mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-07 04:05:49 +00:00
ae04912e48
--HG-- rename : security/manager/ssl/src/CryptoTask.cpp => security/manager/ssl/CryptoTask.cpp rename : security/manager/ssl/src/CryptoTask.h => security/manager/ssl/CryptoTask.h rename : security/manager/ssl/src/CryptoUtil.h => security/manager/ssl/CryptoUtil.h rename : security/manager/ssl/src/IntolerantFallbackList.inc => security/manager/ssl/IntolerantFallbackList.inc rename : security/manager/ssl/src/NSSErrorsService.cpp => security/manager/ssl/NSSErrorsService.cpp rename : security/manager/ssl/src/NSSErrorsService.h => security/manager/ssl/NSSErrorsService.h rename : security/manager/ssl/src/PPSMContentDownloader.ipdl => security/manager/ssl/PPSMContentDownloader.ipdl rename : security/manager/ssl/src/PSMContentListener.cpp => security/manager/ssl/PSMContentListener.cpp rename : security/manager/ssl/src/PSMContentListener.h => security/manager/ssl/PSMContentListener.h rename : security/manager/ssl/src/PSMRunnable.cpp => security/manager/ssl/PSMRunnable.cpp rename : security/manager/ssl/src/PSMRunnable.h => security/manager/ssl/PSMRunnable.h rename : security/manager/ssl/src/PublicSSL.h => security/manager/ssl/PublicSSL.h rename : security/manager/ssl/src/SSLServerCertVerification.cpp => security/manager/ssl/SSLServerCertVerification.cpp rename : security/manager/ssl/src/SSLServerCertVerification.h => security/manager/ssl/SSLServerCertVerification.h rename : security/manager/ssl/src/ScopedNSSTypes.h => security/manager/ssl/ScopedNSSTypes.h rename : security/manager/ssl/src/SharedCertVerifier.h => security/manager/ssl/SharedCertVerifier.h rename : security/manager/ssl/src/SharedSSLState.cpp => security/manager/ssl/SharedSSLState.cpp rename : security/manager/ssl/src/SharedSSLState.h => security/manager/ssl/SharedSSLState.h rename : security/manager/ssl/src/TransportSecurityInfo.cpp => security/manager/ssl/TransportSecurityInfo.cpp rename : security/manager/ssl/src/TransportSecurityInfo.h => security/manager/ssl/TransportSecurityInfo.h rename : security/manager/ssl/src/md4.c => security/manager/ssl/md4.c rename : security/manager/ssl/src/md4.h => security/manager/ssl/md4.h rename : security/manager/ssl/src/nsCertOverrideService.cpp => security/manager/ssl/nsCertOverrideService.cpp rename : security/manager/ssl/src/nsCertOverrideService.h => security/manager/ssl/nsCertOverrideService.h rename : security/manager/ssl/src/nsCertPicker.cpp => security/manager/ssl/nsCertPicker.cpp rename : security/manager/ssl/src/nsCertPicker.h => security/manager/ssl/nsCertPicker.h rename : security/manager/ssl/src/nsCertTree.cpp => security/manager/ssl/nsCertTree.cpp rename : security/manager/ssl/src/nsCertTree.h => security/manager/ssl/nsCertTree.h rename : security/manager/ssl/src/nsCertVerificationThread.cpp => security/manager/ssl/nsCertVerificationThread.cpp rename : security/manager/ssl/src/nsCertVerificationThread.h => security/manager/ssl/nsCertVerificationThread.h rename : security/manager/ssl/src/nsClientAuthRemember.cpp => security/manager/ssl/nsClientAuthRemember.cpp rename : security/manager/ssl/src/nsClientAuthRemember.h => security/manager/ssl/nsClientAuthRemember.h rename : security/manager/ssl/src/nsCrypto.cpp => security/manager/ssl/nsCrypto.cpp rename : security/manager/ssl/src/nsCrypto.h => security/manager/ssl/nsCrypto.h rename : security/manager/ssl/src/nsCryptoHash.cpp => security/manager/ssl/nsCryptoHash.cpp rename : security/manager/ssl/src/nsCryptoHash.h => security/manager/ssl/nsCryptoHash.h rename : security/manager/ssl/src/nsDataSignatureVerifier.cpp => security/manager/ssl/nsDataSignatureVerifier.cpp rename : security/manager/ssl/src/nsDataSignatureVerifier.h => security/manager/ssl/nsDataSignatureVerifier.h rename : security/manager/ssl/src/nsKeyModule.cpp => security/manager/ssl/nsKeyModule.cpp rename : security/manager/ssl/src/nsKeyModule.h => security/manager/ssl/nsKeyModule.h rename : security/manager/ssl/src/nsKeygenHandler.cpp => security/manager/ssl/nsKeygenHandler.cpp rename : security/manager/ssl/src/nsKeygenHandler.h => security/manager/ssl/nsKeygenHandler.h rename : security/manager/ssl/src/nsKeygenHandlerContent.cpp => security/manager/ssl/nsKeygenHandlerContent.cpp rename : security/manager/ssl/src/nsKeygenHandlerContent.h => security/manager/ssl/nsKeygenHandlerContent.h rename : security/manager/ssl/src/nsKeygenThread.cpp => security/manager/ssl/nsKeygenThread.cpp rename : security/manager/ssl/src/nsKeygenThread.h => security/manager/ssl/nsKeygenThread.h rename : security/manager/ssl/src/nsNSSASN1Object.cpp => security/manager/ssl/nsNSSASN1Object.cpp rename : security/manager/ssl/src/nsNSSASN1Object.h => security/manager/ssl/nsNSSASN1Object.h rename : security/manager/ssl/src/nsNSSCallbacks.cpp => security/manager/ssl/nsNSSCallbacks.cpp rename : security/manager/ssl/src/nsNSSCallbacks.h => security/manager/ssl/nsNSSCallbacks.h rename : security/manager/ssl/src/nsNSSCertHelper.cpp => security/manager/ssl/nsNSSCertHelper.cpp rename : security/manager/ssl/src/nsNSSCertHelper.h => security/manager/ssl/nsNSSCertHelper.h rename : security/manager/ssl/src/nsNSSCertTrust.cpp => security/manager/ssl/nsNSSCertTrust.cpp rename : security/manager/ssl/src/nsNSSCertTrust.h => security/manager/ssl/nsNSSCertTrust.h rename : security/manager/ssl/src/nsNSSCertValidity.cpp => security/manager/ssl/nsNSSCertValidity.cpp rename : security/manager/ssl/src/nsNSSCertValidity.h => security/manager/ssl/nsNSSCertValidity.h rename : security/manager/ssl/src/nsNSSCertificate.cpp => security/manager/ssl/nsNSSCertificate.cpp rename : security/manager/ssl/src/nsNSSCertificate.h => security/manager/ssl/nsNSSCertificate.h rename : security/manager/ssl/src/nsNSSCertificateDB.cpp => security/manager/ssl/nsNSSCertificateDB.cpp rename : security/manager/ssl/src/nsNSSCertificateDB.h => security/manager/ssl/nsNSSCertificateDB.h rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.cpp => security/manager/ssl/nsNSSCertificateFakeTransport.cpp rename : security/manager/ssl/src/nsNSSCertificateFakeTransport.h => security/manager/ssl/nsNSSCertificateFakeTransport.h rename : security/manager/ssl/src/nsNSSComponent.cpp => security/manager/ssl/nsNSSComponent.cpp rename : security/manager/ssl/src/nsNSSComponent.h => security/manager/ssl/nsNSSComponent.h rename : security/manager/ssl/src/nsNSSErrors.cpp => security/manager/ssl/nsNSSErrors.cpp rename : security/manager/ssl/src/nsNSSHelper.h => security/manager/ssl/nsNSSHelper.h rename : security/manager/ssl/src/nsNSSIOLayer.cpp => security/manager/ssl/nsNSSIOLayer.cpp rename : security/manager/ssl/src/nsNSSIOLayer.h => security/manager/ssl/nsNSSIOLayer.h rename : security/manager/ssl/src/nsNSSModule.cpp => security/manager/ssl/nsNSSModule.cpp rename : security/manager/ssl/src/nsNSSShutDown.cpp => security/manager/ssl/nsNSSShutDown.cpp rename : security/manager/ssl/src/nsNSSShutDown.h => security/manager/ssl/nsNSSShutDown.h rename : security/manager/ssl/src/nsNSSVersion.cpp => security/manager/ssl/nsNSSVersion.cpp rename : security/manager/ssl/src/nsNSSVersion.h => security/manager/ssl/nsNSSVersion.h rename : security/manager/ssl/src/nsNTLMAuthModule.cpp => security/manager/ssl/nsNTLMAuthModule.cpp rename : security/manager/ssl/src/nsNTLMAuthModule.h => security/manager/ssl/nsNTLMAuthModule.h rename : security/manager/ssl/src/nsPK11TokenDB.cpp => security/manager/ssl/nsPK11TokenDB.cpp rename : security/manager/ssl/src/nsPK11TokenDB.h => security/manager/ssl/nsPK11TokenDB.h rename : security/manager/ssl/src/nsPKCS11Slot.cpp => security/manager/ssl/nsPKCS11Slot.cpp rename : security/manager/ssl/src/nsPKCS11Slot.h => security/manager/ssl/nsPKCS11Slot.h rename : security/manager/ssl/src/nsPKCS12Blob.cpp => security/manager/ssl/nsPKCS12Blob.cpp rename : security/manager/ssl/src/nsPKCS12Blob.h => security/manager/ssl/nsPKCS12Blob.h rename : security/manager/ssl/src/nsPSMBackgroundThread.cpp => security/manager/ssl/nsPSMBackgroundThread.cpp rename : security/manager/ssl/src/nsPSMBackgroundThread.h => security/manager/ssl/nsPSMBackgroundThread.h rename : security/manager/ssl/src/nsProtectedAuthThread.cpp => security/manager/ssl/nsProtectedAuthThread.cpp rename : security/manager/ssl/src/nsProtectedAuthThread.h => security/manager/ssl/nsProtectedAuthThread.h rename : security/manager/ssl/src/nsRandomGenerator.cpp => security/manager/ssl/nsRandomGenerator.cpp rename : security/manager/ssl/src/nsRandomGenerator.h => security/manager/ssl/nsRandomGenerator.h rename : security/manager/ssl/src/nsSDR.cpp => security/manager/ssl/nsSDR.cpp rename : security/manager/ssl/src/nsSDR.h => security/manager/ssl/nsSDR.h rename : security/manager/ssl/src/nsSSLSocketProvider.cpp => security/manager/ssl/nsSSLSocketProvider.cpp rename : security/manager/ssl/src/nsSSLSocketProvider.h => security/manager/ssl/nsSSLSocketProvider.h rename : security/manager/ssl/src/nsSSLStatus.cpp => security/manager/ssl/nsSSLStatus.cpp rename : security/manager/ssl/src/nsSSLStatus.h => security/manager/ssl/nsSSLStatus.h rename : security/manager/ssl/src/nsSmartCardMonitor.cpp => security/manager/ssl/nsSmartCardMonitor.cpp rename : security/manager/ssl/src/nsSmartCardMonitor.h => security/manager/ssl/nsSmartCardMonitor.h rename : security/manager/ssl/src/nsTLSSocketProvider.cpp => security/manager/ssl/nsTLSSocketProvider.cpp rename : security/manager/ssl/src/nsTLSSocketProvider.h => security/manager/ssl/nsTLSSocketProvider.h rename : security/manager/ssl/src/nsUsageArrayHelper.cpp => security/manager/ssl/nsUsageArrayHelper.cpp rename : security/manager/ssl/src/nsUsageArrayHelper.h => security/manager/ssl/nsUsageArrayHelper.h rename : security/manager/ssl/src/nsVerificationJob.h => security/manager/ssl/nsVerificationJob.h
446 lines
9.9 KiB
C++
446 lines
9.9 KiB
C++
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include <algorithm>
|
|
|
|
#include "nsCryptoHash.h"
|
|
|
|
#include "nsIInputStream.h"
|
|
#include "nsIKeyModule.h"
|
|
|
|
#include "nsString.h"
|
|
|
|
#include "sechash.h"
|
|
#include "pk11pub.h"
|
|
#include "base64.h"
|
|
|
|
#define NS_CRYPTO_HASH_BUFFER_SIZE 4096
|
|
|
|
//---------------------------------------------
|
|
// Implementing nsICryptoHash
|
|
//---------------------------------------------
|
|
|
|
nsCryptoHash::nsCryptoHash()
|
|
: mHashContext(nullptr)
|
|
, mInitialized(false)
|
|
{
|
|
}
|
|
|
|
nsCryptoHash::~nsCryptoHash()
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return;
|
|
}
|
|
destructorSafeDestroyNSSReference();
|
|
shutdown(calledFromObject);
|
|
}
|
|
|
|
void
|
|
nsCryptoHash::virtualDestroyNSSReference()
|
|
{
|
|
destructorSafeDestroyNSSReference();
|
|
}
|
|
|
|
void
|
|
nsCryptoHash::destructorSafeDestroyNSSReference()
|
|
{
|
|
if (mHashContext)
|
|
HASH_Destroy(mHashContext);
|
|
mHashContext = nullptr;
|
|
}
|
|
|
|
NS_IMPL_ISUPPORTS(nsCryptoHash, nsICryptoHash)
|
|
|
|
NS_IMETHODIMP
|
|
nsCryptoHash::Init(uint32_t algorithm)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
HASH_HashType hashType = (HASH_HashType)algorithm;
|
|
if (mHashContext)
|
|
{
|
|
if ((!mInitialized) && (HASH_GetType(mHashContext) == hashType))
|
|
{
|
|
mInitialized = true;
|
|
HASH_Begin(mHashContext);
|
|
return NS_OK;
|
|
}
|
|
|
|
// Destroy current hash context if the type was different
|
|
// or Finish method wasn't called.
|
|
HASH_Destroy(mHashContext);
|
|
mInitialized = false;
|
|
}
|
|
|
|
mHashContext = HASH_Create(hashType);
|
|
if (!mHashContext)
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
HASH_Begin(mHashContext);
|
|
mInitialized = true;
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsCryptoHash::InitWithString(const nsACString & aAlgorithm)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
if (aAlgorithm.LowerCaseEqualsLiteral("md2"))
|
|
return Init(nsICryptoHash::MD2);
|
|
|
|
if (aAlgorithm.LowerCaseEqualsLiteral("md5"))
|
|
return Init(nsICryptoHash::MD5);
|
|
|
|
if (aAlgorithm.LowerCaseEqualsLiteral("sha1"))
|
|
return Init(nsICryptoHash::SHA1);
|
|
|
|
if (aAlgorithm.LowerCaseEqualsLiteral("sha256"))
|
|
return Init(nsICryptoHash::SHA256);
|
|
|
|
if (aAlgorithm.LowerCaseEqualsLiteral("sha384"))
|
|
return Init(nsICryptoHash::SHA384);
|
|
|
|
if (aAlgorithm.LowerCaseEqualsLiteral("sha512"))
|
|
return Init(nsICryptoHash::SHA512);
|
|
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsCryptoHash::Update(const uint8_t *data, uint32_t len)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
if (!mInitialized)
|
|
return NS_ERROR_NOT_INITIALIZED;
|
|
|
|
HASH_Update(mHashContext, data, len);
|
|
return NS_OK;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsCryptoHash::UpdateFromStream(nsIInputStream *data, uint32_t aLen)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
if (!mInitialized)
|
|
return NS_ERROR_NOT_INITIALIZED;
|
|
|
|
if (!data)
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
uint64_t n;
|
|
nsresult rv = data->Available(&n);
|
|
if (NS_FAILED(rv))
|
|
return rv;
|
|
|
|
// if the user has passed UINT32_MAX, then read
|
|
// everything in the stream
|
|
|
|
uint64_t len = aLen;
|
|
if (aLen == UINT32_MAX)
|
|
len = n;
|
|
|
|
// So, if the stream has NO data available for the hash,
|
|
// or if the data available is less then what the caller
|
|
// requested, we can not fulfill the hash update. In this
|
|
// case, just return NS_ERROR_NOT_AVAILABLE indicating
|
|
// that there is not enough data in the stream to satisify
|
|
// the request.
|
|
|
|
if (n == 0 || n < len)
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
|
|
char buffer[NS_CRYPTO_HASH_BUFFER_SIZE];
|
|
uint32_t read, readLimit;
|
|
|
|
while(NS_SUCCEEDED(rv) && len>0)
|
|
{
|
|
readLimit = (uint32_t)std::min<uint64_t>(NS_CRYPTO_HASH_BUFFER_SIZE, len);
|
|
|
|
rv = data->Read(buffer, readLimit, &read);
|
|
|
|
if (NS_SUCCEEDED(rv))
|
|
rv = Update((const uint8_t*)buffer, read);
|
|
|
|
len -= read;
|
|
}
|
|
|
|
return rv;
|
|
}
|
|
|
|
NS_IMETHODIMP
|
|
nsCryptoHash::Finish(bool ascii, nsACString & _retval)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
if (!mInitialized)
|
|
return NS_ERROR_NOT_INITIALIZED;
|
|
|
|
uint32_t hashLen = 0;
|
|
unsigned char buffer[HASH_LENGTH_MAX];
|
|
unsigned char* pbuffer = buffer;
|
|
|
|
HASH_End(mHashContext, pbuffer, &hashLen, HASH_LENGTH_MAX);
|
|
|
|
mInitialized = false;
|
|
|
|
if (ascii)
|
|
{
|
|
char *asciiData = BTOA_DataToAscii(buffer, hashLen);
|
|
NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY);
|
|
|
|
_retval.Assign(asciiData);
|
|
PORT_Free(asciiData);
|
|
}
|
|
else
|
|
{
|
|
_retval.Assign((const char*)buffer, hashLen);
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
//---------------------------------------------
|
|
// Implementing nsICryptoHMAC
|
|
//---------------------------------------------
|
|
|
|
NS_IMPL_ISUPPORTS(nsCryptoHMAC, nsICryptoHMAC)
|
|
|
|
nsCryptoHMAC::nsCryptoHMAC()
|
|
{
|
|
mHMACContext = nullptr;
|
|
}
|
|
|
|
nsCryptoHMAC::~nsCryptoHMAC()
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return;
|
|
}
|
|
destructorSafeDestroyNSSReference();
|
|
shutdown(calledFromObject);
|
|
}
|
|
|
|
void
|
|
nsCryptoHMAC::virtualDestroyNSSReference()
|
|
{
|
|
destructorSafeDestroyNSSReference();
|
|
}
|
|
|
|
void
|
|
nsCryptoHMAC::destructorSafeDestroyNSSReference()
|
|
{
|
|
if (mHMACContext)
|
|
PK11_DestroyContext(mHMACContext, true);
|
|
mHMACContext = nullptr;
|
|
}
|
|
|
|
/* void init (in unsigned long aAlgorithm, in nsIKeyObject aKeyObject); */
|
|
NS_IMETHODIMP
|
|
nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
if (mHMACContext)
|
|
{
|
|
PK11_DestroyContext(mHMACContext, true);
|
|
mHMACContext = nullptr;
|
|
}
|
|
|
|
CK_MECHANISM_TYPE HMACMechType;
|
|
switch (aAlgorithm)
|
|
{
|
|
case nsCryptoHMAC::MD2:
|
|
HMACMechType = CKM_MD2_HMAC; break;
|
|
case nsCryptoHMAC::MD5:
|
|
HMACMechType = CKM_MD5_HMAC; break;
|
|
case nsCryptoHMAC::SHA1:
|
|
HMACMechType = CKM_SHA_1_HMAC; break;
|
|
case nsCryptoHMAC::SHA256:
|
|
HMACMechType = CKM_SHA256_HMAC; break;
|
|
case nsCryptoHMAC::SHA384:
|
|
HMACMechType = CKM_SHA384_HMAC; break;
|
|
case nsCryptoHMAC::SHA512:
|
|
HMACMechType = CKM_SHA512_HMAC; break;
|
|
default:
|
|
return NS_ERROR_INVALID_ARG;
|
|
}
|
|
|
|
NS_ENSURE_ARG_POINTER(aKeyObject);
|
|
|
|
nsresult rv;
|
|
|
|
int16_t keyType;
|
|
rv = aKeyObject->GetType(&keyType);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
NS_ENSURE_TRUE(keyType == nsIKeyObject::SYM_KEY, NS_ERROR_INVALID_ARG);
|
|
|
|
PK11SymKey* key;
|
|
// GetKeyObj doesn't addref the key
|
|
rv = aKeyObject->GetKeyObj((void**)&key);
|
|
NS_ENSURE_SUCCESS(rv, rv);
|
|
|
|
SECItem rawData;
|
|
rawData.data = 0;
|
|
rawData.len = 0;
|
|
mHMACContext = PK11_CreateContextBySymKey(
|
|
HMACMechType, CKA_SIGN, key, &rawData);
|
|
NS_ENSURE_TRUE(mHMACContext, NS_ERROR_FAILURE);
|
|
|
|
SECStatus ss = PK11_DigestBegin(mHMACContext);
|
|
NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
/* void update ([array, size_is (aLen), const] in octet aData, in unsigned long aLen); */
|
|
NS_IMETHODIMP
|
|
nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
if (!mHMACContext)
|
|
return NS_ERROR_NOT_INITIALIZED;
|
|
|
|
if (!aData)
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
SECStatus ss = PK11_DigestOp(mHMACContext, aData, aLen);
|
|
NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
/* void updateFromStream (in nsIInputStream aStream, in unsigned long aLen); */
|
|
NS_IMETHODIMP
|
|
nsCryptoHMAC::UpdateFromStream(nsIInputStream *aStream, uint32_t aLen)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
if (!mHMACContext)
|
|
return NS_ERROR_NOT_INITIALIZED;
|
|
|
|
if (!aStream)
|
|
return NS_ERROR_INVALID_ARG;
|
|
|
|
uint64_t n;
|
|
nsresult rv = aStream->Available(&n);
|
|
if (NS_FAILED(rv))
|
|
return rv;
|
|
|
|
// if the user has passed UINT32_MAX, then read
|
|
// everything in the stream
|
|
|
|
uint64_t len = aLen;
|
|
if (aLen == UINT32_MAX)
|
|
len = n;
|
|
|
|
// So, if the stream has NO data available for the hash,
|
|
// or if the data available is less then what the caller
|
|
// requested, we can not fulfill the HMAC update. In this
|
|
// case, just return NS_ERROR_NOT_AVAILABLE indicating
|
|
// that there is not enough data in the stream to satisify
|
|
// the request.
|
|
|
|
if (n == 0 || n < len)
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
|
|
char buffer[NS_CRYPTO_HASH_BUFFER_SIZE];
|
|
uint32_t read, readLimit;
|
|
|
|
while(NS_SUCCEEDED(rv) && len > 0)
|
|
{
|
|
readLimit = (uint32_t)std::min<uint64_t>(NS_CRYPTO_HASH_BUFFER_SIZE, len);
|
|
|
|
rv = aStream->Read(buffer, readLimit, &read);
|
|
if (read == 0)
|
|
return NS_BASE_STREAM_CLOSED;
|
|
|
|
if (NS_SUCCEEDED(rv))
|
|
rv = Update((const uint8_t*)buffer, read);
|
|
|
|
len -= read;
|
|
}
|
|
|
|
return rv;
|
|
}
|
|
|
|
/* ACString finish (in bool aASCII); */
|
|
NS_IMETHODIMP
|
|
nsCryptoHMAC::Finish(bool aASCII, nsACString & _retval)
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
if (!mHMACContext)
|
|
return NS_ERROR_NOT_INITIALIZED;
|
|
|
|
uint32_t hashLen = 0;
|
|
unsigned char buffer[HASH_LENGTH_MAX];
|
|
unsigned char* pbuffer = buffer;
|
|
|
|
PK11_DigestFinal(mHMACContext, pbuffer, &hashLen, HASH_LENGTH_MAX);
|
|
if (aASCII)
|
|
{
|
|
char *asciiData = BTOA_DataToAscii(buffer, hashLen);
|
|
NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY);
|
|
|
|
_retval.Assign(asciiData);
|
|
PORT_Free(asciiData);
|
|
}
|
|
else
|
|
{
|
|
_retval.Assign((const char*)buffer, hashLen);
|
|
}
|
|
|
|
return NS_OK;
|
|
}
|
|
|
|
/* void reset (); */
|
|
NS_IMETHODIMP
|
|
nsCryptoHMAC::Reset()
|
|
{
|
|
nsNSSShutDownPreventionLock locker;
|
|
if (isAlreadyShutDown()) {
|
|
return NS_ERROR_NOT_AVAILABLE;
|
|
}
|
|
|
|
SECStatus ss = PK11_DigestBegin(mHMACContext);
|
|
NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
|
|
|
|
return NS_OK;
|
|
}
|