/src/nss/lib/freebl/alghmac.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | |
5 | | #ifdef FREEBL_NO_DEPEND |
6 | | #include "stubs.h" |
7 | | #endif |
8 | | |
9 | | #include "secport.h" |
10 | | #include "hasht.h" |
11 | | #include "blapit.h" |
12 | | #include "alghmac.h" |
13 | | #include "secerr.h" |
14 | | |
15 | | #define HMAC_PAD_SIZE HASH_BLOCK_LENGTH_MAX |
16 | | |
17 | | struct HMACContextStr { |
18 | | void *hash; |
19 | | const SECHashObject *hashobj; |
20 | | PRBool wasAllocated; |
21 | | unsigned char ipad[HMAC_PAD_SIZE]; |
22 | | unsigned char opad[HMAC_PAD_SIZE]; |
23 | | }; |
24 | | |
25 | | void |
26 | | HMAC_Destroy(HMACContext *cx, PRBool freeit) |
27 | 39.0k | { |
28 | 39.0k | if (cx == NULL) |
29 | 0 | return; |
30 | | |
31 | 39.0k | PORT_Assert(!freeit == !cx->wasAllocated); |
32 | 39.0k | if (cx->hash != NULL) { |
33 | 39.0k | cx->hashobj->destroy(cx->hash, PR_TRUE); |
34 | 39.0k | PORT_Memset(cx, 0, sizeof *cx); |
35 | 39.0k | } |
36 | 39.0k | if (freeit) |
37 | 39.0k | PORT_Free(cx); |
38 | 39.0k | } |
39 | | |
40 | | static SECStatus |
41 | | hmac_initKey(HMACContext *cx, const unsigned char *secret, |
42 | | unsigned int secret_len, PRBool isFIPS) |
43 | 39.0k | { |
44 | 39.0k | unsigned int i; |
45 | 39.0k | unsigned char hashed_secret[HASH_LENGTH_MAX]; |
46 | | |
47 | | /* required by FIPS 198 Section 3 */ |
48 | 39.0k | if (isFIPS && secret_len < cx->hashobj->length / 2) { |
49 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
50 | 0 | return SECFailure; |
51 | 0 | } |
52 | | |
53 | 39.0k | if (secret_len > cx->hashobj->blocklength) { |
54 | 6 | cx->hashobj->begin(cx->hash); |
55 | 6 | cx->hashobj->update(cx->hash, secret, secret_len); |
56 | 6 | PORT_Assert(cx->hashobj->length <= sizeof hashed_secret); |
57 | 6 | cx->hashobj->end(cx->hash, hashed_secret, &secret_len, |
58 | 6 | sizeof hashed_secret); |
59 | 6 | if (secret_len != cx->hashobj->length) { |
60 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
61 | 0 | goto loser; |
62 | 0 | } |
63 | 6 | secret = (const unsigned char *)&hashed_secret[0]; |
64 | 6 | } |
65 | | |
66 | 39.0k | PORT_Memset(cx->ipad, 0x36, cx->hashobj->blocklength); |
67 | 39.0k | PORT_Memset(cx->opad, 0x5c, cx->hashobj->blocklength); |
68 | | |
69 | | /* fold secret into padding */ |
70 | 1.03M | for (i = 0; i < secret_len; i++) { |
71 | 995k | cx->ipad[i] ^= secret[i]; |
72 | 995k | cx->opad[i] ^= secret[i]; |
73 | 995k | } |
74 | 39.0k | PORT_Memset(hashed_secret, 0, sizeof hashed_secret); |
75 | 39.0k | return SECSuccess; |
76 | | |
77 | 0 | loser: |
78 | 0 | PORT_Memset(hashed_secret, 0, sizeof hashed_secret); |
79 | 0 | return SECFailure; |
80 | 39.0k | } |
81 | | |
82 | | SECStatus |
83 | | HMAC_Init(HMACContext *cx, const SECHashObject *hash_obj, |
84 | | const unsigned char *secret, unsigned int secret_len, PRBool isFIPS) |
85 | 39.0k | { |
86 | 39.0k | SECStatus rv; |
87 | | |
88 | 39.0k | if (cx == NULL) { |
89 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
90 | 0 | return SECFailure; |
91 | 0 | } |
92 | 39.0k | cx->wasAllocated = PR_FALSE; |
93 | 39.0k | cx->hashobj = hash_obj; |
94 | 39.0k | cx->hash = cx->hashobj->create(); |
95 | 39.0k | if (cx->hash == NULL) |
96 | 0 | goto loser; |
97 | | |
98 | 39.0k | rv = hmac_initKey(cx, secret, secret_len, isFIPS); |
99 | 39.0k | if (rv != SECSuccess) |
100 | 0 | goto loser; |
101 | | |
102 | 39.0k | return rv; |
103 | 0 | loser: |
104 | 0 | if (cx->hash != NULL) |
105 | 0 | cx->hashobj->destroy(cx->hash, PR_TRUE); |
106 | 0 | return SECFailure; |
107 | 39.0k | } |
108 | | |
109 | | HMACContext * |
110 | | HMAC_Create(const SECHashObject *hash_obj, const unsigned char *secret, |
111 | | unsigned int secret_len, PRBool isFIPS) |
112 | 39.0k | { |
113 | 39.0k | SECStatus rv; |
114 | 39.0k | HMACContext *cx = PORT_ZNew(HMACContext); |
115 | 39.0k | if (cx == NULL) |
116 | 0 | return NULL; |
117 | 39.0k | rv = HMAC_Init(cx, hash_obj, secret, secret_len, isFIPS); |
118 | 39.0k | cx->wasAllocated = PR_TRUE; |
119 | 39.0k | if (rv != SECSuccess) { |
120 | 0 | PORT_Free(cx); /* contains no secret info */ |
121 | 0 | cx = NULL; |
122 | 0 | } |
123 | 39.0k | return cx; |
124 | 39.0k | } |
125 | | |
126 | | /* this allows us to reuse an existing HMACContext with a new key and |
127 | | * Hash function */ |
128 | | SECStatus |
129 | | HMAC_ReInit(HMACContext *cx, const SECHashObject *hash_obj, |
130 | | const unsigned char *secret, unsigned int secret_len, PRBool isFIPS) |
131 | 0 | { |
132 | 0 | PRBool wasAllocated; |
133 | 0 | SECStatus rv; |
134 | | |
135 | | /* if we are using the same hash, keep the hash contexts and only |
136 | | * init the key */ |
137 | 0 | if ((cx->hashobj == hash_obj) && (cx->hash != NULL)) { |
138 | 0 | return hmac_initKey(cx, secret, secret_len, isFIPS); |
139 | 0 | } |
140 | | /* otherwise we destroy the contents of the context and |
141 | | * initalize it from scratch. We need to preseve the current state |
142 | | * of wasAllocated to the final destroy works correctly */ |
143 | 0 | wasAllocated = cx->wasAllocated; |
144 | 0 | cx->wasAllocated = PR_FALSE; |
145 | 0 | HMAC_Destroy(cx, PR_FALSE); |
146 | 0 | rv = HMAC_Init(cx, hash_obj, secret, secret_len, isFIPS); |
147 | 0 | if (rv != SECSuccess) { |
148 | 0 | return rv; |
149 | 0 | } |
150 | 0 | cx->wasAllocated = wasAllocated; |
151 | 0 | return SECSuccess; |
152 | 0 | } |
153 | | |
154 | | void |
155 | | HMAC_Begin(HMACContext *cx) |
156 | 210k | { |
157 | | /* start inner hash */ |
158 | 210k | cx->hashobj->begin(cx->hash); |
159 | 210k | cx->hashobj->update(cx->hash, cx->ipad, cx->hashobj->blocklength); |
160 | 210k | } |
161 | | |
162 | | void |
163 | | HMAC_Update(HMACContext *cx, const unsigned char *data, unsigned int data_len) |
164 | 388k | { |
165 | 388k | cx->hashobj->update(cx->hash, data, data_len); |
166 | 388k | } |
167 | | |
168 | | SECStatus |
169 | | HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len, |
170 | | unsigned int max_result_len) |
171 | 201k | { |
172 | 201k | if (max_result_len < cx->hashobj->length) { |
173 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
174 | 0 | return SECFailure; |
175 | 0 | } |
176 | | |
177 | 201k | cx->hashobj->end(cx->hash, result, result_len, max_result_len); |
178 | 201k | if (*result_len != cx->hashobj->length) |
179 | 0 | return SECFailure; |
180 | | |
181 | 201k | cx->hashobj->begin(cx->hash); |
182 | 201k | cx->hashobj->update(cx->hash, cx->opad, cx->hashobj->blocklength); |
183 | 201k | cx->hashobj->update(cx->hash, result, *result_len); |
184 | 201k | cx->hashobj->end(cx->hash, result, result_len, max_result_len); |
185 | 201k | return SECSuccess; |
186 | 201k | } |
187 | | |
188 | | HMACContext * |
189 | | HMAC_Clone(HMACContext *cx) |
190 | 0 | { |
191 | 0 | HMACContext *newcx; |
192 | |
|
193 | 0 | newcx = (HMACContext *)PORT_ZAlloc(sizeof(HMACContext)); |
194 | 0 | if (newcx == NULL) |
195 | 0 | goto loser; |
196 | | |
197 | 0 | newcx->wasAllocated = PR_TRUE; |
198 | 0 | newcx->hashobj = cx->hashobj; |
199 | 0 | newcx->hash = cx->hashobj->clone(cx->hash); |
200 | 0 | if (newcx->hash == NULL) |
201 | 0 | goto loser; |
202 | 0 | PORT_Memcpy(newcx->ipad, cx->ipad, cx->hashobj->blocklength); |
203 | 0 | PORT_Memcpy(newcx->opad, cx->opad, cx->hashobj->blocklength); |
204 | 0 | return newcx; |
205 | | |
206 | 0 | loser: |
207 | 0 | HMAC_Destroy(newcx, PR_TRUE); |
208 | 0 | return NULL; |
209 | 0 | } |