summaryrefslogtreecommitdiff
path: root/src/nss/hmac.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/nss/hmac.c')
-rw-r--r--src/nss/hmac.c189
1 files changed, 99 insertions, 90 deletions
diff --git a/src/nss/hmac.c b/src/nss/hmac.c
index 79fbf40d..e25b1e61 100644
--- a/src/nss/hmac.c
+++ b/src/nss/hmac.c
@@ -1,5 +1,6 @@
-/**
- * XMLSec library
+/*
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
@@ -7,6 +8,13 @@
* Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved.
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
+/**
+ * SECTION:hmac
+ * @Short_description: HMAC transforms implementation for NSS.
+ * @Stability: Private
+ *
+ */
+
#ifndef XMLSEC_NO_HMAC
#include "globals.h"
@@ -125,6 +133,12 @@ xmlSecNssHmacCheckId(xmlSecTransformPtr transform) {
}
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha224Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA224 */
+
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) {
return(1);
@@ -176,6 +190,12 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) {
} else
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha224Id)) {
+ ctx->digestType = CKM_SHA224_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) {
ctx->digestType = CKM_SHA256_HMAC;
@@ -196,11 +216,7 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) {
/* not found */
{
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_TRANSFORM,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInvalidTransfromError(transform)
return(-1);
}
return(0);
@@ -272,11 +288,8 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans
small value
*/
if((int)ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
- "HMAC output length is too small");
+ xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform),
+ "HMAC output length is too small");
return(-1);
}
@@ -284,11 +297,7 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "no nodes expected");
+ xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
@@ -345,11 +354,7 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
- "key is empty");
+ xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform));
return(-1);
}
@@ -360,33 +365,21 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
slot = PK11_GetBestSlot(ctx->digestType, NULL);
if(slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_GetBestSlot",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform));
return(-1);
}
symKey = PK11_ImportSymKey(slot, ctx->digestType, PK11_OriginDerive,
CKA_SIGN, &keyItem, NULL);
if(symKey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_ImportSymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("PK11_ImportSymKey", xmlSecTransformGetName(transform));
PK11_FreeSlot(slot);
return(-1);
}
ctx->digestCtx = PK11_CreateContextBySymKey(ctx->digestType, CKA_SIGN, symKey, &ignore);
if(ctx->digestCtx == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_CreateContextBySymKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("PK11_CreateContextBySymKey", xmlSecTransformGetName(transform));
PK11_FreeSymKey(symKey);
PK11_FreeSlot(slot);
return(-1);
@@ -421,36 +414,29 @@ xmlSecNssHmacVerify(xmlSecTransformPtr transform,
/* compare the digest size in bytes */
if(dataSize != ((ctx->dgstSize + 7) / 8)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "data=%d;dgst=%d",
- dataSize, ((ctx->dgstSize + 7) / 8));
+ xmlSecInvalidSizeError("HMAC digest",
+ dataSize, ((ctx->dgstSize + 7) / 8),
+ xmlSecTransformGetName(transform));
transform->status = xmlSecTransformStatusFail;
return(0);
}
- /* we check the last byte separatelly */
+ /* we check the last byte separately */
xmlSecAssert2(dataSize > 0, -1);
mask = last_byte_masks[ctx->dgstSize % 8];
if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match (last byte)");
+ xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ xmlSecTransformGetName(transform),
+ "data and digest do not match (last byte)");
transform->status = xmlSecTransformStatusFail;
return(0);
}
/* now check the rest of the digest */
if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_DATA_NOT_MATCH,
- "data and digest do not match");
+ xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ xmlSecTransformGetName(transform),
+ "data and digest do not match");
transform->status = xmlSecTransformStatusFail;
return(0);
}
@@ -481,11 +467,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP
if(transform->status == xmlSecTransformStatusNone) {
rv = PK11_DigestBegin(ctx->digestCtx);
if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestBegin",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("PK11_DigestBegin", xmlSecTransformGetName(transform));
return(-1);
}
transform->status = xmlSecTransformStatusWorking;
@@ -498,21 +480,15 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP
if(inSize > 0) {
rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestOp",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("PK11_DigestOp", xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferRemoveHead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", inSize);
+ xmlSecInternalError2("xmlSecBufferRemoveHead",
+ xmlSecTransformGetName(transform),
+ "size=%d", inSize);
return(-1);
}
}
@@ -521,11 +497,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP
rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst));
if(rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "PK11_DigestFinal",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("PK11_DigestFinal", xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(dgstSize > 0, -1);
@@ -536,23 +508,18 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP
} else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) {
dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "result-bits=%d;required-bits=%d",
- 8 * dgstSize, ctx->dgstSize);
+ xmlSecInvalidSizeLessThanError("HMAC digest (bits)",
+ 8 * dgstSize, ctx->dgstSize,
+ xmlSecTransformGetName(transform));
return(-1);
}
if(transform->operation == xmlSecTransformOperationSign) {
ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- "xmlSecBufferAppend",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", dgstSize);
+ xmlSecInternalError2("xmlSecBufferAppend",
+ xmlSecTransformGetName(transform),
+ "size=%d", dgstSize);
return(-1);
}
}
@@ -562,11 +529,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_STATUS,
- "size=%d", transform->status);
+ xmlSecInvalidTransfromStatusError(transform);
return(-1);
}
@@ -712,6 +675,52 @@ xmlSecNssTransformHmacSha1GetKlass(void) {
}
#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA224
+/******************************************************************************
+ *
+ * HMAC SHA224
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha224Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha224, /* const xmlChar* name; */
+ xmlSecHrefHmacSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha224GetKlass:
+ *
+ * The HMAC-SHA224 transform klass.
+ *
+ * Returns: the HMAC-SHA224 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha224GetKlass(void) {
+ return(&xmlSecNssHmacSha224Klass);
+}
+#endif /* XMLSEC_NO_SHA224 */
+
#ifndef XMLSEC_NO_SHA256
/******************************************************************************
*