diff options
Diffstat (limited to 'nss/lib/softoken/tlsprf.c')
-rw-r--r-- | nss/lib/softoken/tlsprf.c | 205 |
1 files changed, 101 insertions, 104 deletions
diff --git a/nss/lib/softoken/tlsprf.c b/nss/lib/softoken/tlsprf.c index 0ebad60..05e2468 100644 --- a/nss/lib/softoken/tlsprf.c +++ b/nss/lib/softoken/tlsprf.c @@ -8,71 +8,70 @@ #include "blapi.h" #include "secerr.h" -#define SFTK_OFFSETOF(str, memb) ((PRPtrdiff)(&(((str *)0)->memb))) - -static void sftk_TLSPRFNull(void *data, PRBool freeit) +static void +sftk_TLSPRFNull(void *data, PRBool freeit) { return; -} +} typedef struct { - PRUint32 cxSize; /* size of allocated block, in bytes. */ - PRUint32 cxBufSize; /* sizeof buffer at cxBufPtr. */ - unsigned char *cxBufPtr; /* points to real buffer, may be cxBuf. */ - PRUint32 cxKeyLen; /* bytes of cxBufPtr containing key. */ - PRUint32 cxDataLen; /* bytes of cxBufPtr containing data. */ - SECStatus cxRv; /* records failure of void functions. */ - PRBool cxIsFIPS; /* true if conforming to FIPS 198. */ - HASH_HashType cxHashAlg; /* hash algorithm to use for TLS 1.2+ */ - unsigned int cxOutLen; /* bytes of output if nonzero */ - unsigned char cxBuf[512]; /* actual size may be larger than 512. */ + PRUint32 cxSize; /* size of allocated block, in bytes. */ + PRUint32 cxBufSize; /* sizeof buffer at cxBufPtr. */ + unsigned char *cxBufPtr; /* points to real buffer, may be cxBuf. */ + PRUint32 cxKeyLen; /* bytes of cxBufPtr containing key. */ + PRUint32 cxDataLen; /* bytes of cxBufPtr containing data. */ + SECStatus cxRv; /* records failure of void functions. */ + PRBool cxIsFIPS; /* true if conforming to FIPS 198. */ + HASH_HashType cxHashAlg; /* hash algorithm to use for TLS 1.2+ */ + unsigned int cxOutLen; /* bytes of output if nonzero */ + unsigned char cxBuf[512]; /* actual size may be larger than 512. */ } TLSPRFContext; static void -sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, - unsigned int data_len) +sftk_TLSPRFHashUpdate(TLSPRFContext *cx, const unsigned char *data, + unsigned int data_len) { PRUint32 bytesUsed = cx->cxKeyLen + cx->cxDataLen; - if (cx->cxRv != SECSuccess) /* function has previously failed. */ - return; + if (cx->cxRv != SECSuccess) /* function has previously failed. */ + return; if (bytesUsed + data_len > cx->cxBufSize) { - /* We don't use realloc here because - ** (a) realloc doesn't zero out the old block, and - ** (b) if realloc fails, we lose the old block. - */ - PRUint32 newBufSize = bytesUsed + data_len + 512; - unsigned char * newBuf = (unsigned char *)PORT_Alloc(newBufSize); - if (!newBuf) { - cx->cxRv = SECFailure; - return; - } - PORT_Memcpy(newBuf, cx->cxBufPtr, bytesUsed); - if (cx->cxBufPtr != cx->cxBuf) { - PORT_ZFree(cx->cxBufPtr, bytesUsed); - } - cx->cxBufPtr = newBuf; - cx->cxBufSize = newBufSize; + /* We don't use realloc here because + ** (a) realloc doesn't zero out the old block, and + ** (b) if realloc fails, we lose the old block. + */ + PRUint32 newBufSize = bytesUsed + data_len + 512; + unsigned char *newBuf = (unsigned char *)PORT_Alloc(newBufSize); + if (!newBuf) { + cx->cxRv = SECFailure; + return; + } + PORT_Memcpy(newBuf, cx->cxBufPtr, bytesUsed); + if (cx->cxBufPtr != cx->cxBuf) { + PORT_ZFree(cx->cxBufPtr, bytesUsed); + } + cx->cxBufPtr = newBuf; + cx->cxBufSize = newBufSize; } PORT_Memcpy(cx->cxBufPtr + bytesUsed, data, data_len); cx->cxDataLen += data_len; } -static void +static void sftk_TLSPRFEnd(TLSPRFContext *ctx, unsigned char *hashout, - unsigned int *pDigestLen, unsigned int maxDigestLen) + unsigned int *pDigestLen, unsigned int maxDigestLen) { *pDigestLen = 0; /* tells Verify that no data has been input yet. */ } /* Compute the PRF values from the data previously input. */ static SECStatus -sftk_TLSPRFUpdate(TLSPRFContext *cx, - unsigned char *sig, /* output goes here. */ - unsigned int * sigLen, /* how much output. */ - unsigned int maxLen, /* output buffer size */ - unsigned char *hash, /* unused. */ - unsigned int hashLen) /* unused. */ +sftk_TLSPRFUpdate(TLSPRFContext *cx, + unsigned char *sig, /* output goes here. */ + unsigned int *sigLen, /* how much output. */ + unsigned int maxLen, /* output buffer size */ + unsigned char *hash, /* unused. */ + unsigned int hashLen) /* unused. */ { SECStatus rv; SECItem sigItem; @@ -80,58 +79,57 @@ sftk_TLSPRFUpdate(TLSPRFContext *cx, SECItem secretItem; if (cx->cxRv != SECSuccess) - return cx->cxRv; + return cx->cxRv; secretItem.data = cx->cxBufPtr; - secretItem.len = cx->cxKeyLen; + secretItem.len = cx->cxKeyLen; seedItem.data = cx->cxBufPtr + cx->cxKeyLen; - seedItem.len = cx->cxDataLen; + seedItem.len = cx->cxDataLen; sigItem.data = sig; if (cx->cxOutLen == 0) { - sigItem.len = maxLen; + sigItem.len = maxLen; } else if (cx->cxOutLen <= maxLen) { - sigItem.len = cx->cxOutLen; + sigItem.len = cx->cxOutLen; } else { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); - return SECFailure; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; } if (cx->cxHashAlg != HASH_AlgNULL) { - rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem, - cx->cxIsFIPS); + rv = TLS_P_hash(cx->cxHashAlg, &secretItem, NULL, &seedItem, &sigItem, + cx->cxIsFIPS); } else { - rv = TLS_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS); + rv = TLS_PRF(&secretItem, NULL, &seedItem, &sigItem, cx->cxIsFIPS); } if (rv == SECSuccess && sigLen != NULL) - *sigLen = sigItem.len; + *sigLen = sigItem.len; return rv; - } static SECStatus -sftk_TLSPRFVerify(TLSPRFContext *cx, - unsigned char *sig, /* input, for comparison. */ - unsigned int sigLen, /* length of sig. */ - unsigned char *hash, /* data to be verified. */ - unsigned int hashLen) /* size of hash data. */ +sftk_TLSPRFVerify(TLSPRFContext *cx, + unsigned char *sig, /* input, for comparison. */ + unsigned int sigLen, /* length of sig. */ + unsigned char *hash, /* data to be verified. */ + unsigned int hashLen) /* size of hash data. */ { - unsigned char * tmp = (unsigned char *)PORT_Alloc(sigLen); - unsigned int tmpLen = sigLen; - SECStatus rv; + unsigned char *tmp = (unsigned char *)PORT_Alloc(sigLen); + unsigned int tmpLen = sigLen; + SECStatus rv; if (!tmp) - return SECFailure; + return SECFailure; if (hashLen) { - /* hashLen is non-zero when the user does a one-step verify. - ** In this case, none of the data has been input yet. - */ - sftk_TLSPRFHashUpdate(cx, hash, hashLen); + /* hashLen is non-zero when the user does a one-step verify. + ** In this case, none of the data has been input yet. + */ + sftk_TLSPRFHashUpdate(cx, hash, hashLen); } rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0); if (rv == SECSuccess) { - rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen)); + rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen)); } PORT_ZFree(tmp, sigLen); return rv; @@ -141,27 +139,27 @@ static void sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit) { if (freeit) { - if (cx->cxBufPtr != cx->cxBuf) - PORT_ZFree(cx->cxBufPtr, cx->cxBufSize); - PORT_ZFree(cx, cx->cxSize); + if (cx->cxBufPtr != cx->cxBuf) + PORT_ZFree(cx->cxBufPtr, cx->cxBufSize); + PORT_ZFree(cx, cx->cxSize); } } CK_RV -sftk_TLSPRFInit(SFTKSessionContext *context, - SFTKObject * key, - CK_KEY_TYPE key_type, - HASH_HashType hash_alg, - unsigned int out_len) +sftk_TLSPRFInit(SFTKSessionContext *context, + SFTKObject *key, + CK_KEY_TYPE key_type, + HASH_HashType hash_alg, + unsigned int out_len) { - SFTKAttribute * keyVal; - TLSPRFContext * prf_cx; - CK_RV crv = CKR_HOST_MEMORY; - PRUint32 keySize; - PRUint32 blockSize; + SFTKAttribute *keyVal; + TLSPRFContext *prf_cx; + CK_RV crv = CKR_HOST_MEMORY; + PRUint32 keySize; + PRUint32 blockSize; if (key_type != CKK_GENERIC_SECRET) - return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */ + return CKR_KEY_TYPE_INCONSISTENT; /* CKR_KEY_FUNCTION_NOT_PERMITTED */ context->multi = PR_TRUE; @@ -169,33 +167,32 @@ sftk_TLSPRFInit(SFTKSessionContext *context, keySize = (!keyVal) ? 0 : keyVal->attrib.ulValueLen; blockSize = keySize + sizeof(TLSPRFContext); prf_cx = (TLSPRFContext *)PORT_Alloc(blockSize); - if (!prf_cx) - goto done; - prf_cx->cxSize = blockSize; - prf_cx->cxKeyLen = keySize; + if (!prf_cx) + goto done; + prf_cx->cxSize = blockSize; + prf_cx->cxKeyLen = keySize; prf_cx->cxDataLen = 0; - prf_cx->cxBufSize = blockSize - SFTK_OFFSETOF(TLSPRFContext, cxBuf); - prf_cx->cxRv = SECSuccess; - prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); - prf_cx->cxBufPtr = prf_cx->cxBuf; + prf_cx->cxBufSize = blockSize - offsetof(TLSPRFContext, cxBuf); + prf_cx->cxRv = SECSuccess; + prf_cx->cxIsFIPS = (key->slot->slotID == FIPS_SLOT_ID); + prf_cx->cxBufPtr = prf_cx->cxBuf; prf_cx->cxHashAlg = hash_alg; - prf_cx->cxOutLen = out_len; + prf_cx->cxOutLen = out_len; if (keySize) - PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize); - - context->hashInfo = (void *) prf_cx; - context->cipherInfo = (void *) prf_cx; - context->hashUpdate = (SFTKHash) sftk_TLSPRFHashUpdate; - context->end = (SFTKEnd) sftk_TLSPRFEnd; - context->update = (SFTKCipher) sftk_TLSPRFUpdate; - context->verify = (SFTKVerify) sftk_TLSPRFVerify; - context->destroy = (SFTKDestroy) sftk_TLSPRFNull; - context->hashdestroy = (SFTKDestroy) sftk_TLSPRFHashDestroy; + PORT_Memcpy(prf_cx->cxBufPtr, keyVal->attrib.pValue, keySize); + + context->hashInfo = (void *)prf_cx; + context->cipherInfo = (void *)prf_cx; + context->hashUpdate = (SFTKHash)sftk_TLSPRFHashUpdate; + context->end = (SFTKEnd)sftk_TLSPRFEnd; + context->update = (SFTKCipher)sftk_TLSPRFUpdate; + context->verify = (SFTKVerify)sftk_TLSPRFVerify; + context->destroy = (SFTKDestroy)sftk_TLSPRFNull; + context->hashdestroy = (SFTKDestroy)sftk_TLSPRFHashDestroy; crv = CKR_OK; done: - if (keyVal) - sftk_FreeAttribute(keyVal); + if (keyVal) + sftk_FreeAttribute(keyVal); return crv; } - |