Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-26 06:11:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bugzilla Bug 313196: HMAC code should not use a fixed hash input block size

Browse Source 
of 64 bytes, which is wrong for SHA-384 and SHA-512.  This requires adding
the hash input block size to the SECHashObject structure. r=relyea,nelsonb
Modified Files:
	cryptohi/hasht.h cryptohi/sechash.c freebl/alghmac.c
	freebl/blapit.h freebl/rawhash.c
This commit is contained in:
wtchang%redhat.com 2005-11-07 18:44:21 +00:00
parent 5e7d59a92c
commit 1714be323f
5 changed files with 62 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
security/nss/lib/cryptohi/hasht.h
View File

@ -33,7 +33,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: hasht.h,v 1.6 2004/04/27 23:04:35 gerv%gerv.net Exp $ */
/* $Id: hasht.h,v 1.7 2005/11/07 18:44:20 wtchang%redhat.com Exp $ */
#ifndef _HASHT_H_
#define _HASHT_H_
@ -72,13 +72,15 @@ typedef enum {
* Structure to hold hash computation info and routines
*/
struct SECHashObjectStr {
unsigned int length;
unsigned int length; /* hash output length (in bytes) */
void * (*create)(void);
void * (*clone)(void *);
void (*destroy)(void *, PRBool);
void (*begin)(void *);
void (*update)(void *, const unsigned char *, unsigned int);
void (*end)(void *, unsigned char *, unsigned int *, unsigned int);
unsigned int blocklength; /* hash input block size (in bytes) */
HASH_HashType type;
};
struct HASHContextStr {

28
security/nss/lib/cryptohi/sechash.c
View File

@ -114,7 +114,9 @@ const SECHashObject SECHashObjects[] = {
(void (*)(void *)) null_hash_begin,
(void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
(void (*)(void *, unsigned char *, unsigned int *,
unsigned int)) null_hash_end
unsigned int)) null_hash_end,
0,
HASH_AlgNULL
},
{ MD2_LENGTH,
(void * (*)(void)) md2_NewContext,
@ -123,7 +125,9 @@ const SECHashObject SECHashObjects[] = {
(void (*)(void *)) PK11_DigestBegin,
(void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int))
PK11_DigestFinal
PK11_DigestFinal,
MD2_BLOCK_LENGTH,
HASH_AlgMD2
},
{ MD5_LENGTH,
(void * (*)(void)) md5_NewContext,
@ -132,7 +136,9 @@ const SECHashObject SECHashObjects[] = {
(void (*)(void *)) PK11_DigestBegin,
(void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int))
PK11_DigestFinal
PK11_DigestFinal,
MD5_BLOCK_LENGTH,
HASH_AlgMD5
},
{ SHA1_LENGTH,
(void * (*)(void)) sha1_NewContext,
@ -141,7 +147,9 @@ const SECHashObject SECHashObjects[] = {
(void (*)(void *)) PK11_DigestBegin,
(void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int))
PK11_DigestFinal
PK11_DigestFinal,
SHA1_BLOCK_LENGTH,
HASH_AlgSHA1
},
{ SHA256_LENGTH,
(void * (*)(void)) sha256_NewContext,
@ -150,7 +158,9 @@ const SECHashObject SECHashObjects[] = {
(void (*)(void *)) PK11_DigestBegin,
(void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int))
PK11_DigestFinal
PK11_DigestFinal,
SHA256_BLOCK_LENGTH,
HASH_AlgSHA256
},
{ SHA384_LENGTH,
(void * (*)(void)) sha384_NewContext,
@ -159,7 +169,9 @@ const SECHashObject SECHashObjects[] = {
(void (*)(void *)) PK11_DigestBegin,
(void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int))
PK11_DigestFinal
PK11_DigestFinal,
SHA384_BLOCK_LENGTH,
HASH_AlgSHA384
},
{ SHA512_LENGTH,
(void * (*)(void)) sha512_NewContext,
@ -168,7 +180,9 @@ const SECHashObject SECHashObjects[] = {
(void (*)(void *)) PK11_DigestBegin,
(void (*)(void *, const unsigned char *, unsigned int)) PK11_DigestOp,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int))
PK11_DigestFinal
PK11_DigestFinal,
SHA512_BLOCK_LENGTH,
HASH_AlgSHA512
},
};

16
security/nss/lib/freebl/alghmac.c
View File

@ -39,7 +39,7 @@
#include "alghmac.h"
#include "secerr.h"
#define HMAC_PAD_SIZE 64
#define HMAC_PAD_SIZE HASH_BLOCK_LENGTH_MAX
struct HMACContextStr {
void *hash;
@ -86,7 +86,7 @@ HMAC_Init( HMACContext * cx, const SECHashObject *hash_obj,
if (cx->hash == NULL)
goto loser;
if (secret_len > HMAC_PAD_SIZE) {
if (secret_len > cx->hashobj->blocklength) {
cx->hashobj->begin( cx->hash);
cx->hashobj->update(cx->hash, secret, secret_len);
PORT_Assert(cx->hashobj->length <= sizeof hashed_secret);
@ -99,8 +99,8 @@ HMAC_Init( HMACContext * cx, const SECHashObject *hash_obj,
secret = (const unsigned char *)&hashed_secret[0];
}
PORT_Memset(cx->ipad, 0x36, sizeof cx->ipad);
PORT_Memset(cx->opad, 0x5c, sizeof cx->opad);
PORT_Memset(cx->ipad, 0x36, cx->hashobj->blocklength);
PORT_Memset(cx->opad, 0x5c, cx->hashobj->blocklength);
/* fold secret into padding */
for (i = 0; i < secret_len; i++) {
@ -139,7 +139,7 @@ HMAC_Begin(HMACContext *cx)
{
/* start inner hash */
cx->hashobj->begin(cx->hash);
cx->hashobj->update(cx->hash, cx->ipad, sizeof(cx->ipad));
cx->hashobj->update(cx->hash, cx->ipad, cx->hashobj->blocklength);
}
void
@ -162,7 +162,7 @@ HMAC_Finish(HMACContext *cx, unsigned char *result, unsigned int *result_len,
return SECFailure;
cx->hashobj->begin(cx->hash);
cx->hashobj->update(cx->hash, cx->opad, sizeof(cx->opad));
cx->hashobj->update(cx->hash, cx->opad, cx->hashobj->blocklength);
cx->hashobj->update(cx->hash, result, *result_len);
cx->hashobj->end(cx->hash, result, result_len, max_result_len);
return SECSuccess;
@ -182,8 +182,8 @@ HMAC_Clone(HMACContext *cx)
newcx->hash = cx->hashobj->clone(cx->hash);
if (newcx->hash == NULL)
goto loser;
PORT_Memcpy(newcx->ipad, cx->ipad, sizeof(cx->ipad));
PORT_Memcpy(newcx->opad, cx->opad, sizeof(cx->opad));
PORT_Memcpy(newcx->ipad, cx->ipad, cx->hashobj->blocklength);
PORT_Memcpy(newcx->opad, cx->opad, cx->hashobj->blocklength);
return newcx;
loser:

6
security/nss/lib/freebl/blapit.h
View File

@ -38,7 +38,7 @@
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/* $Id: blapit.h,v 1.17 2005/08/13 00:07:18 wtchang%redhat.com Exp $ */
/* $Id: blapit.h,v 1.18 2005/11/07 18:44:21 wtchang%redhat.com Exp $ */
#ifndef _BLAPIT_H_
#define _BLAPIT_H_
@ -95,9 +95,13 @@
* Input block size for each hash algorithm.
*/
#define MD2_BLOCK_LENGTH 64 /* bytes */
#define MD5_BLOCK_LENGTH 64 /* bytes */
#define SHA1_BLOCK_LENGTH 64 /* bytes */
#define SHA256_BLOCK_LENGTH 64 /* bytes */
#define SHA384_BLOCK_LENGTH 128 /* bytes */
#define SHA512_BLOCK_LENGTH 128 /* bytes */
#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
#define AES_KEY_WRAP_IV_BYTES 8
#define AES_KEY_WRAP_BLOCK_SIZE 8 /* bytes */

31
security/nss/lib/freebl/rawhash.c
View File

@ -84,7 +84,9 @@ const SECHashObject SECRawHashObjects[] = {
(void (*)(void *)) null_hash_begin,
(void (*)(void *, const unsigned char *, unsigned int)) null_hash_update,
(void (*)(void *, unsigned char *, unsigned int *,
unsigned int)) null_hash_end
unsigned int)) null_hash_end,
0,
HASH_AlgNULL
},
{ MD2_LENGTH,
(void * (*)(void)) MD2_NewContext,
@ -92,7 +94,9 @@ const SECHashObject SECRawHashObjects[] = {
(void (*)(void *, PRBool)) MD2_DestroyContext,
(void (*)(void *)) MD2_Begin,
(void (*)(void *, const unsigned char *, unsigned int)) MD2_Update,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD2_End
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD2_End,
MD2_BLOCK_LENGTH,
HASH_AlgMD2
},
{ MD5_LENGTH,
(void * (*)(void)) MD5_NewContext,
@ -100,7 +104,9 @@ const SECHashObject SECRawHashObjects[] = {
(void (*)(void *, PRBool)) MD5_DestroyContext,
(void (*)(void *)) MD5_Begin,
(void (*)(void *, const unsigned char *, unsigned int)) MD5_Update,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD5_End
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) MD5_End,
MD5_BLOCK_LENGTH,
HASH_AlgMD5
},
{ SHA1_LENGTH,
(void * (*)(void)) SHA1_NewContext,
@ -108,7 +114,9 @@ const SECHashObject SECRawHashObjects[] = {
(void (*)(void *, PRBool)) SHA1_DestroyContext,
(void (*)(void *)) SHA1_Begin,
(void (*)(void *, const unsigned char *, unsigned int)) SHA1_Update,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA1_End,
SHA1_BLOCK_LENGTH,
HASH_AlgSHA1
},
{ SHA256_LENGTH,
(void * (*)(void)) SHA256_NewContext,
@ -116,7 +124,10 @@ const SECHashObject SECRawHashObjects[] = {
(void (*)(void *, PRBool)) SHA256_DestroyContext,
(void (*)(void *)) SHA256_Begin,
(void (*)(void *, const unsigned char *, unsigned int)) SHA256_Update,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA256_End
(void (*)(void *, unsigned char *, unsigned int *,
unsigned int)) SHA256_End,
SHA256_BLOCK_LENGTH,
HASH_AlgSHA256
},
{ SHA384_LENGTH,
(void * (*)(void)) SHA384_NewContext,
@ -124,7 +135,10 @@ const SECHashObject SECRawHashObjects[] = {
(void (*)(void *, PRBool)) SHA384_DestroyContext,
(void (*)(void *)) SHA384_Begin,
(void (*)(void *, const unsigned char *, unsigned int)) SHA384_Update,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA384_End
(void (*)(void *, unsigned char *, unsigned int *,
unsigned int)) SHA384_End,
SHA384_BLOCK_LENGTH,
HASH_AlgSHA384
},
{ SHA512_LENGTH,
(void * (*)(void)) SHA512_NewContext,
@ -132,7 +146,10 @@ const SECHashObject SECRawHashObjects[] = {
(void (*)(void *, PRBool)) SHA512_DestroyContext,
(void (*)(void *)) SHA512_Begin,
(void (*)(void *, const unsigned char *, unsigned int)) SHA512_Update,
(void (*)(void *, unsigned char *, unsigned int *, unsigned int)) SHA512_End
(void (*)(void *, unsigned char *, unsigned int *,
unsigned int)) SHA512_End,
SHA512_BLOCK_LENGTH,
HASH_AlgSHA512
},
};