lib/softoken/tlsprf.c
Line
Count
Source (jump to first uncovered line)
1
/* tlsprf.c - TLS Pseudo Random Function (PRF) implementation
2
 *
3
 * This Source Code Form is subject to the terms of the Mozilla Public
4
 * License, v. 2.0. If a copy of the MPL was not distributed with this
5
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6
7
#include "pkcs11i.h"
8
#include "blapi.h"
9
#include "secerr.h"
10
11
static void
12
sftk_TLSPRFNull(void *data, PRBool freeit)
13
0
{
14
0
    return;
15
0
}
16
17
typedef struct {
18
    PRUint32 cxSize;          /* size of allocated block, in bytes.        */
19
    PRUint32 cxBufSize;       /* sizeof buffer at cxBufPtr.                */
20
    unsigned char *cxBufPtr;  /* points to real buffer, may be cxBuf.      */
21
    PRUint32 cxKeyLen;        /* bytes of cxBufPtr containing key.         */
22
    PRUint32 cxDataLen;       /* bytes of cxBufPtr containing data.        */
23
    SECStatus cxRv;           /* records failure of void functions.        */
24
    PRBool cxIsFIPS;          /* true if conforming to FIPS 198.           */
25
    HASH_HashType cxHashAlg;  /* hash algorithm to use for TLS 1.2+        */
26
    unsigned int cxOutLen;    /* bytes of output if nonzero                */
27
    unsigned char cxBuf[512]; /* actual size may be larger than 512.       */
28
} TLSPRFContext;
29
30
static void
31
sftk_TLSPRFHashUpdate(void *ctx, const unsigned char *data,
32
                      unsigned int data_len)
33
0
{
34
0
    TLSPRFContext *cx = ctx;
35
0
    PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen;
36
37
0
    if (cx->cxRv != SECSuccess) /* function has previously failed. */
38
0
        return;
39
0
    if (bytesUsed + data_len > cx->cxBufSize) {
40
        /* We don't use realloc here because
41
        ** (a) realloc doesn't zero out the old block, and
42
        ** (b) if realloc fails, we lose the old block.
43
        */
44
0
        PRUint32 newBufSize = bytesUsed + data_len + 512;
45
0
        unsigned char *newBuf = (unsigned char *)PORT_Alloc(newBufSize);
46
0
        if (!newBuf) {
47
0
            cx->cxRv = SECFailure;
48
0
            return;
49
0
        }
50
0
        PORT_Memcpy(newBuf, cx->cxBufPtr, bytesUsed);
51
0
        if (cx->cxBufPtr != cx->cxBuf) {
52
0
            PORT_ZFree(cx->cxBufPtr, bytesUsed);
53
0
        }
54
0
        cx->cxBufPtr = newBuf;
55
0
        cx->cxBufSize = newBufSize;
56
0
    }
57
0
    PORT_Memcpy(cx->cxBufPtr + bytesUsed, data, data_len);
58
0
    cx->cxDataLen += data_len;
59
0
}
60
61
static void
62
sftk_TLSPRFEnd(void *ctx, unsigned char *hashout,
63
               unsigned int *pDigestLen, unsigned int maxDigestLen)
64
0
{
65
0
    *pDigestLen = 0; /* tells Verify that no data has been input yet. */
66
0
}
67
68
/* Compute the PRF values from the data previously input. */
69
static SECStatus
70
sftk_TLSPRFUpdate(void *ctx,
71
                  unsigned char *sig,        /* output goes here. */
72
                  unsigned int *sigLen,      /* how much output.  */
73
                  unsigned int maxLen,       /* output buffer size */
74
                  const unsigned char *hash, /* unused. */
75
                  unsigned int hashLen)      /* unused. */
76
0
{
77
0
    TLSPRFContext *cx = ctx;
78
0
    SECStatus rv;
79
0
    SECItem sigItem;
80
0
    SECItem seedItem;
81
0
    SECItem secretItem;
82
83
0
    if (cx->cxRv != SECSuccess)
84
0
        return cx->cxRv;
85
86
0
    secretItem.data = cx->cxBufPtr;
87
0
    secretItem.len = cx->cxKeyLen;
88
89
0
    seedItem.data = cx->cxBufPtr + cx->cxKeyLen;
90
0
    seedItem.len = cx->cxDataLen;
91
92
0
    sigItem.data = sig;
93
0
    if (cx->cxOutLen == 0) {
94
0
        sigItem.len = maxLen;
95
0
    } else if (cx->cxOutLen <= maxLen) {
96
0
        sigItem.len = cx->cxOutLen;
97
0
    } else {
98
0
        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
99
0
        return SECFailure;
100
0
    }
101
102
0
    if (cx->cxHashAlg != HASH_AlgNULL) {
103
0
        rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem,
104
0
                        cx->cxIsFIPS);
105
0
    } else {
106
0
        rv = TLS_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS);
107
0
    }
108
0
    if (rv == SECSuccess && sigLen != NULL)
109
0
        *sigLen = sigItem.len;
110
0
    return rv;
111
0
}
112
113
static SECStatus
114
sftk_TLSPRFVerify(void *ctx,
115
                  const unsigned char *sig,  /* input, for comparison. */
116
                  unsigned int sigLen,       /* length of sig.         */
117
                  const unsigned char *hash, /* data to be verified.   */
118
                  unsigned int hashLen)      /* size of hash data.     */
119
0
{
120
0
    TLSPRFContext *cx = ctx;
121
0
    unsigned char *tmp = (unsigned char *)PORT_Alloc(sigLen);
122
0
    unsigned int tmpLen = sigLen;
123
0
    SECStatus rv;
124
125
0
    if (!tmp)
126
0
        return SECFailure;
127
0
    if (hashLen) {
128
        /* hashLen is non-zero when the user does a one-step verify.
129
        ** In this case, none of the data has been input yet.
130
        */
131
0
        sftk_TLSPRFHashUpdate(cx, hash, hashLen);
132
0
    }
133
0
    rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
134
0
    if (rv == SECSuccess) {
135
0
        rv = (SECStatus)(1 - !NSS_SecureMemcmp(tmp, sig, sigLen));
136
0
    }
137
0
    PORT_ZFree(tmp, sigLen);
138
0
    return rv;
139
0
}
140
141
static void
142
sftk_TLSPRFHashDestroy(void *ctx, PRBool freeit)
143
0
{
144
0
    TLSPRFContext *cx = ctx;
145
0
    if (freeit) {
146
0
        if (cx->cxBufPtr != cx->cxBuf)
147
0
            PORT_ZFree(cx->cxBufPtr, cx->cxBufSize);
148
0
        PORT_ZFree(cx, cx->cxSize);
149
0
    }
150
0
}
151
152
CK_RV
153
sftk_TLSPRFInit(SFTKSessionContext *context,
154
                SFTKObject *key,
155
                CK_KEY_TYPE key_type,
156
                HASH_HashType hash_alg,
157
                unsigned int out_len)
158
0
{
159
0
    SFTKAttribute *keyVal;
160
0
    TLSPRFContext *prf_cx;
161
0
    CK_RV crv = CKR_HOST_MEMORY;
162
0
    PRUint32 keySize;
163
0
    PRUint32 blockSize;
164
165
0
    if (key_type != CKK_GENERIC_SECRET)
166
0
        return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */
167
168
0
    context->multi = PR_TRUE;
169
170
0
    keyVal = sftk_FindAttribute(key, CKA_VALUE);
171
0
    keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen;
172
0
    blockSize = keySize + sizeof(TLSPRFContext);
173
0
    prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize);
174
0
    if (!prf_cx)
175
0
        goto done;
176
0
    prf_cx->cxSize = blockSize;
177
0
    prf_cx->cxKeyLen = keySize;
178
0
    prf_cx->cxDataLen = 0;
179
0
    prf_cx->cxBufSize = blockSize - offsetof(TLSPRFContext, cxBuf);
180
0
    prf_cx->cxRv = SECSuccess;
181
0
    prf_cx->cxIsFIPS = sftk_isFIPS(key->slot->slotID);
182
0
    prf_cx->cxBufPtr = prf_cx->cxBuf;
183
0
    prf_cx->cxHashAlg = hash_alg;
184
0
    prf_cx->cxOutLen = out_len;
185
0
    if (keySize)
186
0
        PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize);
187
188
0
    context->hashInfo = (void *)prf_cx;
189
0
    context->cipherInfo = (void *)prf_cx;
190
0
    context->hashUpdate = sftk_TLSPRFHashUpdate;
191
0
    context->end = sftk_TLSPRFEnd;
192
0
    context->update = sftk_TLSPRFUpdate;
193
0
    context->verify = sftk_TLSPRFVerify;
194
0
    context->destroy = sftk_TLSPRFNull;
195
0
    context->hashdestroy = sftk_TLSPRFHashDestroy;
196
0
    crv = CKR_OK;
197
198
0
done:
199
0
    if (keyVal)
200
0
        sftk_FreeAttribute(keyVal);
201
0
    return crv;
202
0
}