diff options
Diffstat (limited to 'src/nss/hmac.c')
-rw-r--r-- | src/nss/hmac.c | 189 |
1 files changed, 99 insertions, 90 deletions
diff --git a/src/nss/hmac.c b/src/nss/hmac.c index 79fbf40d..e25b1e61 100644 --- a/src/nss/hmac.c +++ b/src/nss/hmac.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for NSS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -125,6 +133,12 @@ xmlSecNssHmacCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) { return(1); @@ -176,6 +190,12 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha224Id)) { + ctx->digestType = CKM_SHA224_HMAC; + } else +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) { ctx->digestType = CKM_SHA256_HMAC; @@ -196,11 +216,7 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } return(0); @@ -272,11 +288,8 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans small value */ if((int)ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "HMAC output length is too small"); + xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), + "HMAC output length is too small"); return(-1); } @@ -284,11 +297,7 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -345,11 +354,7 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key is empty"); + xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform)); return(-1); } @@ -360,33 +365,21 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { slot = PK11_GetBestSlot(ctx->digestType, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform)); return(-1); } symKey = PK11_ImportSymKey(slot, ctx->digestType, PK11_OriginDerive, CKA_SIGN, &keyItem, NULL); if(symKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_ImportSymKey", xmlSecTransformGetName(transform)); PK11_FreeSlot(slot); return(-1); } ctx->digestCtx = PK11_CreateContextBySymKey(ctx->digestType, CKA_SIGN, symKey, &ignore); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_CreateContextBySymKey", xmlSecTransformGetName(transform)); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); @@ -421,36 +414,29 @@ xmlSecNssHmacVerify(xmlSecTransformPtr transform, /* compare the digest size in bytes */ if(dataSize != ((ctx->dgstSize + 7) / 8)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data=%d;dgst=%d", - dataSize, ((ctx->dgstSize + 7) / 8)); + xmlSecInvalidSizeError("HMAC digest", + dataSize, ((ctx->dgstSize + 7) / 8), + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } - /* we check the last byte separatelly */ + /* we check the last byte separately */ xmlSecAssert2(dataSize > 0, -1); mask = last_byte_masks[ctx->dgstSize % 8]; if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match (last byte)"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match (last byte)"); transform->status = xmlSecTransformStatusFail; return(0); } /* now check the rest of the digest */ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -481,11 +467,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP if(transform->status == xmlSecTransformStatusNone) { rv = PK11_DigestBegin(ctx->digestCtx); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestBegin", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -498,21 +480,15 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP if(inSize > 0) { rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestOp", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -521,11 +497,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst)); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestFinal", xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(dgstSize > 0, -1); @@ -536,23 +508,18 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP } else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) { dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "result-bits=%d;required-bits=%d", - 8 * dgstSize, ctx->dgstSize); + xmlSecInvalidSizeLessThanError("HMAC digest (bits)", + 8 * dgstSize, ctx->dgstSize, + xmlSecTransformGetName(transform)); return(-1); } if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", dgstSize); return(-1); } } @@ -562,11 +529,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "size=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -712,6 +675,52 @@ xmlSecNssTransformHmacSha1GetKlass(void) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/****************************************************************************** + * + * HMAC SHA224 + * + ******************************************************************************/ +static xmlSecTransformKlass xmlSecNssHmacSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ + + xmlSecNameHmacSha224, /* const xmlChar* name; */ + xmlSecHrefHmacSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformHmacSha224GetKlass: + * + * The HMAC-SHA224 transform klass. + * + * Returns: the HMAC-SHA224 transform klass. + */ +xmlSecTransformId +xmlSecNssTransformHmacSha224GetKlass(void) { + return(&xmlSecNssHmacSha224Klass); +} +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 /****************************************************************************** * |