libchrome: Uprev the library to r456626 from Chromium
Pulled the latest and greatest version of libchrome from Chromium.
The merge was done against r456626 which corresponds to git commit
08266b3fca707804065a2cfd60331722ade41969 of Mar 14, 2017
Notable changes are:
- FOR_EACH_OBSERVER macro removed (replaced by use of C++ 11
range-base for loop)
- base::Values no more FundamentalValue
- stl_util moved to base namespace
- some scoped pointers removed in crypto/ in favor
of BoringSSL UniquePtr.
- path() accessor renamed to GetPath() in ScopedTempDir (and other
classes)
- introduction of base::CallbackOnce
Test: All unit-tests should still pass.
Change-Id: I180f9defc7607f462389fae17701fff553c4a2d0
diff --git a/crypto/BUILD.gn b/crypto/BUILD.gn
index a912d93..6b45c9d 100644
--- a/crypto/BUILD.gn
+++ b/crypto/BUILD.gn
@@ -13,14 +13,11 @@
"apple_keychain.h",
"apple_keychain_ios.mm",
"apple_keychain_mac.mm",
- "auto_cbb.h",
"capi_util.cc",
"capi_util.h",
"crypto_export.h",
"cssm_init.cc",
"cssm_init.h",
- "curve25519.cc",
- "curve25519.h",
"ec_private_key.cc",
"ec_private_key.h",
"ec_signature_creator.cc",
@@ -47,8 +44,6 @@
"nss_util.cc",
"nss_util.h",
"nss_util_internal.h",
- "openssl_bio_string.cc",
- "openssl_bio_string.h",
"openssl_util.cc",
"openssl_util.h",
"p224.cc",
@@ -84,6 +79,10 @@
"//base/third_party/dynamic_annotations",
]
+ public_deps = [
+ "//third_party/boringssl",
+ ]
+
if (!is_mac && !is_ios) {
sources -= [
"apple_keychain.h",
@@ -133,7 +132,6 @@
test("crypto_unittests") {
sources = [
"aead_unittest.cc",
- "curve25519_unittest.cc",
"ec_private_key_unittest.cc",
"ec_signature_creator_unittest.cc",
"encryptor_unittest.cc",
@@ -141,7 +139,6 @@
"hmac_unittest.cc",
"nss_key_util_unittest.cc",
"nss_util_unittest.cc",
- "openssl_bio_string_unittest.cc",
"p224_spake_unittest.cc",
"p224_unittest.cc",
"random_unittest.cc",
diff --git a/crypto/apple_keychain.h b/crypto/apple_keychain.h
index 1ea2473..1037b7e 100644
--- a/crypto/apple_keychain.h
+++ b/crypto/apple_keychain.h
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef CRYPTO_KEYCHAIN_MAC_H_
-#define CRYPTO_KEYCHAIN_MAC_H_
+#ifndef CRYPTO_APPLE_KEYCHAIN_H_
+#define CRYPTO_APPLE_KEYCHAIN_H_
#include <Security/Security.h>
@@ -106,4 +106,4 @@
} // namespace crypto
-#endif // CRYPTO_KEYCHAIN_MAC_H_
+#endif // CRYPTO_APPLE_KEYCHAIN_H_
diff --git a/crypto/auto_cbb.h b/crypto/auto_cbb.h
deleted file mode 100644
index 5206a21..0000000
--- a/crypto/auto_cbb.h
+++ /dev/null
@@ -1,35 +0,0 @@
-// Copyright 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CRYPTO_AUTO_CBB_H_
-#define CRYPTO_AUTO_CBB_H_
-
-#include <openssl/bytestring.h>
-
-#include "base/macros.h"
-
-namespace crypto {
-
-// AutoCBB is a wrapper over OpenSSL's CBB type that automatically releases
-// resources when going out of scope.
-class AutoCBB {
- public:
- AutoCBB() { CBB_zero(&cbb_); }
- ~AutoCBB() { CBB_cleanup(&cbb_); }
-
- CBB* get() { return &cbb_; }
-
- void Reset() {
- CBB_cleanup(&cbb_);
- CBB_zero(&cbb_);
- }
-
- private:
- CBB cbb_;
- DISALLOW_COPY_AND_ASSIGN(AutoCBB);
-};
-
-} // namespace crypto
-
-#endif // CRYPTO_AUTO_CBB_H_
diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp
deleted file mode 100644
index 8ed2ab2..0000000
--- a/crypto/crypto.gyp
+++ /dev/null
@@ -1,236 +0,0 @@
-# Copyright (c) 2012 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
- 'variables': {
- 'chromium_code': 1,
- },
- 'includes': [
- 'crypto.gypi',
- ],
- 'targets': [
- {
- 'target_name': 'crypto',
- 'type': '<(component)',
- 'product_name': 'crcrypto', # Avoid colliding with OpenSSL's libcrypto
- 'dependencies': [
- '../base/base.gyp:base',
- '../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations',
- '../third_party/boringssl/boringssl.gyp:boringssl',
- ],
- 'defines': [
- 'CRYPTO_IMPLEMENTATION',
- ],
- 'conditions': [
- [ 'os_posix == 1 and OS != "mac" and OS != "ios" and OS != "android"', {
- 'dependencies': [
- '../build/linux/system.gyp:nss',
- ],
- 'export_dependent_settings': [
- '../build/linux/system.gyp:nss',
- ],
- 'conditions': [
- [ 'chromeos==1', {
- 'sources/': [ ['include', '_chromeos\\.cc$'] ]
- },
- ],
- ],
- }],
- [ 'OS != "mac" and OS != "ios"', {
- 'sources!': [
- 'apple_keychain.h',
- 'mock_apple_keychain.cc',
- 'mock_apple_keychain.h',
- ],
- }],
- [ 'os_bsd==1', {
- 'link_settings': {
- 'libraries': [
- '-L/usr/local/lib -lexecinfo',
- ],
- },
- },
- ],
- [ 'OS == "mac"', {
- 'link_settings': {
- 'libraries': [
- '$(SDKROOT)/System/Library/Frameworks/Security.framework',
- ],
- },
- }, { # OS != "mac"
- 'sources!': [
- 'cssm_init.cc',
- 'cssm_init.h',
- 'mac_security_services_lock.cc',
- 'mac_security_services_lock.h',
- ],
- }],
- [ 'OS != "win"', {
- 'sources!': [
- 'capi_util.h',
- 'capi_util.cc',
- ],
- }],
- [ 'OS == "win"', {
- 'msvs_disabled_warnings': [
- 4267, # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
- ],
- }],
- [ 'use_nss_certs==0', {
- # Some files are built when NSS is used for the platform certificate library.
- 'sources!': [
- 'nss_key_util.cc',
- 'nss_key_util.h',
- 'nss_util.cc',
- 'nss_util.h',
- 'nss_util_internal.h',
- ],
- },],
- ],
- 'sources': [
- '<@(crypto_sources)',
- ],
- },
- {
- 'target_name': 'crypto_unittests',
- 'type': 'executable',
- 'sources': [
- 'aead_unittest.cc',
- 'curve25519_unittest.cc',
- 'ec_private_key_unittest.cc',
- 'ec_signature_creator_unittest.cc',
- 'encryptor_unittest.cc',
- 'hkdf_unittest.cc',
- 'hmac_unittest.cc',
- 'nss_key_util_unittest.cc',
- 'nss_util_unittest.cc',
- 'openssl_bio_string_unittest.cc',
- 'p224_unittest.cc',
- 'p224_spake_unittest.cc',
- 'random_unittest.cc',
- 'rsa_private_key_unittest.cc',
- 'secure_hash_unittest.cc',
- 'sha2_unittest.cc',
- 'signature_creator_unittest.cc',
- 'signature_verifier_unittest.cc',
- 'symmetric_key_unittest.cc',
- ],
- 'dependencies': [
- 'crypto',
- 'crypto_test_support',
- '../base/base.gyp:base',
- '../base/base.gyp:run_all_unittests',
- '../base/base.gyp:test_support_base',
- '../testing/gmock.gyp:gmock',
- '../testing/gtest.gyp:gtest',
- '../third_party/boringssl/boringssl.gyp:boringssl',
- ],
- 'conditions': [
- [ 'use_nss_certs == 1', {
- 'dependencies': [
- '../build/linux/system.gyp:nss',
- ],
- }],
- [ 'use_nss_certs == 0', {
- # Some files are built when NSS is used for the platform certificate library.
- 'sources!': [
- 'nss_key_util_unittest.cc',
- 'nss_util_unittest.cc',
- ],
- }],
- [ 'OS == "win"', {
- # TODO(jschuh): crbug.com/167187 fix size_t to int truncations.
- 'msvs_disabled_warnings': [4267, ],
- }],
- ],
- },
- ],
- 'conditions': [
- ['OS == "win" and target_arch=="ia32"', {
- 'targets': [
- {
- 'target_name': 'crypto_nacl_win64',
- # We use the native APIs for the helper.
- 'type': '<(component)',
- 'dependencies': [
- '../base/base.gyp:base_win64',
- '../base/third_party/dynamic_annotations/dynamic_annotations.gyp:dynamic_annotations_win64',
- '../third_party/boringssl/boringssl.gyp:boringssl_nacl_win64',
- ],
- 'sources': [
- '<@(nacl_win64_sources)',
- ],
- 'defines': [
- 'CRYPTO_IMPLEMENTATION',
- '<@(nacl_win64_defines)',
- ],
- 'configurations': {
- 'Common_Base': {
- 'msvs_target_platform': 'x64',
- },
- },
- },
- ],
- }],
- ['use_nss_certs==1', {
- 'targets': [
- {
- 'target_name': 'crypto_test_support',
- 'type': 'static_library',
- 'dependencies': [
- '../base/base.gyp:base',
- 'crypto',
- ],
- 'sources': [
- 'scoped_test_nss_db.cc',
- 'scoped_test_nss_db.h',
- 'scoped_test_nss_chromeos_user.cc',
- 'scoped_test_nss_chromeos_user.h',
- 'scoped_test_system_nss_key_slot.cc',
- 'scoped_test_system_nss_key_slot.h',
- ],
- 'conditions': [
- ['use_nss_certs==0', {
- 'sources!': [
- 'scoped_test_nss_db.cc',
- 'scoped_test_nss_db.h',
- ],
- }],
- [ 'chromeos==0', {
- 'sources!': [
- 'scoped_test_nss_chromeos_user.cc',
- 'scoped_test_nss_chromeos_user.h',
- 'scoped_test_system_nss_key_slot.cc',
- 'scoped_test_system_nss_key_slot.h',
- ],
- }],
- ],
- }
- ]}, { # use_nss_certs==0
- 'targets': [
- {
- 'target_name': 'crypto_test_support',
- 'type': 'none',
- 'sources': [],
- }
- ]}],
- ['test_isolation_mode != "noop"', {
- 'targets': [
- {
- 'target_name': 'crypto_unittests_run',
- 'type': 'none',
- 'dependencies': [
- 'crypto_unittests',
- ],
- 'includes': [
- '../build/isolate.gypi',
- ],
- 'sources': [
- 'crypto_unittests.isolate',
- ],
- },
- ],
- }],
- ],
-}
diff --git a/crypto/crypto.gypi b/crypto/crypto.gypi
deleted file mode 100644
index dadc0ea..0000000
--- a/crypto/crypto.gypi
+++ /dev/null
@@ -1,88 +0,0 @@
-# Copyright 2014 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
- 'variables': {
- # Put all transitive dependencies for Windows HMAC here.
- # This is required so that we can build them for nacl win64.
- 'variables': {
- 'hmac_win64_related_sources': [
- 'crypto_export.h',
- 'hmac.cc',
- 'hmac.h',
- 'openssl_util.cc',
- 'openssl_util.h',
- 'secure_util.cc',
- 'secure_util.h',
- 'symmetric_key.cc',
- 'symmetric_key.h',
- ],
- },
- 'crypto_sources': [
- # NOTE: all transitive dependencies of HMAC on windows need
- # to be placed in the source list above.
- '<@(hmac_win64_related_sources)',
- 'aead.cc',
- 'aead.h',
- 'apple_keychain.h',
- 'apple_keychain_ios.mm',
- 'apple_keychain_mac.mm',
- 'auto_cbb.h',
- 'capi_util.cc',
- 'capi_util.h',
- 'cssm_init.cc',
- 'cssm_init.h',
- 'curve25519.cc',
- 'curve25519.h',
- 'ec_private_key.cc',
- 'ec_private_key.h',
- 'ec_signature_creator.cc',
- 'ec_signature_creator.h',
- 'ec_signature_creator_impl.cc',
- 'ec_signature_creator_impl.h',
- 'encryptor.cc',
- 'encryptor.h',
- 'hkdf.cc',
- 'hkdf.h',
- 'mac_security_services_lock.cc',
- 'mac_security_services_lock.h',
- 'mock_apple_keychain.cc',
- 'mock_apple_keychain.h',
- 'mock_apple_keychain_ios.cc',
- 'mock_apple_keychain_mac.cc',
- 'p224_spake.cc',
- 'p224_spake.h',
- 'nss_crypto_module_delegate.h',
- 'nss_key_util.cc',
- 'nss_key_util.h',
- 'nss_util.cc',
- 'nss_util.h',
- 'nss_util_internal.h',
- 'openssl_bio_string.cc',
- 'openssl_bio_string.h',
- 'p224.cc',
- 'p224.h',
- 'random.h',
- 'random.cc',
- 'rsa_private_key.cc',
- 'rsa_private_key.h',
- 'scoped_capi_types.h',
- 'scoped_nss_types.h',
- 'secure_hash.cc',
- 'secure_hash.h',
- 'sha2.cc',
- 'sha2.h',
- 'signature_creator.cc',
- 'signature_creator.h',
- 'signature_verifier.cc',
- 'signature_verifier.h',
- 'wincrypt_shim.h',
- ],
- 'nacl_win64_sources': [
- '<@(hmac_win64_related_sources)',
- 'random.cc',
- 'random.h',
- ],
- }
-}
diff --git a/crypto/crypto_nacl.gyp b/crypto/crypto_nacl.gyp
deleted file mode 100644
index c7c01a8..0000000
--- a/crypto/crypto_nacl.gyp
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright 2014 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-
-{
- 'variables': {
- 'chromium_code': 1,
- },
- 'includes': [
- '../native_client/build/untrusted.gypi',
- 'crypto.gypi',
- ],
- 'targets': [
- {
- 'target_name': 'crypto_nacl',
- 'type': 'none',
- 'variables': {
- 'nacl_untrusted_build': 1,
- 'nlib_target': 'libcrypto_nacl.a',
- 'build_glibc': 0,
- 'build_newlib': 0,
- 'build_pnacl_newlib': 1,
- },
- 'dependencies': [
- '../third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl',
- '../native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted',
- ],
- 'defines': [
- 'CRYPTO_IMPLEMENTATION',
- ],
- 'sources': [
- '<@(crypto_sources)',
- ],
- 'sources/': [
- ['exclude', '_nss\.(cc|h)$'],
- ['exclude', '^(mock_)?apple_'],
- ['exclude', '^capi_'],
- ['exclude', '^cssm_'],
- ['exclude', '^nss_'],
- ['exclude', '^mac_'],
- ],
- },
- ],
-}
diff --git a/crypto/crypto_unittests.isolate b/crypto/crypto_unittests.isolate
deleted file mode 100644
index de13aa2..0000000
--- a/crypto/crypto_unittests.isolate
+++ /dev/null
@@ -1,42 +0,0 @@
-# Copyright 2015 The Chromium Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-{
- 'variables': {
- 'command': [
- '../testing/test_env.py',
- '<(PRODUCT_DIR)/crypto_unittests<(EXECUTABLE_SUFFIX)',
- '--brave-new-test-launcher',
- '--test-launcher-bot-mode',
- '--asan=<(asan)',
- '--msan=<(msan)',
- '--tsan=<(tsan)',
- ],
- },
- 'conditions': [
- ['OS=="linux" or OS=="mac" or OS=="win"', {
- 'variables': {
- 'files': [
- '../testing/test_env.py',
- ],
- },
- }],
- ['OS=="mac" and asan==1 and fastbuild==0', {
- 'variables': {
- 'files': [
- '<(PRODUCT_DIR)/crypto_unittests.dSYM/',
- ],
- },
- }],
- ['OS=="win" and (fastbuild==0 or fastbuild==1)', {
- 'variables': {
- 'files': [
- '<(PRODUCT_DIR)/crypto_unittests.exe.pdb',
- ],
- },
- }],
- ],
- 'includes': [
- '../base/base.isolate',
- ],
-}
diff --git a/crypto/ec_private_key.h b/crypto/ec_private_key.h
index a24219b..432019b 100644
--- a/crypto/ec_private_key.h
+++ b/crypto/ec_private_key.h
@@ -15,17 +15,7 @@
#include "base/macros.h"
#include "build/build_config.h"
#include "crypto/crypto_export.h"
-
-#if defined(USE_OPENSSL)
-// Forward declaration for openssl/*.h
-typedef struct evp_pkey_st EVP_PKEY;
-#else
-// Forward declaration.
-typedef struct CERTSubjectPublicKeyInfoStr CERTSubjectPublicKeyInfo;
-typedef struct PK11SlotInfoStr PK11SlotInfo;
-typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
-typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
-#endif
+#include "third_party/boringssl/src/include/openssl/base.h"
namespace crypto {
@@ -51,57 +41,30 @@
// Creates a new instance by importing an existing key pair.
// The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
- // block and an X.509 SubjectPublicKeyInfo block.
+ // block with empty password and an X.509 SubjectPublicKeyInfo block.
// Returns nullptr if initialization fails.
//
// This function is deprecated. Use CreateFromPrivateKeyInfo for new code.
// See https://crbug.com/603319.
static std::unique_ptr<ECPrivateKey> CreateFromEncryptedPrivateKeyInfo(
- const std::string& password,
const std::vector<uint8_t>& encrypted_private_key_info,
const std::vector<uint8_t>& subject_public_key_info);
-#if !defined(USE_OPENSSL)
- // Imports the key pair into |slot| and returns in |public_key| and |key|.
- // Shortcut for code that needs to keep a reference directly to NSS types
- // without having to create a ECPrivateKey object and make a copy of them.
- // TODO(mattm): move this function to some NSS util file.
- static bool ImportFromEncryptedPrivateKeyInfo(
- PK11SlotInfo* slot,
- const std::string& password,
- const uint8_t* encrypted_private_key_info,
- size_t encrypted_private_key_info_len,
- CERTSubjectPublicKeyInfo* decoded_spki,
- bool permanent,
- bool sensitive,
- SECKEYPrivateKey** key,
- SECKEYPublicKey** public_key);
-#endif
-
// Returns a copy of the object.
std::unique_ptr<ECPrivateKey> Copy() const;
-#if defined(USE_OPENSSL)
- EVP_PKEY* key() { return key_; }
-#else
- SECKEYPrivateKey* key() { return key_; }
- SECKEYPublicKey* public_key() { return public_key_; }
-#endif
+ EVP_PKEY* key() { return key_.get(); }
// Exports the private key to a PKCS #8 PrivateKeyInfo block.
bool ExportPrivateKey(std::vector<uint8_t>* output) const;
// Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo
- // block and the public key as an X.509 SubjectPublicKeyInfo block.
- // The |password| and |iterations| are used as inputs to the key derivation
- // function for generating the encryption key. PKCS #5 recommends a minimum
- // of 1000 iterations, on modern systems a larger value may be preferrable.
+ // block wth empty password. This was historically used as a workaround for
+ // NSS API deficiencies and does not provide security.
//
// This function is deprecated. Use ExportPrivateKey for new code. See
// https://crbug.com/603319.
- bool ExportEncryptedPrivateKey(const std::string& password,
- int iterations,
- std::vector<uint8_t>* output) const;
+ bool ExportEncryptedPrivateKey(std::vector<uint8_t>* output) const;
// Exports the public key to an X.509 SubjectPublicKeyInfo block.
bool ExportPublicKey(std::vector<uint8_t>* output) const;
@@ -113,12 +76,7 @@
// Constructor is private. Use one of the Create*() methods above instead.
ECPrivateKey();
-#if defined(USE_OPENSSL)
- EVP_PKEY* key_;
-#else
- SECKEYPrivateKey* key_;
- SECKEYPublicKey* public_key_;
-#endif
+ bssl::UniquePtr<EVP_PKEY> key_;
DISALLOW_COPY_AND_ASSIGN(ECPrivateKey);
};
diff --git a/crypto/ec_signature_creator_impl.h b/crypto/ec_signature_creator_impl.h
index 21614f8..bd06e25 100644
--- a/crypto/ec_signature_creator_impl.h
+++ b/crypto/ec_signature_creator_impl.h
@@ -7,6 +7,8 @@
#include <stdint.h>
+#include <vector>
+
#include "base/compiler_specific.h"
#include "base/macros.h"
#include "crypto/ec_signature_creator.h"
diff --git a/crypto/hmac.cc b/crypto/hmac.cc
index af5580b..bf89e18 100644
--- a/crypto/hmac.cc
+++ b/crypto/hmac.cc
@@ -7,20 +7,26 @@
#include <stddef.h>
#include <algorithm>
+#include <string>
#include "base/logging.h"
+#include "base/stl_util.h"
+#include "crypto/openssl_util.h"
#include "crypto/secure_util.h"
#include "crypto/symmetric_key.h"
+#include "third_party/boringssl/src/include/openssl/hmac.h"
namespace crypto {
-bool HMAC::Init(SymmetricKey* key) {
- std::string raw_key;
- bool result = key->GetRawKey(&raw_key) && Init(raw_key);
- // Zero out key copy. This might get optimized away, but one can hope.
- // Using std::string to store key info at all is a larger problem.
- std::fill(raw_key.begin(), raw_key.end(), 0);
- return result;
+HMAC::HMAC(HashAlgorithm hash_alg) : hash_alg_(hash_alg), initialized_(false) {
+ // Only SHA-1 and SHA-256 hash algorithms are supported now.
+ DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256);
+}
+
+HMAC::~HMAC() {
+ // Zero out key copy.
+ key_.assign(key_.size(), 0);
+ base::STLClearObject(&key_);
}
size_t HMAC::DigestLength() const {
@@ -35,6 +41,35 @@
}
}
+bool HMAC::Init(const unsigned char* key, size_t key_length) {
+ // Init must not be called more than once on the same HMAC object.
+ DCHECK(!initialized_);
+ initialized_ = true;
+ key_.assign(key, key + key_length);
+ return true;
+}
+
+bool HMAC::Init(SymmetricKey* key) {
+ std::string raw_key;
+ bool result = key->GetRawKey(&raw_key) && Init(raw_key);
+ // Zero out key copy. This might get optimized away, but one can hope.
+ // Using std::string to store key info at all is a larger problem.
+ std::fill(raw_key.begin(), raw_key.end(), 0);
+ return result;
+}
+
+bool HMAC::Sign(const base::StringPiece& data,
+ unsigned char* digest,
+ size_t digest_length) const {
+ DCHECK(initialized_);
+
+ ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length);
+ return !!::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(), key_.data(),
+ key_.size(),
+ reinterpret_cast<const unsigned char*>(data.data()),
+ data.size(), result.safe_buffer(), nullptr);
+}
+
bool HMAC::Verify(const base::StringPiece& data,
const base::StringPiece& digest) const {
if (digest.size() != DigestLength())
diff --git a/crypto/hmac.h b/crypto/hmac.h
index ec32ed7..2421333 100644
--- a/crypto/hmac.h
+++ b/crypto/hmac.h
@@ -11,6 +11,7 @@
#include <stddef.h>
#include <memory>
+#include <vector>
#include "base/compiler_specific.h"
#include "base/macros.h"
@@ -20,7 +21,6 @@
namespace crypto {
// Simplify the interface and reduce includes by abstracting out the internals.
-struct HMACPlatformData;
class SymmetricKey;
class CRYPTO_EXPORT HMAC {
@@ -86,7 +86,8 @@
private:
HashAlgorithm hash_alg_;
- std::unique_ptr<HMACPlatformData> plat_;
+ bool initialized_;
+ std::vector<unsigned char> key_;
DISALLOW_COPY_AND_ASSIGN(HMAC);
};
diff --git a/crypto/hmac_nss.cc b/crypto/hmac_nss.cc
deleted file mode 100644
index 9d759b5..0000000
--- a/crypto/hmac_nss.cc
+++ /dev/null
@@ -1,118 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/hmac.h"
-
-#include <nss.h>
-#include <pk11pub.h>
-#include <stddef.h>
-
-#include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "crypto/nss_util.h"
-#include "crypto/scoped_nss_types.h"
-
-namespace crypto {
-
-struct HMACPlatformData {
- CK_MECHANISM_TYPE mechanism_;
- ScopedPK11Slot slot_;
- ScopedPK11SymKey sym_key_;
-};
-
-HMAC::HMAC(HashAlgorithm hash_alg)
- : hash_alg_(hash_alg), plat_(new HMACPlatformData()) {
- // Only SHA-1 and SHA-256 hash algorithms are supported.
- switch (hash_alg_) {
- case SHA1:
- plat_->mechanism_ = CKM_SHA_1_HMAC;
- break;
- case SHA256:
- plat_->mechanism_ = CKM_SHA256_HMAC;
- break;
- default:
- NOTREACHED() << "Unsupported hash algorithm";
- break;
- }
-}
-
-HMAC::~HMAC() {
-}
-
-bool HMAC::Init(const unsigned char *key, size_t key_length) {
- EnsureNSSInit();
-
- if (plat_->slot_.get()) {
- // Init must not be called more than twice on the same HMAC object.
- NOTREACHED();
- return false;
- }
-
- plat_->slot_.reset(PK11_GetInternalSlot());
- if (!plat_->slot_.get()) {
- NOTREACHED();
- return false;
- }
-
- SECItem key_item;
- key_item.type = siBuffer;
- key_item.data = const_cast<unsigned char*>(key); // NSS API isn't const.
- key_item.len = key_length;
-
- plat_->sym_key_.reset(PK11_ImportSymKey(plat_->slot_.get(),
- plat_->mechanism_,
- PK11_OriginUnwrap,
- CKA_SIGN,
- &key_item,
- NULL));
- if (!plat_->sym_key_.get()) {
- NOTREACHED();
- return false;
- }
-
- return true;
-}
-
-bool HMAC::Sign(const base::StringPiece& data,
- unsigned char* digest,
- size_t digest_length) const {
- if (!plat_->sym_key_.get()) {
- // Init has not been called before Sign.
- NOTREACHED();
- return false;
- }
-
- SECItem param = { siBuffer, NULL, 0 };
- ScopedPK11Context context(PK11_CreateContextBySymKey(plat_->mechanism_,
- CKA_SIGN,
- plat_->sym_key_.get(),
- ¶m));
- if (!context.get()) {
- NOTREACHED();
- return false;
- }
-
- if (PK11_DigestBegin(context.get()) != SECSuccess) {
- NOTREACHED();
- return false;
- }
-
- if (PK11_DigestOp(context.get(),
- reinterpret_cast<const unsigned char*>(data.data()),
- data.length()) != SECSuccess) {
- NOTREACHED();
- return false;
- }
-
- unsigned int len = 0;
- if (PK11_DigestFinal(context.get(),
- digest, &len, digest_length) != SECSuccess) {
- NOTREACHED();
- return false;
- }
-
- return true;
-}
-
-} // namespace crypto
diff --git a/crypto/nss_crypto_module_delegate.h b/crypto/nss_crypto_module_delegate.h
index 6c1da68..cf08f28 100644
--- a/crypto/nss_crypto_module_delegate.h
+++ b/crypto/nss_crypto_module_delegate.h
@@ -35,7 +35,6 @@
// user entered.
virtual std::string RequestPassword(const std::string& slot_name, bool retry,
bool* cancelled) = 0;
-
};
// Extends CryptoModuleBlockingPasswordDelegate with the ability to return a
diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc
index 96ee060..5ed2fa0 100644
--- a/crypto/nss_util.cc
+++ b/crypto/nss_util.cc
@@ -15,6 +15,9 @@
#include <memory>
#include <utility>
+#include "base/location.h"
+#include "base/single_thread_task_runner.h"
+#include "base/threading/thread_task_runner_handle.h"
#include "crypto/nss_util_internal.h"
#if defined(OS_OPENBSD)
@@ -29,6 +32,7 @@
#include <map>
#include <vector>
+#include "base/base_paths.h"
#include "base/bind.h"
#include "base/cpu.h"
#include "base/debug/alias.h"
@@ -38,27 +42,16 @@
#include "base/files/file_util.h"
#include "base/lazy_instance.h"
#include "base/logging.h"
-#include "base/message_loop/message_loop.h"
+#include "base/memory/ptr_util.h"
#include "base/native_library.h"
-#include "base/stl_util.h"
+#include "base/path_service.h"
#include "base/strings/stringprintf.h"
+#include "base/synchronization/lock.h"
#include "base/threading/thread_checker.h"
#include "base/threading/thread_restrictions.h"
#include "base/threading/worker_pool.h"
#include "build/build_config.h"
-
-#if !defined(OS_CHROMEOS)
-#include "base/base_paths.h"
-#include "base/path_service.h"
-#endif
-
-// USE_NSS_CERTS means NSS is used for certificates and platform integration.
-// This requires additional support to manage the platform certificate and key
-// stores.
-#if defined(USE_NSS_CERTS)
-#include "base/synchronization/lock.h"
#include "crypto/nss_crypto_module_delegate.h"
-#endif // defined(USE_NSS_CERTS)
namespace crypto {
@@ -88,7 +81,6 @@
return result;
}
-#if defined(USE_NSS_CERTS)
#if !defined(OS_CHROMEOS)
base::FilePath GetDefaultConfigDirectory() {
base::FilePath dir;
@@ -134,13 +126,13 @@
retry != PR_FALSE,
&cancelled);
if (cancelled)
- return NULL;
+ return nullptr;
char* result = PORT_Strdup(password.c_str());
password.replace(0, password.size(), password.size(), 0);
return result;
}
- DLOG(ERROR) << "PK11 password requested with NULL arg";
- return NULL;
+ DLOG(ERROR) << "PK11 password requested with nullptr arg";
+ return nullptr;
}
// NSS creates a local cache of the sqlite database if it detects that the
@@ -150,10 +142,6 @@
// the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's
// detection when database_dir is on NFS. See http://crbug.com/48585.
//
-// TODO(wtc): port this function to other USE_NSS_CERTS platforms. It is
-// defined only for OS_LINUX and OS_OPENBSD simply because the statfs structure
-// is OS-specific.
-//
// Because this function sets an environment variable it must be run before we
// go multi-threaded.
void UseLocalCacheOfNSSDatabaseIfNFS(const base::FilePath& database_dir) {
@@ -178,15 +166,13 @@
}
}
-#endif // defined(USE_NSS_CERTS)
-
// A singleton to initialize/deinitialize NSPR.
// Separate from the NSS singleton because we initialize NSPR on the UI thread.
// Now that we're leaking the singleton, we could merge back with the NSS
// singleton.
class NSPRInitSingleton {
private:
- friend struct base::DefaultLazyInstanceTraits<NSPRInitSingleton>;
+ friend struct base::LazyInstanceTraitsBase<NSPRInitSingleton>;
NSPRInitSingleton() {
PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
@@ -232,8 +218,8 @@
}
ScopedPK11Slot GetPublicSlot() {
- return ScopedPK11Slot(
- public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL);
+ return ScopedPK11Slot(public_slot_ ? PK11_ReferenceSlot(public_slot_.get())
+ : nullptr);
}
ScopedPK11Slot GetPrivateSlot(
@@ -278,13 +264,13 @@
};
class ScopedChapsLoadFixup {
- public:
- ScopedChapsLoadFixup();
- ~ScopedChapsLoadFixup();
+ public:
+ ScopedChapsLoadFixup();
+ ~ScopedChapsLoadFixup();
- private:
+ private:
#if defined(COMPONENT_BUILD)
- void *chaps_handle_;
+ void* chaps_handle_;
#endif
};
@@ -360,17 +346,17 @@
DCHECK(!initializing_tpm_token_);
// If EnableTPMTokenForNSS hasn't been called, return false.
if (!tpm_token_enabled_for_nss_) {
- base::MessageLoop::current()->PostTask(FROM_HERE,
- base::Bind(callback, false));
+ base::ThreadTaskRunnerHandle::Get()->PostTask(
+ FROM_HERE, base::Bind(callback, false));
return;
}
// If everything is already initialized, then return true.
// Note that only |tpm_slot_| is checked, since |chaps_module_| could be
- // NULL in tests while |tpm_slot_| has been set to the test DB.
+ // nullptr in tests while |tpm_slot_| has been set to the test DB.
if (tpm_slot_) {
- base::MessageLoop::current()->PostTask(FROM_HERE,
- base::Bind(callback, true));
+ base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE,
+ base::Bind(callback, true));
return;
}
@@ -382,18 +368,15 @@
if (base::WorkerPool::PostTaskAndReply(
FROM_HERE,
base::Bind(&NSSInitSingleton::InitializeTPMTokenOnWorkerThread,
- system_slot_id,
- tpm_args_ptr),
+ system_slot_id, tpm_args_ptr),
base::Bind(&NSSInitSingleton::OnInitializedTPMTokenAndSystemSlot,
base::Unretained(this), // NSSInitSingleton is leaky
- callback,
- base::Passed(&tpm_args)),
- true /* task_is_slow */
- )) {
+ callback, base::Passed(&tpm_args)),
+ true /* task_is_slow */)) {
initializing_tpm_token_ = true;
} else {
- base::MessageLoop::current()->PostTask(FROM_HERE,
- base::Bind(callback, false));
+ base::ThreadTaskRunnerHandle::Get()->PostTask(
+ FROM_HERE, base::Bind(callback, false));
}
}
@@ -507,7 +490,7 @@
"%s %s", kUserNSSDatabaseName, username_hash.c_str());
ScopedPK11Slot public_slot(OpenPersistentNSSDBForPath(db_name, path));
chromeos_user_map_[username_hash] =
- new ChromeOSUserData(std::move(public_slot));
+ base::MakeUnique<ChromeOSUserData>(std::move(public_slot));
return true;
}
@@ -544,15 +527,12 @@
TPMModuleAndSlot* tpm_args_ptr = tpm_args.get();
base::WorkerPool::PostTaskAndReply(
FROM_HERE,
- base::Bind(&NSSInitSingleton::InitializeTPMTokenOnWorkerThread,
- slot_id,
+ base::Bind(&NSSInitSingleton::InitializeTPMTokenOnWorkerThread, slot_id,
tpm_args_ptr),
base::Bind(&NSSInitSingleton::OnInitializedTPMForChromeOSUser,
base::Unretained(this), // NSSInitSingleton is leaky
- username_hash,
- base::Passed(&tpm_args)),
- true /* task_is_slow */
- );
+ username_hash, base::Passed(&tpm_args)),
+ true /* task_is_slow */);
}
void OnInitializedTPMForChromeOSUser(
@@ -601,7 +581,7 @@
if (username_hash.empty()) {
DVLOG(2) << "empty username_hash";
if (!callback.is_null()) {
- base::MessageLoop::current()->PostTask(
+ base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE, base::Bind(callback, base::Passed(ScopedPK11Slot())));
}
return ScopedPK11Slot();
@@ -614,15 +594,14 @@
void CloseChromeOSUserForTesting(const std::string& username_hash) {
DCHECK(thread_checker_.CalledOnValidThread());
- ChromeOSUserMap::iterator i = chromeos_user_map_.find(username_hash);
+ auto i = chromeos_user_map_.find(username_hash);
DCHECK(i != chromeos_user_map_.end());
- delete i->second;
chromeos_user_map_.erase(i);
}
void SetSystemKeySlotForTesting(ScopedPK11Slot slot) {
// Ensure that a previous value of test_system_slot_ is not overwritten.
- // Unsetting, i.e. setting a NULL, however is allowed.
+ // Unsetting, i.e. setting a nullptr, however is allowed.
DCHECK(!slot || !test_system_slot_);
test_system_slot_ = std::move(slot);
if (test_system_slot_) {
@@ -658,7 +637,7 @@
// TODO(mattm): chromeos::TPMTokenloader always calls
// InitializeTPMTokenAndSystemSlot with slot 0. If the system slot is
// disabled, tpm_slot_ will be the first user's slot instead. Can that be
- // detected and return NULL instead?
+ // detected and return nullptr instead?
base::Closure wrapped_callback;
if (!callback.is_null()) {
@@ -673,20 +652,18 @@
}
#endif
-#if defined(USE_NSS_CERTS)
base::Lock* write_lock() {
return &write_lock_;
}
-#endif // defined(USE_NSS_CERTS)
private:
- friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>;
+ friend struct base::LazyInstanceTraitsBase<NSSInitSingleton>;
NSSInitSingleton()
: tpm_token_enabled_for_nss_(false),
initializing_tpm_token_(false),
- chaps_module_(NULL),
- root_(NULL) {
+ chaps_module_(nullptr),
+ root_(nullptr) {
// It's safe to construct on any thread, since LazyInstance will prevent any
// other threads from accessing until the constructor is done.
thread_checker_.DetachFromThread();
@@ -709,73 +686,53 @@
}
SECStatus status = SECFailure;
- bool nodb_init = false;
+ base::FilePath database_dir = GetInitialConfigDirectory();
+ if (!database_dir.empty()) {
+ // This duplicates the work which should have been done in
+ // EarlySetupForNSSInit. However, this function is idempotent so
+ // there's no harm done.
+ UseLocalCacheOfNSSDatabaseIfNFS(database_dir);
-#if !defined(USE_NSS_CERTS)
- // Use the system certificate store, so initialize NSS without database.
- nodb_init = true;
+ // Initialize with a persistent database (likely, ~/.pki/nssdb).
+ // Use "sql:" which can be shared by multiple processes safely.
+ std::string nss_config_dir =
+ base::StringPrintf("sql:%s", database_dir.value().c_str());
+#if defined(OS_CHROMEOS)
+ status = NSS_Init(nss_config_dir.c_str());
+#else
+ status = NSS_InitReadWrite(nss_config_dir.c_str());
#endif
-
- if (nodb_init) {
- status = NSS_NoDB_Init(NULL);
+ if (status != SECSuccess) {
+ LOG(ERROR) << "Error initializing NSS with a persistent "
+ "database (" << nss_config_dir
+ << "): " << GetNSSErrorMessage();
+ }
+ }
+ if (status != SECSuccess) {
+ VLOG(1) << "Initializing NSS without a persistent database.";
+ status = NSS_NoDB_Init(nullptr);
if (status != SECSuccess) {
CrashOnNSSInitFailure();
return;
}
-#if defined(OS_IOS)
- root_ = InitDefaultRootCerts();
-#endif // defined(OS_IOS)
- } else {
-#if defined(USE_NSS_CERTS)
- base::FilePath database_dir = GetInitialConfigDirectory();
- if (!database_dir.empty()) {
- // This duplicates the work which should have been done in
- // EarlySetupForNSSInit. However, this function is idempotent so
- // there's no harm done.
- UseLocalCacheOfNSSDatabaseIfNFS(database_dir);
-
- // Initialize with a persistent database (likely, ~/.pki/nssdb).
- // Use "sql:" which can be shared by multiple processes safely.
- std::string nss_config_dir =
- base::StringPrintf("sql:%s", database_dir.value().c_str());
-#if defined(OS_CHROMEOS)
- status = NSS_Init(nss_config_dir.c_str());
-#else
- status = NSS_InitReadWrite(nss_config_dir.c_str());
-#endif
- if (status != SECSuccess) {
- LOG(ERROR) << "Error initializing NSS with a persistent "
- "database (" << nss_config_dir
- << "): " << GetNSSErrorMessage();
- }
- }
- if (status != SECSuccess) {
- VLOG(1) << "Initializing NSS without a persistent database.";
- status = NSS_NoDB_Init(NULL);
- if (status != SECSuccess) {
- CrashOnNSSInitFailure();
- return;
- }
- }
-
- PK11_SetPasswordFunc(PKCS11PasswordFunc);
-
- // If we haven't initialized the password for the NSS databases,
- // initialize an empty-string password so that we don't need to
- // log in.
- PK11SlotInfo* slot = PK11_GetInternalKeySlot();
- if (slot) {
- // PK11_InitPin may write to the keyDB, but no other thread can use NSS
- // yet, so we don't need to lock.
- if (PK11_NeedUserInit(slot))
- PK11_InitPin(slot, NULL, NULL);
- PK11_FreeSlot(slot);
- }
-
- root_ = InitDefaultRootCerts();
-#endif // defined(USE_NSS_CERTS)
}
+ PK11_SetPasswordFunc(PKCS11PasswordFunc);
+
+ // If we haven't initialized the password for the NSS databases,
+ // initialize an empty-string password so that we don't need to
+ // log in.
+ PK11SlotInfo* slot = PK11_GetInternalKeySlot();
+ if (slot) {
+ // PK11_InitPin may write to the keyDB, but no other thread can use NSS
+ // yet, so we don't need to lock.
+ if (PK11_NeedUserInit(slot))
+ PK11_InitPin(slot, nullptr, nullptr);
+ PK11_FreeSlot(slot);
+ }
+
+ root_ = InitDefaultRootCerts();
+
// Disable MD5 certificate signatures. (They are disabled by default in
// NSS 3.14.)
NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE);
@@ -788,18 +745,18 @@
// down.
~NSSInitSingleton() {
#if defined(OS_CHROMEOS)
- STLDeleteValues(&chromeos_user_map_);
+ chromeos_user_map_.clear();
#endif
tpm_slot_.reset();
if (root_) {
SECMOD_UnloadUserModule(root_);
SECMOD_DestroyModule(root_);
- root_ = NULL;
+ root_ = nullptr;
}
if (chaps_module_) {
SECMOD_UnloadUserModule(chaps_module_);
SECMOD_DestroyModule(chaps_module_);
- chaps_module_ = NULL;
+ chaps_module_ = nullptr;
}
SECStatus status = NSS_Shutdown();
@@ -812,14 +769,14 @@
// Load nss's built-in root certs.
SECMODModule* InitDefaultRootCerts() {
- SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL);
+ SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", nullptr);
if (root)
return root;
// Aw, snap. Can't find/load root cert shared library.
// This will make it hard to talk to anybody via https.
// TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed.
- return NULL;
+ return nullptr;
}
// Load the given module for this NSS session.
@@ -835,17 +792,17 @@
// https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed
// on NSS codebase to address this.
SECMODModule* module = SECMOD_LoadUserModule(
- const_cast<char*>(modparams.c_str()), NULL, PR_FALSE);
+ const_cast<char*>(modparams.c_str()), nullptr, PR_FALSE);
if (!module) {
LOG(ERROR) << "Error loading " << name << " module into NSS: "
<< GetNSSErrorMessage();
- return NULL;
+ return nullptr;
}
if (!module->loaded) {
LOG(ERROR) << "After loading " << name << ", loaded==false: "
<< GetNSSErrorMessage();
SECMOD_DestroyModule(module);
- return NULL;
+ return nullptr;
}
return module;
}
@@ -858,15 +815,12 @@
crypto::ScopedPK11Slot tpm_slot_;
SECMODModule* root_;
#if defined(OS_CHROMEOS)
- typedef std::map<std::string, ChromeOSUserData*> ChromeOSUserMap;
- ChromeOSUserMap chromeos_user_map_;
+ std::map<std::string, std::unique_ptr<ChromeOSUserData>> chromeos_user_map_;
ScopedPK11Slot test_system_slot_;
#endif
-#if defined(USE_NSS_CERTS)
// TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011
// is fixed, we will no longer need the lock.
base::Lock write_lock_;
-#endif // defined(USE_NSS_CERTS)
base::ThreadChecker thread_checker_;
};
@@ -875,7 +829,6 @@
g_nss_singleton = LAZY_INSTANCE_INITIALIZER;
} // namespace
-#if defined(USE_NSS_CERTS)
ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path,
const std::string& description) {
const std::string modspec =
@@ -885,7 +838,7 @@
PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str());
if (db_slot) {
if (PK11_NeedUserInit(db_slot))
- PK11_InitPin(db_slot, NULL, NULL);
+ PK11_InitPin(db_slot, nullptr, nullptr);
} else {
LOG(ERROR) << "Error opening persistent database (" << modspec
<< "): " << GetNSSErrorMessage();
@@ -898,7 +851,6 @@
if (!database_dir.empty())
UseLocalCacheOfNSSDatabaseIfNFS(database_dir);
}
-#endif
void EnsureNSPRInit() {
g_nspr_singleton.Get();
@@ -916,13 +868,12 @@
return !!NSS_VersionCheck(version);
}
-#if defined(USE_NSS_CERTS)
base::Lock* GetNSSWriteLock() {
return g_nss_singleton.Get().write_lock();
}
AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) {
- // May be NULL if the lock is not needed in our version of NSS.
+ // May be nullptr if the lock is not needed in our version of NSS.
if (lock_)
lock_->Acquire();
}
@@ -942,7 +893,6 @@
AutoSECMODListReadLock::~AutoSECMODListReadLock() {
SECMOD_ReleaseReadLock(lock_);
}
-#endif // defined(USE_NSS_CERTS)
#if defined(OS_CHROMEOS)
ScopedPK11Slot GetSystemNSSKeySlot(
diff --git a/crypto/nss_util.h b/crypto/nss_util.h
index a8b57ff..5c34fc8 100644
--- a/crypto/nss_util.h
+++ b/crypto/nss_util.h
@@ -14,7 +14,6 @@
#include "crypto/crypto_export.h"
namespace base {
-class FilePath;
class Lock;
class Time;
} // namespace base
diff --git a/crypto/nss_util_internal.h b/crypto/nss_util_internal.h
index 697e376..080ac10 100644
--- a/crypto/nss_util_internal.h
+++ b/crypto/nss_util_internal.h
@@ -7,6 +7,8 @@
#include <secmodt.h>
+#include <string>
+
#include "base/callback.h"
#include "base/compiler_specific.h"
#include "base/macros.h"
diff --git a/crypto/openssl_bio_string.cc b/crypto/openssl_bio_string.cc
deleted file mode 100644
index 4880500..0000000
--- a/crypto/openssl_bio_string.cc
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/openssl_bio_string.h"
-
-#include <openssl/bio.h>
-#include <string.h>
-
-namespace crypto {
-
-namespace {
-
-int bio_string_write(BIO* bio, const char* data, int len) {
- reinterpret_cast<std::string*>(bio->ptr)->append(data, len);
- return len;
-}
-
-int bio_string_puts(BIO* bio, const char* data) {
- // Note: unlike puts(), BIO_puts does not add a newline.
- return bio_string_write(bio, data, strlen(data));
-}
-
-long bio_string_ctrl(BIO* bio, int cmd, long num, void* ptr) {
- std::string* str = reinterpret_cast<std::string*>(bio->ptr);
- switch (cmd) {
- case BIO_CTRL_RESET:
- str->clear();
- return 1;
- case BIO_C_FILE_SEEK:
- return -1;
- case BIO_C_FILE_TELL:
- return str->size();
- case BIO_CTRL_FLUSH:
- return 1;
- default:
- return 0;
- }
-}
-
-int bio_string_new(BIO* bio) {
- bio->ptr = NULL;
- bio->init = 0;
- return 1;
-}
-
-int bio_string_free(BIO* bio) {
- // The string is owned by the caller, so there's nothing to do here.
- return bio != NULL;
-}
-
-BIO_METHOD bio_string_methods = {
- // TODO(mattm): Should add some type number too? (bio.h uses 1-24)
- BIO_TYPE_SOURCE_SINK,
- "bio_string",
- bio_string_write,
- NULL, /* read */
- bio_string_puts,
- NULL, /* gets */
- bio_string_ctrl,
- bio_string_new,
- bio_string_free,
- NULL, /* callback_ctrl */
-};
-
-} // namespace
-
-BIO* BIO_new_string(std::string* out) {
- BIO* bio = BIO_new(&bio_string_methods);
- if (!bio)
- return bio;
- bio->ptr = out;
- bio->init = 1;
- return bio;
-}
-
-} // namespace crypto
diff --git a/crypto/openssl_bio_string.h b/crypto/openssl_bio_string.h
deleted file mode 100644
index ca46c12..0000000
--- a/crypto/openssl_bio_string.h
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CRYPTO_OPENSSL_BIO_STRING_H_
-#define CRYPTO_OPENSSL_BIO_STRING_H_
-
-#include <string>
-
-#include "crypto/crypto_export.h"
-
-// From <openssl/bio.h>
-typedef struct bio_st BIO;
-
-namespace crypto {
-
-// Creates a new BIO that can be used with OpenSSL's various output functions,
-// and which will write all output directly into |out|. This is primarily
-// intended as a utility to reduce the amount of copying and separate
-// allocations when performing extensive string modifications or streaming
-// within OpenSSL.
-//
-// Note: |out| must remain valid for the duration of the BIO.
-CRYPTO_EXPORT BIO* BIO_new_string(std::string* out);
-
-} // namespace crypto
-
-#endif // CRYPTO_OPENSSL_BIO_STRING_H_
-
diff --git a/crypto/openssl_bio_string_unittest.cc b/crypto/openssl_bio_string_unittest.cc
deleted file mode 100644
index 9dfa0e7..0000000
--- a/crypto/openssl_bio_string_unittest.cc
+++ /dev/null
@@ -1,63 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/openssl_bio_string.h"
-
-#include <openssl/bio.h>
-
-#include "crypto/scoped_openssl_types.h"
-#include "testing/gtest/include/gtest/gtest.h"
-
-namespace crypto {
-
-TEST(OpenSSLBIOString, TestWrite) {
- std::string s;
- const std::string expected1("a one\nb 2\n");
- const std::string expected2("c d e f");
- const std::string expected3("g h i");
- {
- ScopedBIO bio(BIO_new_string(&s));
- ASSERT_TRUE(bio.get());
-
- EXPECT_EQ(static_cast<int>(expected1.size()),
- BIO_printf(bio.get(), "a %s\nb %i\n", "one", 2));
- EXPECT_EQ(expected1, s);
-
- EXPECT_EQ(1, BIO_flush(bio.get()));
- EXPECT_EQ(expected1, s);
-
- EXPECT_EQ(static_cast<int>(expected2.size()),
- BIO_write(bio.get(), expected2.data(), expected2.size()));
- EXPECT_EQ(expected1 + expected2, s);
-
- EXPECT_EQ(static_cast<int>(expected3.size()),
- BIO_puts(bio.get(), expected3.c_str()));
- EXPECT_EQ(expected1 + expected2 + expected3, s);
- }
- EXPECT_EQ(expected1 + expected2 + expected3, s);
-}
-
-TEST(OpenSSLBIOString, TestReset) {
- std::string s;
- const std::string expected1("a b c\n");
- const std::string expected2("d e f g\n");
- {
- ScopedBIO bio(BIO_new_string(&s));
- ASSERT_TRUE(bio.get());
-
- EXPECT_EQ(static_cast<int>(expected1.size()),
- BIO_write(bio.get(), expected1.data(), expected1.size()));
- EXPECT_EQ(expected1, s);
-
- EXPECT_EQ(1, BIO_reset(bio.get()));
- EXPECT_EQ(std::string(), s);
-
- EXPECT_EQ(static_cast<int>(expected2.size()),
- BIO_write(bio.get(), expected2.data(), expected2.size()));
- EXPECT_EQ(expected2, s);
- }
- EXPECT_EQ(expected2, s);
-}
-
-} // namespace crypto
diff --git a/crypto/openssl_util.cc b/crypto/openssl_util.cc
index 78c6cbb..2349d42 100644
--- a/crypto/openssl_util.cc
+++ b/crypto/openssl_util.cc
@@ -14,6 +14,8 @@
#include <stddef.h>
#include <stdint.h>
+#include <string>
+
#include "base/logging.h"
#include "base/strings/string_piece.h"
@@ -47,7 +49,7 @@
}
void ClearOpenSSLERRStack(const tracked_objects::Location& location) {
- if (logging::DEBUG_MODE && VLOG_IS_ON(1)) {
+ if (DCHECK_IS_ON() && VLOG_IS_ON(1)) {
uint32_t error_num = ERR_peek_error();
if (error_num == 0)
return;
diff --git a/crypto/openssl_util.h b/crypto/openssl_util.h
index d608cde..54f06d3 100644
--- a/crypto/openssl_util.h
+++ b/crypto/openssl_util.h
@@ -15,7 +15,7 @@
// Provides a buffer of at least MIN_SIZE bytes, for use when calling OpenSSL's
// SHA256, HMAC, etc functions, adapting the buffer sizing rules to meet those
-// of the our base wrapper APIs.
+// of our base wrapper APIs.
// This allows the library to write directly to the caller's buffer if it is of
// sufficient size, but if not it will write to temporary |min_sized_buffer_|
// of required size and then its content is automatically copied out on
diff --git a/crypto/p224_spake.cc b/crypto/p224_spake.cc
index 1574105..7275a45 100644
--- a/crypto/p224_spake.cc
+++ b/crypto/p224_spake.cc
@@ -5,14 +5,14 @@
// This code implements SPAKE2, a variant of EKE:
// http://www.di.ens.fr/~pointche/pub.php?reference=AbPo04
-#include <crypto/p224_spake.h>
+#include "crypto/p224_spake.h"
#include <algorithm>
-#include <base/logging.h>
-#include <crypto/p224.h>
-#include <crypto/random.h>
-#include <crypto/secure_util.h>
+#include "base/logging.h"
+#include "crypto/p224.h"
+#include "crypto/random.h"
+#include "crypto/secure_util.h"
namespace {
@@ -27,6 +27,9 @@
// #include <openssl/obj_mac.h>
// #include <openssl/sha.h>
//
+// // Silence a presubmit.
+// #define PRINTF printf
+//
// static const char kSeed1[] = "P224 point generation seed (M)";
// static const char kSeed2[] = "P224 point generation seed (N)";
//
@@ -52,7 +55,7 @@
// EC_POINT_get_affine_coordinates_GFp(p224, p, &x, &y, NULL);
// char* x_str = BN_bn2hex(&x);
// char* y_str = BN_bn2hex(&y);
-// printf("Found after %u iterations:\n%s\n%s\n", i, x_str, y_str);
+// PRINTF("Found after %u iterations:\n%s\n%s\n", i, x_str, y_str);
// OPENSSL_free(x_str);
// OPENSSL_free(y_str);
// BN_free(&x);
diff --git a/crypto/p224_spake.h b/crypto/p224_spake.h
index f9a44e7..b5cc70a 100644
--- a/crypto/p224_spake.h
+++ b/crypto/p224_spake.h
@@ -5,12 +5,14 @@
#ifndef CRYPTO_P224_SPAKE_H_
#define CRYPTO_P224_SPAKE_H_
-#include <crypto/p224.h>
-#include <crypto/sha2.h>
#include <stdint.h>
+#include <string>
+
#include "base/gtest_prod_util.h"
#include "base/strings/string_piece.h"
+#include "crypto/p224.h"
+#include "crypto/sha2.h"
namespace crypto {
diff --git a/crypto/p224_spake_unittest.cc b/crypto/p224_spake_unittest.cc
index 3bca430..5ecb6fd 100644
--- a/crypto/p224_spake_unittest.cc
+++ b/crypto/p224_spake_unittest.cc
@@ -127,7 +127,7 @@
// We'll only be testing small values of i, but we don't want that to bias
// the test coverage. So we disperse the value of i by multiplying by the
- // FNV, 32-bit prime, producing a poor-man's PRNG.
+ // FNV, 32-bit prime, producing a simplistic PRNG.
const uint32_t rand = i * 16777619;
for (unsigned round = 0;; round++) {
diff --git a/crypto/p224_unittest.cc b/crypto/p224_unittest.cc
index faa08eb..8cfe6e7 100644
--- a/crypto/p224_unittest.cc
+++ b/crypto/p224_unittest.cc
@@ -778,8 +778,8 @@
const std::string external = point.ToString();
ASSERT_EQ(external.size(), 56u);
- EXPECT_TRUE(memcmp(external.data(), kBasePointExternal,
- sizeof(kBasePointExternal)) == 0);
+ EXPECT_EQ(0, memcmp(external.data(), kBasePointExternal,
+ sizeof(kBasePointExternal)));
}
TEST(P224, ScalarBaseMult) {
@@ -789,8 +789,8 @@
p224::ScalarBaseMult(kNISTTestVectors[i].scalar, &point);
const std::string external = point.ToString();
ASSERT_EQ(external.size(), 56u);
- EXPECT_TRUE(memcmp(external.data(), kNISTTestVectors[i].affine,
- external.size()) == 0);
+ EXPECT_EQ(0, memcmp(external.data(), kNISTTestVectors[i].affine,
+ external.size()));
}
}
@@ -804,9 +804,9 @@
p224::Negate(b, &minus_b);
p224::Add(a, b, &sum);
- EXPECT_TRUE(memcmp(&sum, &a, sizeof(sum)) != 0);
+ EXPECT_NE(0, memcmp(&sum, &a, sizeof(sum)));
p224::Add(minus_b, sum, &a_again);
- EXPECT_TRUE(a_again.ToString() == a.ToString());
+ EXPECT_EQ(a_again.ToString(), a.ToString());
}
TEST(P224, Infinity) {
@@ -816,7 +816,7 @@
// Test that x^0 = ∞.
Point a;
p224::ScalarBaseMult(reinterpret_cast<const uint8_t*>(zeros), &a);
- EXPECT_TRUE(memcmp(zeros, a.ToString().data(), sizeof(zeros)) == 0);
+ EXPECT_EQ(0, memcmp(zeros, a.ToString().data(), sizeof(zeros)));
// We shouldn't allow ∞ to be imported.
EXPECT_FALSE(a.SetFromString(std::string(zeros, sizeof(zeros))));
diff --git a/crypto/random.h b/crypto/random.h
index 002616b..61cde80 100644
--- a/crypto/random.h
+++ b/crypto/random.h
@@ -18,4 +18,4 @@
}
-#endif
+#endif // CRYPTO_RANDOM_H_
diff --git a/crypto/random_unittest.cc b/crypto/random_unittest.cc
index caee512..dfdcfd5 100644
--- a/crypto/random_unittest.cc
+++ b/crypto/random_unittest.cc
@@ -6,6 +6,8 @@
#include <stddef.h>
+#include <string>
+
#include "base/strings/string_util.h"
#include "testing/gtest/include/gtest/gtest.h"
diff --git a/crypto/rsa_private_key.cc b/crypto/rsa_private_key.cc
index c546c91..075f5e4 100644
--- a/crypto/rsa_private_key.cc
+++ b/crypto/rsa_private_key.cc
@@ -4,385 +4,110 @@
#include "crypto/rsa_private_key.h"
-#include <stddef.h>
#include <stdint.h>
-#include <algorithm>
+#include <memory>
+#include <utility>
#include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/strings/string_util.h"
-
-// This file manually encodes and decodes RSA private keys using PrivateKeyInfo
-// from PKCS #8 and RSAPrivateKey from PKCS #1. These structures are:
-//
-// PrivateKeyInfo ::= SEQUENCE {
-// version Version,
-// privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
-// privateKey PrivateKey,
-// attributes [0] IMPLICIT Attributes OPTIONAL
-// }
-//
-// RSAPrivateKey ::= SEQUENCE {
-// version Version,
-// modulus INTEGER,
-// publicExponent INTEGER,
-// privateExponent INTEGER,
-// prime1 INTEGER,
-// prime2 INTEGER,
-// exponent1 INTEGER,
-// exponent2 INTEGER,
-// coefficient INTEGER
-// }
-
-namespace {
-// Helper for error handling during key import.
-#define READ_ASSERT(truth) \
- if (!(truth)) { \
- NOTREACHED(); \
- return false; \
- }
-} // namespace
+#include "crypto/openssl_util.h"
+#include "third_party/boringssl/src/include/openssl/bn.h"
+#include "third_party/boringssl/src/include/openssl/bytestring.h"
+#include "third_party/boringssl/src/include/openssl/evp.h"
+#include "third_party/boringssl/src/include/openssl/mem.h"
+#include "third_party/boringssl/src/include/openssl/rsa.h"
namespace crypto {
-const uint8_t PrivateKeyInfoCodec::kRsaAlgorithmIdentifier[] = {
- 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
- 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00};
+// static
+std::unique_ptr<RSAPrivateKey> RSAPrivateKey::Create(uint16_t num_bits) {
+ OpenSSLErrStackTracer err_tracer(FROM_HERE);
-PrivateKeyInfoCodec::PrivateKeyInfoCodec(bool big_endian)
- : big_endian_(big_endian) {}
+ bssl::UniquePtr<RSA> rsa_key(RSA_new());
+ bssl::UniquePtr<BIGNUM> bn(BN_new());
+ if (!rsa_key.get() || !bn.get() || !BN_set_word(bn.get(), 65537L))
+ return nullptr;
-PrivateKeyInfoCodec::~PrivateKeyInfoCodec() {}
+ if (!RSA_generate_key_ex(rsa_key.get(), num_bits, bn.get(), nullptr))
+ return nullptr;
-bool PrivateKeyInfoCodec::Export(std::vector<uint8_t>* output) {
- std::list<uint8_t> content;
+ std::unique_ptr<RSAPrivateKey> result(new RSAPrivateKey);
+ result->key_.reset(EVP_PKEY_new());
+ if (!result->key_ || !EVP_PKEY_set1_RSA(result->key_.get(), rsa_key.get()))
+ return nullptr;
- // Version (always zero)
- uint8_t version = 0;
-
- PrependInteger(coefficient_, &content);
- PrependInteger(exponent2_, &content);
- PrependInteger(exponent1_, &content);
- PrependInteger(prime2_, &content);
- PrependInteger(prime1_, &content);
- PrependInteger(private_exponent_, &content);
- PrependInteger(public_exponent_, &content);
- PrependInteger(modulus_, &content);
- PrependInteger(&version, 1, &content);
- PrependTypeHeaderAndLength(kSequenceTag, content.size(), &content);
- PrependTypeHeaderAndLength(kOctetStringTag, content.size(), &content);
-
- // RSA algorithm OID
- for (size_t i = sizeof(kRsaAlgorithmIdentifier); i > 0; --i)
- content.push_front(kRsaAlgorithmIdentifier[i - 1]);
-
- PrependInteger(&version, 1, &content);
- PrependTypeHeaderAndLength(kSequenceTag, content.size(), &content);
-
- // Copy everying into the output.
- output->reserve(content.size());
- output->assign(content.begin(), content.end());
-
- return true;
+ return result;
}
-bool PrivateKeyInfoCodec::ExportPublicKeyInfo(std::vector<uint8_t>* output) {
- // Create a sequence with the modulus (n) and public exponent (e).
- std::vector<uint8_t> bit_string;
- if (!ExportPublicKey(&bit_string))
- return false;
+// static
+std::unique_ptr<RSAPrivateKey> RSAPrivateKey::CreateFromPrivateKeyInfo(
+ const std::vector<uint8_t>& input) {
+ OpenSSLErrStackTracer err_tracer(FROM_HERE);
- // Add the sequence as the contents of a bit string.
- std::list<uint8_t> content;
- PrependBitString(&bit_string[0], static_cast<int>(bit_string.size()),
- &content);
+ CBS cbs;
+ CBS_init(&cbs, input.data(), input.size());
+ bssl::UniquePtr<EVP_PKEY> pkey(EVP_parse_private_key(&cbs));
+ if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_RSA)
+ return nullptr;
- // Add the RSA algorithm OID.
- for (size_t i = sizeof(kRsaAlgorithmIdentifier); i > 0; --i)
- content.push_front(kRsaAlgorithmIdentifier[i - 1]);
-
- // Finally, wrap everything in a sequence.
- PrependTypeHeaderAndLength(kSequenceTag, content.size(), &content);
-
- // Copy everything into the output.
- output->reserve(content.size());
- output->assign(content.begin(), content.end());
-
- return true;
+ std::unique_ptr<RSAPrivateKey> result(new RSAPrivateKey);
+ result->key_ = std::move(pkey);
+ return result;
}
-bool PrivateKeyInfoCodec::ExportPublicKey(std::vector<uint8_t>* output) {
- // Create a sequence with the modulus (n) and public exponent (e).
- std::list<uint8_t> content;
- PrependInteger(&public_exponent_[0],
- static_cast<int>(public_exponent_.size()),
- &content);
- PrependInteger(&modulus_[0], static_cast<int>(modulus_.size()), &content);
- PrependTypeHeaderAndLength(kSequenceTag, content.size(), &content);
-
- // Copy everything into the output.
- output->reserve(content.size());
- output->assign(content.begin(), content.end());
-
- return true;
+// static
+std::unique_ptr<RSAPrivateKey> RSAPrivateKey::CreateFromKey(EVP_PKEY* key) {
+ DCHECK(key);
+ if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA)
+ return nullptr;
+ std::unique_ptr<RSAPrivateKey> copy(new RSAPrivateKey);
+ EVP_PKEY_up_ref(key);
+ copy->key_.reset(key);
+ return copy;
}
-bool PrivateKeyInfoCodec::Import(const std::vector<uint8_t>& input) {
- if (input.empty()) {
+RSAPrivateKey::RSAPrivateKey() {}
+
+RSAPrivateKey::~RSAPrivateKey() {}
+
+std::unique_ptr<RSAPrivateKey> RSAPrivateKey::Copy() const {
+ std::unique_ptr<RSAPrivateKey> copy(new RSAPrivateKey);
+ bssl::UniquePtr<RSA> rsa(EVP_PKEY_get1_RSA(key_.get()));
+ if (!rsa)
+ return nullptr;
+ copy->key_.reset(EVP_PKEY_new());
+ if (!EVP_PKEY_set1_RSA(copy->key_.get(), rsa.get()))
+ return nullptr;
+ return copy;
+}
+
+bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const {
+ OpenSSLErrStackTracer err_tracer(FROM_HERE);
+ uint8_t *der;
+ size_t der_len;
+ bssl::ScopedCBB cbb;
+ if (!CBB_init(cbb.get(), 0) ||
+ !EVP_marshal_private_key(cbb.get(), key_.get()) ||
+ !CBB_finish(cbb.get(), &der, &der_len)) {
return false;
}
-
- // Parse the private key info up to the public key values, ignoring
- // the subsequent private key values.
- uint8_t* src = const_cast<uint8_t*>(&input.front());
- uint8_t* end = src + input.size();
- if (!ReadSequence(&src, end) ||
- !ReadVersion(&src, end) ||
- !ReadAlgorithmIdentifier(&src, end) ||
- !ReadTypeHeaderAndLength(&src, end, kOctetStringTag, NULL) ||
- !ReadSequence(&src, end) ||
- !ReadVersion(&src, end) ||
- !ReadInteger(&src, end, &modulus_))
- return false;
-
- int mod_size = modulus_.size();
- READ_ASSERT(mod_size % 2 == 0);
- int primes_size = mod_size / 2;
-
- if (!ReadIntegerWithExpectedSize(&src, end, 4, &public_exponent_) ||
- !ReadIntegerWithExpectedSize(&src, end, mod_size, &private_exponent_) ||
- !ReadIntegerWithExpectedSize(&src, end, primes_size, &prime1_) ||
- !ReadIntegerWithExpectedSize(&src, end, primes_size, &prime2_) ||
- !ReadIntegerWithExpectedSize(&src, end, primes_size, &exponent1_) ||
- !ReadIntegerWithExpectedSize(&src, end, primes_size, &exponent2_) ||
- !ReadIntegerWithExpectedSize(&src, end, primes_size, &coefficient_))
- return false;
-
- READ_ASSERT(src == end);
-
-
+ output->assign(der, der + der_len);
+ OPENSSL_free(der);
return true;
}
-void PrivateKeyInfoCodec::PrependInteger(const std::vector<uint8_t>& in,
- std::list<uint8_t>* out) {
- uint8_t* ptr = const_cast<uint8_t*>(&in.front());
- PrependIntegerImpl(ptr, in.size(), out, big_endian_);
-}
-
-// Helper to prepend an ASN.1 integer.
-void PrivateKeyInfoCodec::PrependInteger(uint8_t* val,
- int num_bytes,
- std::list<uint8_t>* data) {
- PrependIntegerImpl(val, num_bytes, data, big_endian_);
-}
-
-void PrivateKeyInfoCodec::PrependIntegerImpl(uint8_t* val,
- int num_bytes,
- std::list<uint8_t>* data,
- bool big_endian) {
- // Reverse input if little-endian.
- std::vector<uint8_t> tmp;
- if (!big_endian) {
- tmp.assign(val, val + num_bytes);
- std::reverse(tmp.begin(), tmp.end());
- val = &tmp.front();
- }
-
- // ASN.1 integers are unpadded byte arrays, so skip any null padding bytes
- // from the most-significant end of the integer.
- int start = 0;
- while (start < (num_bytes - 1) && val[start] == 0x00) {
- start++;
- num_bytes--;
- }
- PrependBytes(val, start, num_bytes, data);
-
- // ASN.1 integers are signed. To encode a positive integer whose sign bit
- // (the most significant bit) would otherwise be set and make the number
- // negative, ASN.1 requires a leading null byte to force the integer to be
- // positive.
- uint8_t front = data->front();
- if ((front & 0x80) != 0) {
- data->push_front(0x00);
- num_bytes++;
- }
-
- PrependTypeHeaderAndLength(kIntegerTag, num_bytes, data);
-}
-
-bool PrivateKeyInfoCodec::ReadInteger(uint8_t** pos,
- uint8_t* end,
- std::vector<uint8_t>* out) {
- return ReadIntegerImpl(pos, end, out, big_endian_);
-}
-
-bool PrivateKeyInfoCodec::ReadIntegerWithExpectedSize(
- uint8_t** pos,
- uint8_t* end,
- size_t expected_size,
- std::vector<uint8_t>* out) {
- std::vector<uint8_t> temp;
- if (!ReadIntegerImpl(pos, end, &temp, true)) // Big-Endian
+bool RSAPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const {
+ OpenSSLErrStackTracer err_tracer(FROM_HERE);
+ uint8_t *der;
+ size_t der_len;
+ bssl::ScopedCBB cbb;
+ if (!CBB_init(cbb.get(), 0) ||
+ !EVP_marshal_public_key(cbb.get(), key_.get()) ||
+ !CBB_finish(cbb.get(), &der, &der_len)) {
return false;
-
- int pad = expected_size - temp.size();
- int index = 0;
- if (out->size() == expected_size + 1) {
- READ_ASSERT(out->front() == 0x00);
- pad++;
- index++;
- } else {
- READ_ASSERT(out->size() <= expected_size);
}
-
- out->insert(out->end(), pad, 0x00);
- out->insert(out->end(), temp.begin(), temp.end());
-
- // Reverse output if little-endian.
- if (!big_endian_)
- std::reverse(out->begin(), out->end());
- return true;
-}
-
-bool PrivateKeyInfoCodec::ReadIntegerImpl(uint8_t** pos,
- uint8_t* end,
- std::vector<uint8_t>* out,
- bool big_endian) {
- uint32_t length = 0;
- if (!ReadTypeHeaderAndLength(pos, end, kIntegerTag, &length) || !length)
- return false;
-
- // The first byte can be zero to force positiveness. We can ignore this.
- if (**pos == 0x00) {
- ++(*pos);
- --length;
- }
-
- if (length)
- out->insert(out->end(), *pos, (*pos) + length);
-
- (*pos) += length;
-
- // Reverse output if little-endian.
- if (!big_endian)
- std::reverse(out->begin(), out->end());
- return true;
-}
-
-void PrivateKeyInfoCodec::PrependBytes(uint8_t* val,
- int start,
- int num_bytes,
- std::list<uint8_t>* data) {
- while (num_bytes > 0) {
- --num_bytes;
- data->push_front(val[start + num_bytes]);
- }
-}
-
-void PrivateKeyInfoCodec::PrependLength(size_t size, std::list<uint8_t>* data) {
- // The high bit is used to indicate whether additional octets are needed to
- // represent the length.
- if (size < 0x80) {
- data->push_front(static_cast<uint8_t>(size));
- } else {
- uint8_t num_bytes = 0;
- while (size > 0) {
- data->push_front(static_cast<uint8_t>(size & 0xFF));
- size >>= 8;
- num_bytes++;
- }
- CHECK_LE(num_bytes, 4);
- data->push_front(0x80 | num_bytes);
- }
-}
-
-void PrivateKeyInfoCodec::PrependTypeHeaderAndLength(
- uint8_t type,
- uint32_t length,
- std::list<uint8_t>* output) {
- PrependLength(length, output);
- output->push_front(type);
-}
-
-void PrivateKeyInfoCodec::PrependBitString(uint8_t* val,
- int num_bytes,
- std::list<uint8_t>* output) {
- // Start with the data.
- PrependBytes(val, 0, num_bytes, output);
- // Zero unused bits.
- output->push_front(0);
- // Add the length.
- PrependLength(num_bytes + 1, output);
- // Finally, add the bit string tag.
- output->push_front((uint8_t)kBitStringTag);
-}
-
-bool PrivateKeyInfoCodec::ReadLength(uint8_t** pos,
- uint8_t* end,
- uint32_t* result) {
- READ_ASSERT(*pos < end);
- int length = 0;
-
- // If the MSB is not set, the length is just the byte itself.
- if (!(**pos & 0x80)) {
- length = **pos;
- (*pos)++;
- } else {
- // Otherwise, the lower 7 indicate the length of the length.
- int length_of_length = **pos & 0x7F;
- READ_ASSERT(length_of_length <= 4);
- (*pos)++;
- READ_ASSERT(*pos + length_of_length < end);
-
- length = 0;
- for (int i = 0; i < length_of_length; ++i) {
- length <<= 8;
- length |= **pos;
- (*pos)++;
- }
- }
-
- READ_ASSERT(*pos + length <= end);
- if (result) *result = length;
- return true;
-}
-
-bool PrivateKeyInfoCodec::ReadTypeHeaderAndLength(uint8_t** pos,
- uint8_t* end,
- uint8_t expected_tag,
- uint32_t* length) {
- READ_ASSERT(*pos < end);
- READ_ASSERT(**pos == expected_tag);
- (*pos)++;
-
- return ReadLength(pos, end, length);
-}
-
-bool PrivateKeyInfoCodec::ReadSequence(uint8_t** pos, uint8_t* end) {
- return ReadTypeHeaderAndLength(pos, end, kSequenceTag, NULL);
-}
-
-bool PrivateKeyInfoCodec::ReadAlgorithmIdentifier(uint8_t** pos, uint8_t* end) {
- READ_ASSERT(*pos + sizeof(kRsaAlgorithmIdentifier) < end);
- READ_ASSERT(memcmp(*pos, kRsaAlgorithmIdentifier,
- sizeof(kRsaAlgorithmIdentifier)) == 0);
- (*pos) += sizeof(kRsaAlgorithmIdentifier);
- return true;
-}
-
-bool PrivateKeyInfoCodec::ReadVersion(uint8_t** pos, uint8_t* end) {
- uint32_t length = 0;
- if (!ReadTypeHeaderAndLength(pos, end, kIntegerTag, &length))
- return false;
-
- // The version should be zero.
- for (uint32_t i = 0; i < length; ++i) {
- READ_ASSERT(**pos == 0x00);
- (*pos)++;
- }
-
+ output->assign(der, der + der_len);
+ OPENSSL_free(der);
return true;
}
diff --git a/crypto/rsa_private_key.h b/crypto/rsa_private_key.h
index d4808f5..fc4c80c 100644
--- a/crypto/rsa_private_key.h
+++ b/crypto/rsa_private_key.h
@@ -7,162 +7,17 @@
#include <stddef.h>
#include <stdint.h>
+#include <openssl/base.h>
-#include <list>
+#include <memory>
#include <vector>
#include "base/macros.h"
#include "build/build_config.h"
#include "crypto/crypto_export.h"
-#if defined(USE_OPENSSL)
-// Forward declaration for openssl/*.h
-typedef struct evp_pkey_st EVP_PKEY;
-#else
-// Forward declaration.
-typedef struct PK11SlotInfoStr PK11SlotInfo;
-typedef struct SECKEYPrivateKeyStr SECKEYPrivateKey;
-typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
-#endif
-
-
namespace crypto {
-// Used internally by RSAPrivateKey for serializing and deserializing
-// PKCS #8 PrivateKeyInfo and PublicKeyInfo.
-class PrivateKeyInfoCodec {
- public:
- // ASN.1 encoding of the AlgorithmIdentifier from PKCS #8.
- static const uint8_t kRsaAlgorithmIdentifier[];
-
- // ASN.1 tags for some types we use.
- static const uint8_t kBitStringTag = 0x03;
- static const uint8_t kIntegerTag = 0x02;
- static const uint8_t kNullTag = 0x05;
- static const uint8_t kOctetStringTag = 0x04;
- static const uint8_t kSequenceTag = 0x30;
-
- // |big_endian| here specifies the byte-significance of the integer components
- // that will be parsed & serialized (modulus(), etc...) during Import(),
- // Export() and ExportPublicKeyInfo() -- not the ASN.1 DER encoding of the
- // PrivateKeyInfo/PublicKeyInfo (which is always big-endian).
- explicit PrivateKeyInfoCodec(bool big_endian);
-
- ~PrivateKeyInfoCodec();
-
- // Exports the contents of the integer components to the ASN.1 DER encoding
- // of the PrivateKeyInfo structure to |output|.
- bool Export(std::vector<uint8_t>* output);
-
- // Exports the contents of the integer components to the ASN.1 DER encoding
- // of the PublicKeyInfo structure to |output|.
- bool ExportPublicKeyInfo(std::vector<uint8_t>* output);
-
- // Exports the contents of the integer components to the ASN.1 DER encoding
- // of the RSAPublicKey structure to |output|.
- bool ExportPublicKey(std::vector<uint8_t>* output);
-
- // Parses the ASN.1 DER encoding of the PrivateKeyInfo structure in |input|
- // and populates the integer components with |big_endian_| byte-significance.
- // IMPORTANT NOTE: This is currently *not* security-approved for importing
- // keys from unstrusted sources.
- bool Import(const std::vector<uint8_t>& input);
-
- // Accessors to the contents of the integer components of the PrivateKeyInfo
- // structure.
- std::vector<uint8_t>* modulus() { return &modulus_; }
- std::vector<uint8_t>* public_exponent() { return &public_exponent_; }
- std::vector<uint8_t>* private_exponent() { return &private_exponent_; }
- std::vector<uint8_t>* prime1() { return &prime1_; }
- std::vector<uint8_t>* prime2() { return &prime2_; }
- std::vector<uint8_t>* exponent1() { return &exponent1_; }
- std::vector<uint8_t>* exponent2() { return &exponent2_; }
- std::vector<uint8_t>* coefficient() { return &coefficient_; }
-
- private:
- // Utility wrappers for PrependIntegerImpl that use the class's |big_endian_|
- // value.
- void PrependInteger(const std::vector<uint8_t>& in, std::list<uint8_t>* out);
- void PrependInteger(uint8_t* val, int num_bytes, std::list<uint8_t>* data);
-
- // Prepends the integer stored in |val| - |val + num_bytes| with |big_endian|
- // byte-significance into |data| as an ASN.1 integer.
- void PrependIntegerImpl(uint8_t* val,
- int num_bytes,
- std::list<uint8_t>* data,
- bool big_endian);
-
- // Utility wrappers for ReadIntegerImpl that use the class's |big_endian_|
- // value.
- bool ReadInteger(uint8_t** pos, uint8_t* end, std::vector<uint8_t>* out);
- bool ReadIntegerWithExpectedSize(uint8_t** pos,
- uint8_t* end,
- size_t expected_size,
- std::vector<uint8_t>* out);
-
- // Reads an ASN.1 integer from |pos|, and stores the result into |out| with
- // |big_endian| byte-significance.
- bool ReadIntegerImpl(uint8_t** pos,
- uint8_t* end,
- std::vector<uint8_t>* out,
- bool big_endian);
-
- // Prepends the integer stored in |val|, starting a index |start|, for
- // |num_bytes| bytes onto |data|.
- void PrependBytes(uint8_t* val,
- int start,
- int num_bytes,
- std::list<uint8_t>* data);
-
- // Helper to prepend an ASN.1 length field.
- void PrependLength(size_t size, std::list<uint8_t>* data);
-
- // Helper to prepend an ASN.1 type header.
- void PrependTypeHeaderAndLength(uint8_t type,
- uint32_t length,
- std::list<uint8_t>* output);
-
- // Helper to prepend an ASN.1 bit string
- void PrependBitString(uint8_t* val,
- int num_bytes,
- std::list<uint8_t>* output);
-
- // Read an ASN.1 length field. This also checks that the length does not
- // extend beyond |end|.
- bool ReadLength(uint8_t** pos, uint8_t* end, uint32_t* result);
-
- // Read an ASN.1 type header and its length.
- bool ReadTypeHeaderAndLength(uint8_t** pos,
- uint8_t* end,
- uint8_t expected_tag,
- uint32_t* length);
-
- // Read an ASN.1 sequence declaration. This consumes the type header and
- // length field, but not the contents of the sequence.
- bool ReadSequence(uint8_t** pos, uint8_t* end);
-
- // Read the RSA AlgorithmIdentifier.
- bool ReadAlgorithmIdentifier(uint8_t** pos, uint8_t* end);
-
- // Read one of the two version fields in PrivateKeyInfo.
- bool ReadVersion(uint8_t** pos, uint8_t* end);
-
- // The byte-significance of the stored components (modulus, etc..).
- bool big_endian_;
-
- // Component integers of the PrivateKeyInfo
- std::vector<uint8_t> modulus_;
- std::vector<uint8_t> public_exponent_;
- std::vector<uint8_t> private_exponent_;
- std::vector<uint8_t> prime1_;
- std::vector<uint8_t> prime2_;
- std::vector<uint8_t> exponent1_;
- std::vector<uint8_t> exponent2_;
- std::vector<uint8_t> coefficient_;
-
- DISALLOW_COPY_AND_ASSIGN(PrivateKeyInfoCodec);
-};
-
// Encapsulates an RSA private key. Can be used to generate new keys, export
// keys to other formats, or to extract a public key.
// TODO(hclam): This class should be ref-counted so it can be reused easily.
@@ -171,34 +26,23 @@
~RSAPrivateKey();
// Create a new random instance. Can return NULL if initialization fails.
- static RSAPrivateKey* Create(uint16_t num_bits);
+ static std::unique_ptr<RSAPrivateKey> Create(uint16_t num_bits);
// Create a new instance by importing an existing private key. The format is
// an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if
// initialization fails.
- static RSAPrivateKey* CreateFromPrivateKeyInfo(
+ static std::unique_ptr<RSAPrivateKey> CreateFromPrivateKeyInfo(
const std::vector<uint8_t>& input);
-#if defined(USE_OPENSSL)
// Create a new instance from an existing EVP_PKEY, taking a
// reference to it. |key| must be an RSA key. Returns NULL on
// failure.
- static RSAPrivateKey* CreateFromKey(EVP_PKEY* key);
-#else
- // Create a new instance by referencing an existing private key
- // structure. Does not import the key.
- static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key);
-#endif
+ static std::unique_ptr<RSAPrivateKey> CreateFromKey(EVP_PKEY* key);
-#if defined(USE_OPENSSL)
- EVP_PKEY* key() { return key_; }
-#else
- SECKEYPrivateKey* key() { return key_; }
- SECKEYPublicKey* public_key() { return public_key_; }
-#endif
+ EVP_PKEY* key() { return key_.get(); }
// Creates a copy of the object.
- RSAPrivateKey* Copy() const;
+ std::unique_ptr<RSAPrivateKey> Copy() const;
// Exports the private key to a PKCS #8 PrivateKeyInfo block.
bool ExportPrivateKey(std::vector<uint8_t>* output) const;
@@ -210,12 +54,7 @@
// Constructor is private. Use one of the Create*() methods above instead.
RSAPrivateKey();
-#if defined(USE_OPENSSL)
- EVP_PKEY* key_;
-#else
- SECKEYPrivateKey* key_;
- SECKEYPublicKey* public_key_;
-#endif
+ bssl::UniquePtr<EVP_PKEY> key_;
DISALLOW_COPY_AND_ASSIGN(RSAPrivateKey);
};
diff --git a/crypto/rsa_private_key_nss.cc b/crypto/rsa_private_key_nss.cc
deleted file mode 100644
index b1026c1..0000000
--- a/crypto/rsa_private_key_nss.cc
+++ /dev/null
@@ -1,151 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/rsa_private_key.h"
-
-#include <cryptohi.h>
-#include <keyhi.h>
-#include <pk11pub.h>
-#include <stdint.h>
-
-#include <list>
-
-#include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "base/strings/string_util.h"
-#include "crypto/nss_key_util.h"
-#include "crypto/nss_util.h"
-#include "crypto/scoped_nss_types.h"
-
-// TODO(rafaelw): Consider using NSS's ASN.1 encoder.
-namespace {
-
-static bool ReadAttribute(SECKEYPrivateKey* key,
- CK_ATTRIBUTE_TYPE type,
- std::vector<uint8_t>* output) {
- SECItem item;
- SECStatus rv;
- rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
- if (rv != SECSuccess) {
- NOTREACHED();
- return false;
- }
-
- output->assign(item.data, item.data + item.len);
- SECITEM_FreeItem(&item, PR_FALSE);
- return true;
-}
-
-} // namespace
-
-namespace crypto {
-
-RSAPrivateKey::~RSAPrivateKey() {
- if (key_)
- SECKEY_DestroyPrivateKey(key_);
- if (public_key_)
- SECKEY_DestroyPublicKey(public_key_);
-}
-
-// static
-RSAPrivateKey* RSAPrivateKey::Create(uint16_t num_bits) {
- EnsureNSSInit();
-
- ScopedPK11Slot slot(PK11_GetInternalSlot());
- if (!slot) {
- NOTREACHED();
- return nullptr;
- }
-
- ScopedSECKEYPublicKey public_key;
- ScopedSECKEYPrivateKey private_key;
- if (!GenerateRSAKeyPairNSS(slot.get(), num_bits, false /* not permanent */,
- &public_key, &private_key)) {
- return nullptr;
- }
-
- RSAPrivateKey* rsa_key = new RSAPrivateKey;
- rsa_key->public_key_ = public_key.release();
- rsa_key->key_ = private_key.release();
- return rsa_key;
-}
-
-// static
-RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo(
- const std::vector<uint8_t>& input) {
- EnsureNSSInit();
-
- ScopedPK11Slot slot(PK11_GetInternalSlot());
- if (!slot) {
- NOTREACHED();
- return nullptr;
- }
- ScopedSECKEYPrivateKey key(ImportNSSKeyFromPrivateKeyInfo(
- slot.get(), input, false /* not permanent */));
- if (!key || SECKEY_GetPrivateKeyType(key.get()) != rsaKey)
- return nullptr;
- return RSAPrivateKey::CreateFromKey(key.get());
-}
-
-// static
-RSAPrivateKey* RSAPrivateKey::CreateFromKey(SECKEYPrivateKey* key) {
- DCHECK(key);
- if (SECKEY_GetPrivateKeyType(key) != rsaKey)
- return NULL;
- RSAPrivateKey* copy = new RSAPrivateKey();
- copy->key_ = SECKEY_CopyPrivateKey(key);
- copy->public_key_ = SECKEY_ConvertToPublicKey(key);
- if (!copy->key_ || !copy->public_key_) {
- NOTREACHED();
- delete copy;
- return NULL;
- }
- return copy;
-}
-
-RSAPrivateKey* RSAPrivateKey::Copy() const {
- RSAPrivateKey* copy = new RSAPrivateKey();
- copy->key_ = SECKEY_CopyPrivateKey(key_);
- copy->public_key_ = SECKEY_CopyPublicKey(public_key_);
- return copy;
-}
-
-bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const {
- PrivateKeyInfoCodec private_key_info(true);
-
- // Manually read the component attributes of the private key and build up
- // the PrivateKeyInfo.
- if (!ReadAttribute(key_, CKA_MODULUS, private_key_info.modulus()) ||
- !ReadAttribute(key_, CKA_PUBLIC_EXPONENT,
- private_key_info.public_exponent()) ||
- !ReadAttribute(key_, CKA_PRIVATE_EXPONENT,
- private_key_info.private_exponent()) ||
- !ReadAttribute(key_, CKA_PRIME_1, private_key_info.prime1()) ||
- !ReadAttribute(key_, CKA_PRIME_2, private_key_info.prime2()) ||
- !ReadAttribute(key_, CKA_EXPONENT_1, private_key_info.exponent1()) ||
- !ReadAttribute(key_, CKA_EXPONENT_2, private_key_info.exponent2()) ||
- !ReadAttribute(key_, CKA_COEFFICIENT, private_key_info.coefficient())) {
- NOTREACHED();
- return false;
- }
-
- return private_key_info.Export(output);
-}
-
-bool RSAPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const {
- ScopedSECItem der_pubkey(SECKEY_EncodeDERSubjectPublicKeyInfo(public_key_));
- if (!der_pubkey.get()) {
- NOTREACHED();
- return false;
- }
-
- output->assign(der_pubkey->data, der_pubkey->data + der_pubkey->len);
- return true;
-}
-
-RSAPrivateKey::RSAPrivateKey() : key_(NULL), public_key_(NULL) {
- EnsureNSSInit();
-}
-
-} // namespace crypto
diff --git a/crypto/rsa_private_key_unittest.cc b/crypto/rsa_private_key_unittest.cc
index 393a24c..f9549f3 100644
--- a/crypto/rsa_private_key_unittest.cc
+++ b/crypto/rsa_private_key_unittest.cc
@@ -103,10 +103,8 @@
ASSERT_EQ(privkey1.size(), privkey3.size());
ASSERT_EQ(privkey2.size(), privkey4.size());
- ASSERT_TRUE(0 == memcmp(&privkey1.front(), &privkey3.front(),
- privkey1.size()));
- ASSERT_TRUE(0 == memcmp(&privkey2.front(), &privkey4.front(),
- privkey2.size()));
+ ASSERT_EQ(0, memcmp(&privkey1.front(), &privkey3.front(), privkey1.size()));
+ ASSERT_EQ(0, memcmp(&privkey2.front(), &privkey4.front(), privkey2.size()));
}
// Test Copy() method.
@@ -195,8 +193,8 @@
std::vector<uint8_t> output;
ASSERT_TRUE(key->ExportPublicKey(&output));
- ASSERT_TRUE(
- memcmp(expected_public_key_info, &output.front(), output.size()) == 0);
+ ASSERT_EQ(0,
+ memcmp(expected_public_key_info, &output.front(), output.size()));
}
// These two test keys each contain an integer that has 0x00 for its most
@@ -349,10 +347,8 @@
ASSERT_EQ(input1.size(), output1.size());
ASSERT_EQ(input2.size(), output2.size());
- ASSERT_TRUE(0 == memcmp(&output1.front(), &input1.front(),
- input1.size()));
- ASSERT_TRUE(0 == memcmp(&output2.front(), &input2.front(),
- input2.size()));
+ ASSERT_EQ(0, memcmp(&output1.front(), &input1.front(), input1.size()));
+ ASSERT_EQ(0, memcmp(&output2.front(), &input2.front(), input2.size()));
}
TEST(RSAPrivateKeyUnitTest, CreateFromKeyTest) {
diff --git a/crypto/scoped_openssl_types.h b/crypto/scoped_openssl_types.h
deleted file mode 100644
index 622fed2..0000000
--- a/crypto/scoped_openssl_types.h
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CRYPTO_SCOPED_OPENSSL_TYPES_H_
-#define CRYPTO_SCOPED_OPENSSL_TYPES_H_
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/ec.h>
-#include <openssl/ecdsa.h>
-#include <openssl/evp.h>
-#ifdef OPENSSL_IS_BORINGSSL
-#include <openssl/mem.h>
-#endif
-#include <openssl/rsa.h>
-#include <stdint.h>
-
-#include <memory>
-
-namespace crypto {
-
-// Simplistic helper that wraps a call to a deleter function. In a C++11 world,
-// this would be std::function<>. An alternative would be to re-use
-// base::internal::RunnableAdapter<>, but that's far too heavy weight.
-template <typename Type, void (*Destroyer)(Type*)>
-struct OpenSSLDestroyer {
- void operator()(Type* ptr) const { Destroyer(ptr); }
-};
-
-template <typename PointerType, void (*Destroyer)(PointerType*)>
-using ScopedOpenSSL =
- std::unique_ptr<PointerType, OpenSSLDestroyer<PointerType, Destroyer>>;
-
-struct OpenSSLFree {
- void operator()(uint8_t* ptr) const { OPENSSL_free(ptr); }
-};
-
-// Several typedefs are provided for crypto-specific primitives, for
-// short-hand and prevalence. Note that OpenSSL types related to X.509 are
-// intentionally not included, as crypto/ does not generally deal with
-// certificates or PKI.
-using ScopedBIGNUM = ScopedOpenSSL<BIGNUM, BN_free>;
-using ScopedEC_Key = ScopedOpenSSL<EC_KEY, EC_KEY_free>;
-using ScopedBIO = ScopedOpenSSL<BIO, BIO_free_all>;
-using ScopedDSA = ScopedOpenSSL<DSA, DSA_free>;
-using ScopedECDSA_SIG = ScopedOpenSSL<ECDSA_SIG, ECDSA_SIG_free>;
-using ScopedEC_GROUP = ScopedOpenSSL<EC_GROUP, EC_GROUP_free>;
-using ScopedEC_KEY = ScopedOpenSSL<EC_KEY, EC_KEY_free>;
-using ScopedEC_POINT = ScopedOpenSSL<EC_POINT, EC_POINT_free>;
-using ScopedEVP_MD_CTX = ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy>;
-using ScopedEVP_PKEY = ScopedOpenSSL<EVP_PKEY, EVP_PKEY_free>;
-using ScopedEVP_PKEY_CTX = ScopedOpenSSL<EVP_PKEY_CTX, EVP_PKEY_CTX_free>;
-using ScopedRSA = ScopedOpenSSL<RSA, RSA_free>;
-
-// The bytes must have been allocated with OPENSSL_malloc.
-using ScopedOpenSSLBytes = std::unique_ptr<uint8_t, OpenSSLFree>;
-
-} // namespace crypto
-
-#endif // CRYPTO_SCOPED_OPENSSL_TYPES_H_
diff --git a/crypto/scoped_test_nss_chromeos_user.cc b/crypto/scoped_test_nss_chromeos_user.cc
index aec25d8..49b92d4 100644
--- a/crypto/scoped_test_nss_chromeos_user.cc
+++ b/crypto/scoped_test_nss_chromeos_user.cc
@@ -18,7 +18,7 @@
// This opens a software DB in the given folder. In production code that is in
// the home folder, but for testing the temp folder is used.
constructed_successfully_ =
- InitializeNSSForChromeOSUser(username_hash, temp_dir_.path());
+ InitializeNSSForChromeOSUser(username_hash, temp_dir_.GetPath());
}
ScopedTestNSSChromeOSUser::~ScopedTestNSSChromeOSUser() {
diff --git a/crypto/scoped_test_nss_db.cc b/crypto/scoped_test_nss_db.cc
index dc58031..b334109 100644
--- a/crypto/scoped_test_nss_db.cc
+++ b/crypto/scoped_test_nss_db.cc
@@ -24,7 +24,7 @@
return;
const char kTestDescription[] = "Test DB";
- slot_ = OpenSoftwareNSSDB(temp_dir_.path(), kTestDescription);
+ slot_ = OpenSoftwareNSSDB(temp_dir_.GetPath(), kTestDescription);
}
ScopedTestNSSDB::~ScopedTestNSSDB() {
diff --git a/crypto/scoped_test_system_nss_key_slot.h b/crypto/scoped_test_system_nss_key_slot.h
index eb8fbc9..ae9b2cd 100644
--- a/crypto/scoped_test_system_nss_key_slot.h
+++ b/crypto/scoped_test_system_nss_key_slot.h
@@ -27,7 +27,7 @@
// At most one instance of this helper must be used at a time.
class CRYPTO_EXPORT ScopedTestSystemNSSKeySlot {
public:
- explicit ScopedTestSystemNSSKeySlot();
+ ScopedTestSystemNSSKeySlot();
~ScopedTestSystemNSSKeySlot();
bool ConstructedSuccessfully() const;
diff --git a/crypto/secure_hash.cc b/crypto/secure_hash.cc
index 9003b9c..d47f783 100644
--- a/crypto/secure_hash.cc
+++ b/crypto/secure_hash.cc
@@ -27,7 +27,7 @@
SHA256_Init(&ctx_);
}
- SecureHashSHA256(const SecureHashSHA256& other) : SecureHash() {
+ SecureHashSHA256(const SecureHashSHA256& other) {
memcpy(&ctx_, &other.ctx_, sizeof(ctx_));
}
diff --git a/crypto/sha2.cc b/crypto/sha2.cc
index e97b8f4..1b302b3 100644
--- a/crypto/sha2.cc
+++ b/crypto/sha2.cc
@@ -21,7 +21,7 @@
std::string SHA256HashString(const base::StringPiece& str) {
std::string output(kSHA256Length, 0);
- SHA256HashString(str, string_as_array(&output), output.size());
+ SHA256HashString(str, base::string_as_array(&output), output.size());
return output;
}
diff --git a/crypto/signature_creator.h b/crypto/signature_creator.h
index 1e8e856..674bd4c 100644
--- a/crypto/signature_creator.h
+++ b/crypto/signature_creator.h
@@ -14,13 +14,8 @@
#include "build/build_config.h"
#include "crypto/crypto_export.h"
-#if defined(USE_OPENSSL)
// Forward declaration for openssl/*.h
typedef struct env_md_ctx_st EVP_MD_CTX;
-#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
-// Forward declaration.
-struct SGNContextStr;
-#endif
namespace crypto {
@@ -62,11 +57,7 @@
// Private constructor. Use the Create() method instead.
SignatureCreator();
-#if defined(USE_OPENSSL)
EVP_MD_CTX* sign_context_;
-#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
- SGNContextStr* sign_context_;
-#endif
DISALLOW_COPY_AND_ASSIGN(SignatureCreator);
};
diff --git a/crypto/signature_creator_nss.cc b/crypto/signature_creator_nss.cc
deleted file mode 100644
index bf20413..0000000
--- a/crypto/signature_creator_nss.cc
+++ /dev/null
@@ -1,119 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/signature_creator.h"
-
-#include <cryptohi.h>
-#include <keyhi.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include "base/logging.h"
-#include "base/memory/scoped_ptr.h"
-#include "crypto/nss_util.h"
-#include "crypto/rsa_private_key.h"
-
-namespace crypto {
-
-namespace {
-
-SECOidTag ToNSSSigOid(SignatureCreator::HashAlgorithm hash_alg) {
- switch (hash_alg) {
- case SignatureCreator::SHA1:
- return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- case SignatureCreator::SHA256:
- return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
- }
- return SEC_OID_UNKNOWN;
-}
-
-SECOidTag ToNSSHashOid(SignatureCreator::HashAlgorithm hash_alg) {
- switch (hash_alg) {
- case SignatureCreator::SHA1:
- return SEC_OID_SHA1;
- case SignatureCreator::SHA256:
- return SEC_OID_SHA256;
- }
- return SEC_OID_UNKNOWN;
-}
-
-} // namespace
-
-SignatureCreator::~SignatureCreator() {
- if (sign_context_) {
- SGN_DestroyContext(sign_context_, PR_TRUE);
- sign_context_ = NULL;
- }
-}
-
-// static
-SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key,
- HashAlgorithm hash_alg) {
- scoped_ptr<SignatureCreator> result(new SignatureCreator);
- result->sign_context_ = SGN_NewContext(ToNSSSigOid(hash_alg), key->key());
- if (!result->sign_context_) {
- NOTREACHED();
- return NULL;
- }
-
- SECStatus rv = SGN_Begin(result->sign_context_);
- if (rv != SECSuccess) {
- NOTREACHED();
- return NULL;
- }
-
- return result.release();
-}
-
-// static
-bool SignatureCreator::Sign(RSAPrivateKey* key,
- HashAlgorithm hash_alg,
- const uint8_t* data,
- int data_len,
- std::vector<uint8_t>* signature) {
- SECItem data_item;
- data_item.type = siBuffer;
- data_item.data = const_cast<unsigned char*>(data);
- data_item.len = data_len;
-
- SECItem signature_item;
- SECStatus rv = SGN_Digest(key->key(), ToNSSHashOid(hash_alg), &signature_item,
- &data_item);
- if (rv != SECSuccess) {
- NOTREACHED();
- return false;
- }
- signature->assign(signature_item.data,
- signature_item.data + signature_item.len);
- SECITEM_FreeItem(&signature_item, PR_FALSE);
- return true;
-}
-
-bool SignatureCreator::Update(const uint8_t* data_part, int data_part_len) {
- SECStatus rv = SGN_Update(sign_context_, data_part, data_part_len);
- if (rv != SECSuccess) {
- NOTREACHED();
- return false;
- }
-
- return true;
-}
-
-bool SignatureCreator::Final(std::vector<uint8_t>* signature) {
- SECItem signature_item;
- SECStatus rv = SGN_End(sign_context_, &signature_item);
- if (rv != SECSuccess) {
- return false;
- }
- signature->assign(signature_item.data,
- signature_item.data + signature_item.len);
- SECITEM_FreeItem(&signature_item, PR_FALSE);
- return true;
-}
-
-SignatureCreator::SignatureCreator() : sign_context_(NULL) {
- EnsureNSSInit();
-}
-
-} // namespace crypto
diff --git a/crypto/signature_creator_unittest.cc b/crypto/signature_creator_unittest.cc
index 819e663..2f135cc 100644
--- a/crypto/signature_creator_unittest.cc
+++ b/crypto/signature_creator_unittest.cc
@@ -7,6 +7,7 @@
#include <stdint.h>
#include <memory>
+#include <string>
#include <vector>
#include "base/sha1.h"
diff --git a/crypto/signature_verifier.h b/crypto/signature_verifier.h
index 5b7369f..f1ea580 100644
--- a/crypto/signature_verifier.h
+++ b/crypto/signature_verifier.h
@@ -7,19 +7,14 @@
#include <stdint.h>
+#include <memory>
#include <vector>
#include "build/build_config.h"
#include "crypto/crypto_export.h"
-#if defined(USE_OPENSSL)
typedef struct env_md_st EVP_MD;
typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
-#else
-typedef struct HASHContextStr HASHContext;
-typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
-typedef struct VFYContextStr VFYContext;
-#endif
namespace crypto {
@@ -96,7 +91,6 @@
bool VerifyFinal();
private:
-#if defined(USE_OPENSSL)
bool CommonInit(int pkey_type,
const EVP_MD* digest,
const uint8_t* signature,
@@ -104,29 +98,13 @@
const uint8_t* public_key_info,
int public_key_info_len,
EVP_PKEY_CTX** pkey_ctx);
-#else
- static SECKEYPublicKey* DecodePublicKeyInfo(const uint8_t* public_key_info,
- int public_key_info_len);
-#endif
void Reset();
std::vector<uint8_t> signature_;
-#if defined(USE_OPENSSL)
struct VerifyContext;
- VerifyContext* verify_context_;
-#else
- // Used for all signature types except RSA-PSS.
- VFYContext* vfy_context_;
-
- // Used for RSA-PSS signatures.
- HashAlgorithm hash_alg_;
- HashAlgorithm mask_hash_alg_;
- unsigned int salt_len_;
- SECKEYPublicKey* public_key_;
- HASHContext* hash_context_;
-#endif
+ std::unique_ptr<VerifyContext> verify_context_;
};
} // namespace crypto
diff --git a/crypto/signature_verifier_nss.cc b/crypto/signature_verifier_nss.cc
deleted file mode 100644
index edbd3f6..0000000
--- a/crypto/signature_verifier_nss.cc
+++ /dev/null
@@ -1,213 +0,0 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/signature_verifier.h"
-
-#include <cryptohi.h>
-#include <keyhi.h>
-#include <pk11pub.h>
-#include <secerr.h>
-#include <sechash.h>
-#include <stdint.h>
-#include <stdlib.h>
-
-#include "base/logging.h"
-#include "crypto/nss_util.h"
-#include "crypto/third_party/nss/chromium-nss.h"
-
-namespace crypto {
-
-namespace {
-
-HASH_HashType ToNSSHashType(SignatureVerifier::HashAlgorithm hash_alg) {
- switch (hash_alg) {
- case SignatureVerifier::SHA1:
- return HASH_AlgSHA1;
- case SignatureVerifier::SHA256:
- return HASH_AlgSHA256;
- }
- return HASH_AlgNULL;
-}
-
-SECOidTag ToNSSSignatureType(SignatureVerifier::SignatureAlgorithm sig_alg) {
- switch (sig_alg) {
- case SignatureVerifier::RSA_PKCS1_SHA1:
- return SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
- case SignatureVerifier::RSA_PKCS1_SHA256:
- return SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
- case SignatureVerifier::ECDSA_SHA256:
- return SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE;
- }
- return SEC_OID_UNKNOWN;
-}
-
-SECStatus VerifyRSAPSS_End(SECKEYPublicKey* public_key,
- HASHContext* hash_context,
- HASH_HashType mask_hash_alg,
- unsigned int salt_len,
- const unsigned char* signature,
- unsigned int signature_len) {
- unsigned int hash_len = HASH_ResultLenContext(hash_context);
- std::vector<unsigned char> hash(hash_len);
- HASH_End(hash_context, &hash[0], &hash_len, hash.size());
-
- unsigned int modulus_len = SECKEY_PublicKeyStrength(public_key);
- if (signature_len != modulus_len) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
- }
- std::vector<unsigned char> enc(signature_len);
- SECStatus rv = PK11_PubEncryptRaw(public_key, &enc[0],
- const_cast<unsigned char*>(signature),
- signature_len, NULL);
- if (rv != SECSuccess) {
- LOG(WARNING) << "PK11_PubEncryptRaw failed";
- return rv;
- }
- return emsa_pss_verify(&hash[0], &enc[0], enc.size(),
- HASH_GetType(hash_context), mask_hash_alg,
- salt_len);
-}
-
-} // namespace
-
-SignatureVerifier::SignatureVerifier()
- : vfy_context_(NULL),
- hash_alg_(SHA1),
- mask_hash_alg_(SHA1),
- salt_len_(0),
- public_key_(NULL),
- hash_context_(NULL) {
- EnsureNSSInit();
-}
-
-SignatureVerifier::~SignatureVerifier() {
- Reset();
-}
-
-bool SignatureVerifier::VerifyInit(SignatureAlgorithm signature_algorithm,
- const uint8_t* signature,
- int signature_len,
- const uint8_t* public_key_info,
- int public_key_info_len) {
- if (vfy_context_ || hash_context_)
- return false;
-
- signature_.assign(signature, signature + signature_len);
-
- SECKEYPublicKey* public_key = DecodePublicKeyInfo(public_key_info,
- public_key_info_len);
- if (!public_key)
- return false;
-
- SECItem sig;
- sig.type = siBuffer;
- sig.data = const_cast<uint8_t*>(signature);
- sig.len = signature_len;
- vfy_context_ = VFY_CreateContext(
- public_key, &sig, ToNSSSignatureType(signature_algorithm), nullptr);
- SECKEY_DestroyPublicKey(public_key); // Done with public_key.
- if (!vfy_context_) {
- // A corrupted RSA signature could be detected without the data, so
- // VFY_CreateContextWithAlgorithmID may fail with SEC_ERROR_BAD_SIGNATURE
- // (-8182).
- return false;
- }
-
- if (VFY_Begin(vfy_context_) != SECSuccess) {
- NOTREACHED();
- return false;
- }
- return true;
-}
-
-bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg,
- HashAlgorithm mask_hash_alg,
- int salt_len,
- const uint8_t* signature,
- int signature_len,
- const uint8_t* public_key_info,
- int public_key_info_len) {
- if (vfy_context_ || hash_context_)
- return false;
-
- signature_.assign(signature, signature + signature_len);
-
- SECKEYPublicKey* public_key = DecodePublicKeyInfo(public_key_info,
- public_key_info_len);
- if (!public_key)
- return false;
-
- public_key_ = public_key;
- hash_alg_ = hash_alg;
- mask_hash_alg_ = mask_hash_alg;
- salt_len_ = salt_len;
- hash_context_ = HASH_Create(ToNSSHashType(hash_alg_));
- if (!hash_context_)
- return false;
- HASH_Begin(hash_context_);
- return true;
-}
-
-void SignatureVerifier::VerifyUpdate(const uint8_t* data_part,
- int data_part_len) {
- if (vfy_context_) {
- SECStatus rv = VFY_Update(vfy_context_, data_part, data_part_len);
- DCHECK_EQ(SECSuccess, rv);
- } else {
- HASH_Update(hash_context_, data_part, data_part_len);
- }
-}
-
-bool SignatureVerifier::VerifyFinal() {
- SECStatus rv;
- if (vfy_context_) {
- rv = VFY_End(vfy_context_);
- } else {
- rv = VerifyRSAPSS_End(public_key_, hash_context_,
- ToNSSHashType(mask_hash_alg_), salt_len_,
- signature_.data(),
- signature_.size());
- }
- Reset();
-
- // If signature verification fails, the error code is
- // SEC_ERROR_BAD_SIGNATURE (-8182).
- return (rv == SECSuccess);
-}
-
-// static
-SECKEYPublicKey* SignatureVerifier::DecodePublicKeyInfo(
- const uint8_t* public_key_info,
- int public_key_info_len) {
- CERTSubjectPublicKeyInfo* spki = NULL;
- SECItem spki_der;
- spki_der.type = siBuffer;
- spki_der.data = const_cast<uint8_t*>(public_key_info);
- spki_der.len = public_key_info_len;
- spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_der);
- if (!spki)
- return NULL;
- SECKEYPublicKey* public_key = SECKEY_ExtractPublicKey(spki);
- SECKEY_DestroySubjectPublicKeyInfo(spki); // Done with spki.
- return public_key;
-}
-
-void SignatureVerifier::Reset() {
- if (vfy_context_) {
- VFY_DestroyContext(vfy_context_, PR_TRUE);
- vfy_context_ = NULL;
- }
- if (hash_context_) {
- HASH_Destroy(hash_context_);
- hash_context_ = NULL;
- }
- if (public_key_) {
- SECKEY_DestroyPublicKey(public_key_);
- public_key_ = NULL;
- }
- signature_.clear();
-}
-
-} // namespace crypto
diff --git a/crypto/signature_verifier_unittest.cc b/crypto/signature_verifier_unittest.cc
index d71ea82..2cda459 100644
--- a/crypto/signature_verifier_unittest.cc
+++ b/crypto/signature_verifier_unittest.cc
@@ -7,6 +7,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "base/logging.h"
#include "base/macros.h"
#include "base/numerics/safe_conversions.h"
#include "testing/gtest/include/gtest/gtest.h"
diff --git a/crypto/symmetric_key.cc b/crypto/symmetric_key.cc
index e3ecf62..6a19f84 100644
--- a/crypto/symmetric_key.cc
+++ b/crypto/symmetric_key.cc
@@ -4,8 +4,6 @@
#include "crypto/symmetric_key.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
#include <stddef.h>
#include <stdint.h>
@@ -15,6 +13,8 @@
#include "base/logging.h"
#include "base/strings/string_util.h"
#include "crypto/openssl_util.h"
+#include "third_party/boringssl/src/include/openssl/evp.h"
+#include "third_party/boringssl/src/include/openssl/rand.h"
namespace crypto {
diff --git a/crypto/symmetric_key.h b/crypto/symmetric_key.h
index 8862708..7494634 100644
--- a/crypto/symmetric_key.h
+++ b/crypto/symmetric_key.h
@@ -14,15 +14,6 @@
#include "build/build_config.h"
#include "crypto/crypto_export.h"
-#if defined(NACL_WIN64)
-// See comments for crypto_nacl_win64 in crypto.gyp.
-// Must test for NACL_WIN64 before OS_WIN since former is a subset of latter.
-#include "crypto/scoped_capi_types.h"
-#elif defined(USE_NSS_CERTS) || \
- (!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX)))
-#include "crypto/scoped_nss_types.h"
-#endif
-
namespace crypto {
// Wraps a platform-specific symmetric key and allows it to be held in a
@@ -63,13 +54,8 @@
// size for use with |algorithm|. The caller owns the returned SymmetricKey.
static std::unique_ptr<SymmetricKey> Import(Algorithm algorithm,
const std::string& raw_key);
-#if defined(NACL_WIN64)
- HCRYPTKEY key() const { return key_.get(); }
-#elif defined(USE_OPENSSL)
+
const std::string& key() { return key_; }
-#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
- PK11SymKey* key() const { return key_.get(); }
-#endif
// Extracts the raw key from the platform specific data.
// Warning: |raw_key| holds the raw key as bytes and thus must be handled
@@ -77,27 +63,9 @@
bool GetRawKey(std::string* raw_key);
private:
-#if defined(NACL_WIN64)
- SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key,
- const void* key_data, size_t key_size_in_bytes);
+ SymmetricKey();
- ScopedHCRYPTPROV provider_;
- ScopedHCRYPTKEY key_;
-
- // Contains the raw key, if it is known during initialization and when it
- // is likely that the associated |provider_| will be unable to export the
- // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes
- // when using the default RSA provider.
- // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey
- // fails with NTE_BAD_KEY/NTE_BAD_LEN
- std::string raw_key_;
-#elif defined(USE_OPENSSL)
- SymmetricKey() {}
std::string key_;
-#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
- explicit SymmetricKey(PK11SymKey* key);
- ScopedPK11SymKey key_;
-#endif
DISALLOW_COPY_AND_ASSIGN(SymmetricKey);
};
diff --git a/crypto/symmetric_key_nss.cc b/crypto/symmetric_key_nss.cc
deleted file mode 100644
index e3aacc7..0000000
--- a/crypto/symmetric_key_nss.cc
+++ /dev/null
@@ -1,151 +0,0 @@
-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "crypto/symmetric_key.h"
-
-#include <nss.h>
-#include <pk11pub.h>
-#include <stddef.h>
-
-#include "base/logging.h"
-#include "crypto/nss_util.h"
-#include "crypto/scoped_nss_types.h"
-
-namespace crypto {
-
-SymmetricKey::~SymmetricKey() {}
-
-// static
-SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
- size_t key_size_in_bits) {
- DCHECK_EQ(AES, algorithm);
-
- EnsureNSSInit();
-
- // Whitelist supported key sizes to avoid accidentaly relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
- if (key_size_in_bits != 128 && key_size_in_bits != 256)
- return NULL;
-
- ScopedPK11Slot slot(PK11_GetInternalSlot());
- if (!slot.get())
- return NULL;
-
- PK11SymKey* sym_key = PK11_KeyGen(slot.get(), CKM_AES_KEY_GEN, NULL,
- key_size_in_bits / 8, NULL);
- if (!sym_key)
- return NULL;
-
- return new SymmetricKey(sym_key);
-}
-
-// static
-SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
- const std::string& password,
- const std::string& salt,
- size_t iterations,
- size_t key_size_in_bits) {
- EnsureNSSInit();
- if (salt.empty() || iterations == 0 || key_size_in_bits == 0)
- return NULL;
-
- if (algorithm == AES) {
- // Whitelist supported key sizes to avoid accidentaly relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
- if (key_size_in_bits != 128 && key_size_in_bits != 256)
- return NULL;
- }
-
- SECItem password_item;
- password_item.type = siBuffer;
- password_item.data = reinterpret_cast<unsigned char*>(
- const_cast<char *>(password.data()));
- password_item.len = password.size();
-
- SECItem salt_item;
- salt_item.type = siBuffer;
- salt_item.data = reinterpret_cast<unsigned char*>(
- const_cast<char *>(salt.data()));
- salt_item.len = salt.size();
-
- SECOidTag cipher_algorithm =
- algorithm == AES ? SEC_OID_AES_256_CBC : SEC_OID_HMAC_SHA1;
- ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2,
- cipher_algorithm,
- SEC_OID_HMAC_SHA1,
- key_size_in_bits / 8,
- iterations,
- &salt_item));
- if (!alg_id.get())
- return NULL;
-
- ScopedPK11Slot slot(PK11_GetInternalSlot());
- if (!slot.get())
- return NULL;
-
- PK11SymKey* sym_key = PK11_PBEKeyGen(slot.get(), alg_id.get(), &password_item,
- PR_FALSE, NULL);
- if (!sym_key)
- return NULL;
-
- return new SymmetricKey(sym_key);
-}
-
-// static
-SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
- const std::string& raw_key) {
- EnsureNSSInit();
-
- if (algorithm == AES) {
- // Whitelist supported key sizes to avoid accidentaly relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
- if (raw_key.size() != 128/8 && raw_key.size() != 256/8)
- return NULL;
- }
-
- CK_MECHANISM_TYPE cipher =
- algorithm == AES ? CKM_AES_CBC : CKM_SHA_1_HMAC;
-
- SECItem key_item;
- key_item.type = siBuffer;
- key_item.data = reinterpret_cast<unsigned char*>(
- const_cast<char *>(raw_key.data()));
- key_item.len = raw_key.size();
-
- ScopedPK11Slot slot(PK11_GetInternalSlot());
- if (!slot.get())
- return NULL;
-
- // The exact value of the |origin| argument doesn't matter to NSS as long as
- // it's not PK11_OriginFortezzaHack, so we pass PK11_OriginUnwrap as a
- // placeholder.
- PK11SymKey* sym_key = PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap,
- CKA_ENCRYPT, &key_item, NULL);
- if (!sym_key)
- return NULL;
-
- return new SymmetricKey(sym_key);
-}
-
-bool SymmetricKey::GetRawKey(std::string* raw_key) {
- SECStatus rv = PK11_ExtractKeyValue(key_.get());
- if (SECSuccess != rv)
- return false;
-
- SECItem* key_item = PK11_GetKeyData(key_.get());
- if (!key_item)
- return false;
-
- raw_key->assign(reinterpret_cast<char*>(key_item->data), key_item->len);
- return true;
-}
-
-SymmetricKey::SymmetricKey(PK11SymKey* key) : key_(key) {
- DCHECK(key);
-}
-
-} // namespace crypto
diff --git a/crypto/third_party/nss/chromium-blapi.h b/crypto/third_party/nss/chromium-blapi.h
deleted file mode 100644
index 2ca772e..0000000
--- a/crypto/third_party/nss/chromium-blapi.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * crypto.h - public data structures and prototypes for the crypto library
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: blapi.h,v 1.27 2007/11/09 18:49:32 wtc%google.com Exp $ */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPI_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPI_H_
-
-#include "crypto/third_party/nss/chromium-blapit.h"
-
-/******************************************/
-
-extern SHA256Context *SHA256_NewContext(void);
-extern void SHA256_DestroyContext(SHA256Context *cx, PRBool freeit);
-extern void SHA256_Begin(SHA256Context *cx);
-extern void SHA256_Update(SHA256Context *cx, const unsigned char *input,
- unsigned int inputLen);
-extern void SHA256_End(SHA256Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length);
-extern SECStatus SHA256_Hash(unsigned char *dest, const char *src);
-extern void SHA256_TraceState(SHA256Context *cx);
-extern unsigned int SHA256_FlattenSize(SHA256Context *cx);
-extern SECStatus SHA256_Flatten(SHA256Context *cx,unsigned char *space);
-extern SHA256Context * SHA256_Resurrect(unsigned char *space, void *arg);
-extern void SHA256_Clone(SHA256Context *dest, SHA256Context *src);
-
-/******************************************/
-
-extern SHA512Context *SHA512_NewContext(void);
-extern void SHA512_DestroyContext(SHA512Context *cx, PRBool freeit);
-extern void SHA512_Begin(SHA512Context *cx);
-extern void SHA512_Update(SHA512Context *cx, const unsigned char *input,
- unsigned int inputLen);
-extern void SHA512_End(SHA512Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length);
-extern SECStatus SHA512_Hash(unsigned char *dest, const char *src);
-extern void SHA512_TraceState(SHA512Context *cx);
-extern unsigned int SHA512_FlattenSize(SHA512Context *cx);
-extern SECStatus SHA512_Flatten(SHA512Context *cx,unsigned char *space);
-extern SHA512Context * SHA512_Resurrect(unsigned char *space, void *arg);
-extern void SHA512_Clone(SHA512Context *dest, SHA512Context *src);
-
-/******************************************/
-
-extern SHA384Context *SHA384_NewContext(void);
-extern void SHA384_DestroyContext(SHA384Context *cx, PRBool freeit);
-extern void SHA384_Begin(SHA384Context *cx);
-extern void SHA384_Update(SHA384Context *cx, const unsigned char *input,
- unsigned int inputLen);
-extern void SHA384_End(SHA384Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen);
-extern SECStatus SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length);
-extern SECStatus SHA384_Hash(unsigned char *dest, const char *src);
-extern void SHA384_TraceState(SHA384Context *cx);
-extern unsigned int SHA384_FlattenSize(SHA384Context *cx);
-extern SECStatus SHA384_Flatten(SHA384Context *cx,unsigned char *space);
-extern SHA384Context * SHA384_Resurrect(unsigned char *space, void *arg);
-extern void SHA384_Clone(SHA384Context *dest, SHA384Context *src);
-
-#endif /* CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPI_H_ */
diff --git a/crypto/third_party/nss/chromium-blapit.h b/crypto/third_party/nss/chromium-blapit.h
deleted file mode 100644
index 938547a..0000000
--- a/crypto/third_party/nss/chromium-blapit.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * blapit.h - public data structures for the crypto library
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- * Dr Vipul Gupta <vipul.gupta@sun.com> and
- * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: blapit.h,v 1.20 2007/02/28 19:47:37 rrelyea%redhat.com Exp $ */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPIT_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPIT_H_
-
-#include "crypto/third_party/nss/chromium-prtypes.h"
-
-/*
-** A status code. Status's are used by procedures that return status
-** values. Again the motivation is so that a compiler can generate
-** warnings when return values are wrong. Correct testing of status codes:
-**
-** SECStatus rv;
-** rv = some_function (some_argument);
-** if (rv != SECSuccess)
-** do_an_error_thing();
-**
-*/
-typedef enum _SECStatus {
- SECWouldBlock = -2,
- SECFailure = -1,
- SECSuccess = 0
-} SECStatus;
-
-#define SHA256_LENGTH 32 /* bytes */
-#define SHA384_LENGTH 48 /* bytes */
-#define SHA512_LENGTH 64 /* bytes */
-#define HASH_LENGTH_MAX SHA512_LENGTH
-
-/*
- * Input block size for each hash algorithm.
- */
-
-#define SHA256_BLOCK_LENGTH 64 /* bytes */
-#define SHA384_BLOCK_LENGTH 128 /* bytes */
-#define SHA512_BLOCK_LENGTH 128 /* bytes */
-#define HASH_BLOCK_LENGTH_MAX SHA512_BLOCK_LENGTH
-
-/***************************************************************************
-** Opaque objects
-*/
-
-struct SHA256ContextStr ;
-struct SHA512ContextStr ;
-
-typedef struct SHA256ContextStr SHA256Context;
-typedef struct SHA512ContextStr SHA512Context;
-/* SHA384Context is really a SHA512ContextStr. This is not a mistake. */
-typedef struct SHA512ContextStr SHA384Context;
-
-#endif /* CRYPTO_THIRD_PARTY_NSS_CHROMIUM_BLAPIT_H_ */
diff --git a/crypto/third_party/nss/chromium-nss.h b/crypto/third_party/nss/chromium-nss.h
deleted file mode 100644
index 437e6bd..0000000
--- a/crypto/third_party/nss/chromium-nss.h
+++ /dev/null
@@ -1,79 +0,0 @@
- /* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_NSS_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_NSS_H_
-
-// This file contains some functions we borrowed from NSS.
-
-#include <prtypes.h>
-#include <hasht.h>
-#include <keyhi.h>
-#include <secmod.h>
-
-#include "crypto/crypto_export.h"
-
-extern "C" SECStatus emsa_pss_verify(const unsigned char *mHash,
- const unsigned char *em,
- unsigned int emLen,
- HASH_HashType hashAlg,
- HASH_HashType maskHashAlg,
- unsigned int sLen);
-
-// Like PK11_ImportEncryptedPrivateKeyInfo, but hardcoded for EC, and returns
-// the SECKEYPrivateKey.
-// See https://bugzilla.mozilla.org/show_bug.cgi?id=211546
-// When we use NSS 3.13.2 or later,
-// PK11_ImportEncryptedPrivateKeyInfoAndReturnKey can be used instead.
-SECStatus ImportEncryptedECPrivateKeyInfoAndReturnKey(
- PK11SlotInfo* slot,
- SECKEYEncryptedPrivateKeyInfo* epki,
- SECItem* password,
- SECItem* nickname,
- SECItem* public_value,
- PRBool permanent,
- PRBool sensitive,
- SECKEYPrivateKey** private_key,
- void* wincx);
-
-// Like SEC_DerSignData.
-CRYPTO_EXPORT SECStatus DerSignData(PLArenaPool *arena,
- SECItem *result,
- SECItem *input,
- SECKEYPrivateKey *key,
- SECOidTag algo_id);
-
-#endif // CRYPTO_THIRD_PARTY_NSS_CHROMIUM_NSS_H_
diff --git a/crypto/third_party/nss/chromium-prtypes.h b/crypto/third_party/nss/chromium-prtypes.h
deleted file mode 100644
index d5ea8a9..0000000
--- a/crypto/third_party/nss/chromium-prtypes.h
+++ /dev/null
@@ -1,77 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2002
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-/* Emulates the real prtypes.h. Defines the types and macros that sha512.cc
- * needs. */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_PRTYPES_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_PRTYPES_H_
-
-#include <limits.h>
-#include <stdint.h>
-
-#include "build/build_config.h"
-
-#if defined(ARCH_CPU_LITTLE_ENDIAN)
-#define IS_LITTLE_ENDIAN 1
-#else
-#define IS_BIG_ENDIAN 1
-#endif
-
-/*
- * The C language requires that 'long' be at least 32 bits. 2147483647 is the
- * largest signed 32-bit integer.
- */
-#if LONG_MAX > 2147483647L
-#define PR_BYTES_PER_LONG 8
-#else
-#define PR_BYTES_PER_LONG 4
-#endif
-
-#define HAVE_LONG_LONG
-
-#if defined(__linux__)
-#define LINUX
-#endif
-
-typedef uint8_t PRUint8;
-typedef uint32_t PRUint32;
-
-typedef int PRBool;
-
-#define PR_MIN(x,y) ((x)<(y)?(x):(y))
-
-#endif /* CRYPTO_THIRD_PARTY_NSS_CHROMIUM_PRTYPES_H_ */
diff --git a/crypto/third_party/nss/chromium-sha256.h b/crypto/third_party/nss/chromium-sha256.h
deleted file mode 100644
index 52815ca..0000000
--- a/crypto/third_party/nss/chromium-sha256.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2002
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef CRYPTO_THIRD_PARTY_NSS_CHROMIUM_SHA_256_H_
-#define CRYPTO_THIRD_PARTY_NSS_CHROMIUM_SHA_256_H_
-
-#include "crypto/third_party/nss/chromium-prtypes.h"
-
-struct SHA256ContextStr {
- union {
- PRUint32 w[64]; /* message schedule, input buffer, plus 48 words */
- PRUint8 b[256];
- } u;
- PRUint32 h[8]; /* 8 state variables */
- PRUint32 sizeHi,sizeLo; /* 64-bit count of hashed bytes. */
-};
-
-#endif /* CRYPTO_THIRD_PARTY_NSS_CHROMIUM_SHA_256_H_ */
diff --git a/crypto/third_party/nss/rsawrapr.c b/crypto/third_party/nss/rsawrapr.c
deleted file mode 100644
index 73e498f..0000000
--- a/crypto/third_party/nss/rsawrapr.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * PKCS#1 encoding and decoding functions.
- * This file is believed to contain no code licensed from other parties.
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "seccomon.h"
-#include "secerr.h"
-#include "sechash.h"
-
-/* Needed for RSA-PSS functions */
-static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
-
-/*
- * Mask generation function MGF1 as defined in PKCS #1 v2.1 / RFC 3447.
- */
-static SECStatus
-MGF1(HASH_HashType hashAlg, unsigned char *mask, unsigned int maskLen,
- const unsigned char *mgfSeed, unsigned int mgfSeedLen)
-{
- unsigned int digestLen;
- PRUint32 counter, rounds;
- unsigned char *tempHash, *temp;
- const SECHashObject *hash;
- void *hashContext;
- unsigned char C[4];
-
- hash = HASH_GetHashObject(hashAlg);
- if (hash == NULL)
- return SECFailure;
-
- hashContext = (*hash->create)();
- rounds = (maskLen + hash->length - 1) / hash->length;
- for (counter = 0; counter < rounds; counter++) {
- C[0] = (unsigned char)((counter >> 24) & 0xff);
- C[1] = (unsigned char)((counter >> 16) & 0xff);
- C[2] = (unsigned char)((counter >> 8) & 0xff);
- C[3] = (unsigned char)(counter & 0xff);
-
- /* This could be optimized when the clone functions in
- * rawhash.c are implemented. */
- (*hash->begin)(hashContext);
- (*hash->update)(hashContext, mgfSeed, mgfSeedLen);
- (*hash->update)(hashContext, C, sizeof C);
-
- tempHash = mask + counter * hash->length;
- if (counter != (rounds-1)) {
- (*hash->end)(hashContext, tempHash, &digestLen, hash->length);
- } else { /* we're in the last round and need to cut the hash */
- temp = (unsigned char *)PORT_Alloc(hash->length);
- (*hash->end)(hashContext, temp, &digestLen, hash->length);
- PORT_Memcpy(tempHash, temp, maskLen - counter * hash->length);
- PORT_Free(temp);
- }
- }
- (*hash->destroy)(hashContext, PR_TRUE);
-
- return SECSuccess;
-}
-
-/*
- * Verify a RSA-PSS signature.
- * Described in RFC 3447, section 9.1.2.
- * We use mHash instead of M as input.
- * emBits from the RFC is just modBits - 1, see section 8.1.2.
- * We only support MGF1 as the MGF.
- *
- * NOTE: this code assumes modBits is a multiple of 8.
- */
-SECStatus
-emsa_pss_verify(const unsigned char *mHash,
- const unsigned char *em, unsigned int emLen,
- HASH_HashType hashAlg, HASH_HashType maskHashAlg,
- unsigned int sLen)
-{
- const SECHashObject *hash;
- void *hash_context;
- unsigned char *db;
- unsigned char *H_; /* H' from the RFC */
- unsigned int i, dbMaskLen;
- SECStatus rv;
-
- hash = HASH_GetHashObject(hashAlg);
- dbMaskLen = emLen - hash->length - 1;
-
- /* Step 3 + 4 + 6 */
- if ((emLen < (hash->length + sLen + 2)) ||
- (em[emLen - 1] != 0xbc) ||
- ((em[0] & 0x80) != 0)) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
- }
-
- /* Step 7 */
- db = (unsigned char *)PORT_Alloc(dbMaskLen);
- if (db == NULL) {
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- /* &em[dbMaskLen] points to H, used as mgfSeed */
- MGF1(maskHashAlg, db, dbMaskLen, &em[dbMaskLen], hash->length);
-
- /* Step 8 */
- for (i = 0; i < dbMaskLen; i++) {
- db[i] ^= em[i];
- }
-
- /* Step 9 */
- db[0] &= 0x7f;
-
- /* Step 10 */
- for (i = 0; i < (dbMaskLen - sLen - 1); i++) {
- if (db[i] != 0) {
- PORT_Free(db);
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
- }
- }
- if (db[dbMaskLen - sLen - 1] != 0x01) {
- PORT_Free(db);
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- return SECFailure;
- }
-
- /* Step 12 + 13 */
- H_ = (unsigned char *)PORT_Alloc(hash->length);
- if (H_ == NULL) {
- PORT_Free(db);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- hash_context = (*hash->create)();
- if (hash_context == NULL) {
- PORT_Free(db);
- PORT_Free(H_);
- PORT_SetError(SEC_ERROR_NO_MEMORY);
- return SECFailure;
- }
- (*hash->begin)(hash_context);
- (*hash->update)(hash_context, eightZeros, 8);
- (*hash->update)(hash_context, mHash, hash->length);
- (*hash->update)(hash_context, &db[dbMaskLen - sLen], sLen);
- (*hash->end)(hash_context, H_, &i, hash->length);
- (*hash->destroy)(hash_context, PR_TRUE);
-
- PORT_Free(db);
-
- /* Step 14 */
- if (PORT_Memcmp(H_, &em[dbMaskLen], hash->length) != 0) {
- PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
- rv = SECFailure;
- } else {
- rv = SECSuccess;
- }
-
- PORT_Free(H_);
- return rv;
-}
diff --git a/crypto/third_party/nss/sha512.cc b/crypto/third_party/nss/sha512.cc
deleted file mode 100644
index 78950cb..0000000
--- a/crypto/third_party/nss/sha512.cc
+++ /dev/null
@@ -1,1390 +0,0 @@
-/*
- * sha512.c - implementation of SHA256, SHA384 and SHA512
- *
- * ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 2002
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-/* $Id: sha512.c,v 1.9 2006/10/13 16:54:04 wtchang%redhat.com Exp $ */
-
-// Prevent manual unrolling in the sha256 code, which reduces the binary code
-// size from ~10k to ~1k. The performance should be reasonable for our use.
-#define NOUNROLL256 1
-
-#include "crypto/third_party/nss/chromium-prtypes.h" /* for PRUintXX */
-#if defined(_X86_) || defined(SHA_NO_LONG_LONG)
-#define NOUNROLL512 1
-#undef HAVE_LONG_LONG
-#endif
-#include "crypto/third_party/nss/chromium-blapi.h"
-#include "crypto/third_party/nss/chromium-sha256.h" /* for struct SHA256ContextStr */
-
-#include <stdlib.h>
-#include <string.h>
-#define PORT_New(type) static_cast<type*>(malloc(sizeof(type)))
-#define PORT_ZFree(ptr, len) do { memset(ptr, 0, len); free(ptr); } while (0)
-#define PORT_Strlen(s) static_cast<unsigned int>(strlen(s))
-#define PORT_Memcpy memcpy
-
-/* ============= Common constants and defines ======================= */
-
-#define W ctx->u.w
-#define B ctx->u.b
-#define H ctx->h
-
-#define SHR(x,n) (x >> n)
-#define SHL(x,n) (x << n)
-#define Ch(x,y,z) ((x & y) ^ (~x & z))
-#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
-
-/* Padding used with all flavors of SHA */
-static const PRUint8 pad[240] = {
-0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
- 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
- /* compiler will fill the rest in with zeros */
-};
-
-/* ============= SHA256 implemenmtation ================================== */
-
-/* SHA-256 constants, K256. */
-static const PRUint32 K256[64] = {
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
- 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
- 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
- 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
- 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
- 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
- 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
- 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
- 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
-};
-
-/* SHA-256 initial hash values */
-static const PRUint32 H256[8] = {
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
- 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
-};
-
-#if defined(_MSC_VER) && defined(_X86_)
-#ifndef FORCEINLINE
-#if (_MSC_VER >= 1200)
-#define FORCEINLINE __forceinline
-#else
-#define FORCEINLINE __inline
-#endif
-#endif
-#define FASTCALL __fastcall
-
-static FORCEINLINE PRUint32 FASTCALL
-swap4b(PRUint32 dwd)
-{
- __asm {
- mov eax,dwd
- bswap eax
- }
-}
-
-#define SHA_HTONL(x) swap4b(x)
-#define BYTESWAP4(x) x = SHA_HTONL(x)
-
-#elif defined(LINUX) && defined(_X86_)
-#undef __OPTIMIZE__
-#define __OPTIMIZE__ 1
-#undef __pentium__
-#define __pentium__ 1
-#include <byteswap.h>
-#define SHA_HTONL(x) bswap_32(x)
-#define BYTESWAP4(x) x = SHA_HTONL(x)
-
-#else /* neither windows nor Linux PC */
-#define SWAP4MASK 0x00FF00FF
-#define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \
- ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK))
-#define BYTESWAP4(x) x = SHA_HTONL(x)
-#endif
-
-#if defined(_MSC_VER) && defined(_X86_)
-#pragma intrinsic (_lrotr, _lrotl)
-#define ROTR32(x,n) _lrotr(x,n)
-#define ROTL32(x,n) _lrotl(x,n)
-#else
-#define ROTR32(x,n) ((x >> n) | (x << ((8 * sizeof x) - n)))
-#define ROTL32(x,n) ((x << n) | (x >> ((8 * sizeof x) - n)))
-#endif
-
-/* Capitol Sigma and lower case sigma functions */
-#define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22))
-#define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25))
-#define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3))
-#define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10))
-
-SHA256Context *
-SHA256_NewContext(void)
-{
- SHA256Context *ctx = PORT_New(SHA256Context);
- return ctx;
-}
-
-void
-SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
-{
- if (freeit) {
- PORT_ZFree(ctx, sizeof *ctx);
- }
-}
-
-void
-SHA256_Begin(SHA256Context *ctx)
-{
- memset(ctx, 0, sizeof *ctx);
- memcpy(H, H256, sizeof H256);
-}
-
-static void
-SHA256_Compress(SHA256Context *ctx)
-{
- {
- register PRUint32 t1, t2;
-
-#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP4(W[0]);
- BYTESWAP4(W[1]);
- BYTESWAP4(W[2]);
- BYTESWAP4(W[3]);
- BYTESWAP4(W[4]);
- BYTESWAP4(W[5]);
- BYTESWAP4(W[6]);
- BYTESWAP4(W[7]);
- BYTESWAP4(W[8]);
- BYTESWAP4(W[9]);
- BYTESWAP4(W[10]);
- BYTESWAP4(W[11]);
- BYTESWAP4(W[12]);
- BYTESWAP4(W[13]);
- BYTESWAP4(W[14]);
- BYTESWAP4(W[15]);
-#endif
-
-#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
-
- /* prepare the "message schedule" */
-#ifdef NOUNROLL256
- {
- int t;
- for (t = 16; t < 64; ++t) {
- INITW(t);
- }
- }
-#else
- INITW(16);
- INITW(17);
- INITW(18);
- INITW(19);
-
- INITW(20);
- INITW(21);
- INITW(22);
- INITW(23);
- INITW(24);
- INITW(25);
- INITW(26);
- INITW(27);
- INITW(28);
- INITW(29);
-
- INITW(30);
- INITW(31);
- INITW(32);
- INITW(33);
- INITW(34);
- INITW(35);
- INITW(36);
- INITW(37);
- INITW(38);
- INITW(39);
-
- INITW(40);
- INITW(41);
- INITW(42);
- INITW(43);
- INITW(44);
- INITW(45);
- INITW(46);
- INITW(47);
- INITW(48);
- INITW(49);
-
- INITW(50);
- INITW(51);
- INITW(52);
- INITW(53);
- INITW(54);
- INITW(55);
- INITW(56);
- INITW(57);
- INITW(58);
- INITW(59);
-
- INITW(60);
- INITW(61);
- INITW(62);
- INITW(63);
-
-#endif
-#undef INITW
- }
- {
- PRUint32 a, b, c, d, e, f, g, h;
-
- a = H[0];
- b = H[1];
- c = H[2];
- d = H[3];
- e = H[4];
- f = H[5];
- g = H[6];
- h = H[7];
-
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \
- d += h; \
- h += S0(a) + Maj(a,b,c);
-
-#ifdef NOUNROLL256
- {
- int t;
- for (t = 0; t < 64; t+= 8) {
- ROUND(t+0,a,b,c,d,e,f,g,h)
- ROUND(t+1,h,a,b,c,d,e,f,g)
- ROUND(t+2,g,h,a,b,c,d,e,f)
- ROUND(t+3,f,g,h,a,b,c,d,e)
- ROUND(t+4,e,f,g,h,a,b,c,d)
- ROUND(t+5,d,e,f,g,h,a,b,c)
- ROUND(t+6,c,d,e,f,g,h,a,b)
- ROUND(t+7,b,c,d,e,f,g,h,a)
- }
- }
-#else
- ROUND( 0,a,b,c,d,e,f,g,h)
- ROUND( 1,h,a,b,c,d,e,f,g)
- ROUND( 2,g,h,a,b,c,d,e,f)
- ROUND( 3,f,g,h,a,b,c,d,e)
- ROUND( 4,e,f,g,h,a,b,c,d)
- ROUND( 5,d,e,f,g,h,a,b,c)
- ROUND( 6,c,d,e,f,g,h,a,b)
- ROUND( 7,b,c,d,e,f,g,h,a)
-
- ROUND( 8,a,b,c,d,e,f,g,h)
- ROUND( 9,h,a,b,c,d,e,f,g)
- ROUND(10,g,h,a,b,c,d,e,f)
- ROUND(11,f,g,h,a,b,c,d,e)
- ROUND(12,e,f,g,h,a,b,c,d)
- ROUND(13,d,e,f,g,h,a,b,c)
- ROUND(14,c,d,e,f,g,h,a,b)
- ROUND(15,b,c,d,e,f,g,h,a)
-
- ROUND(16,a,b,c,d,e,f,g,h)
- ROUND(17,h,a,b,c,d,e,f,g)
- ROUND(18,g,h,a,b,c,d,e,f)
- ROUND(19,f,g,h,a,b,c,d,e)
- ROUND(20,e,f,g,h,a,b,c,d)
- ROUND(21,d,e,f,g,h,a,b,c)
- ROUND(22,c,d,e,f,g,h,a,b)
- ROUND(23,b,c,d,e,f,g,h,a)
-
- ROUND(24,a,b,c,d,e,f,g,h)
- ROUND(25,h,a,b,c,d,e,f,g)
- ROUND(26,g,h,a,b,c,d,e,f)
- ROUND(27,f,g,h,a,b,c,d,e)
- ROUND(28,e,f,g,h,a,b,c,d)
- ROUND(29,d,e,f,g,h,a,b,c)
- ROUND(30,c,d,e,f,g,h,a,b)
- ROUND(31,b,c,d,e,f,g,h,a)
-
- ROUND(32,a,b,c,d,e,f,g,h)
- ROUND(33,h,a,b,c,d,e,f,g)
- ROUND(34,g,h,a,b,c,d,e,f)
- ROUND(35,f,g,h,a,b,c,d,e)
- ROUND(36,e,f,g,h,a,b,c,d)
- ROUND(37,d,e,f,g,h,a,b,c)
- ROUND(38,c,d,e,f,g,h,a,b)
- ROUND(39,b,c,d,e,f,g,h,a)
-
- ROUND(40,a,b,c,d,e,f,g,h)
- ROUND(41,h,a,b,c,d,e,f,g)
- ROUND(42,g,h,a,b,c,d,e,f)
- ROUND(43,f,g,h,a,b,c,d,e)
- ROUND(44,e,f,g,h,a,b,c,d)
- ROUND(45,d,e,f,g,h,a,b,c)
- ROUND(46,c,d,e,f,g,h,a,b)
- ROUND(47,b,c,d,e,f,g,h,a)
-
- ROUND(48,a,b,c,d,e,f,g,h)
- ROUND(49,h,a,b,c,d,e,f,g)
- ROUND(50,g,h,a,b,c,d,e,f)
- ROUND(51,f,g,h,a,b,c,d,e)
- ROUND(52,e,f,g,h,a,b,c,d)
- ROUND(53,d,e,f,g,h,a,b,c)
- ROUND(54,c,d,e,f,g,h,a,b)
- ROUND(55,b,c,d,e,f,g,h,a)
-
- ROUND(56,a,b,c,d,e,f,g,h)
- ROUND(57,h,a,b,c,d,e,f,g)
- ROUND(58,g,h,a,b,c,d,e,f)
- ROUND(59,f,g,h,a,b,c,d,e)
- ROUND(60,e,f,g,h,a,b,c,d)
- ROUND(61,d,e,f,g,h,a,b,c)
- ROUND(62,c,d,e,f,g,h,a,b)
- ROUND(63,b,c,d,e,f,g,h,a)
-#endif
-
- H[0] += a;
- H[1] += b;
- H[2] += c;
- H[3] += d;
- H[4] += e;
- H[5] += f;
- H[6] += g;
- H[7] += h;
- }
-#undef ROUND
-}
-
-#undef s0
-#undef s1
-#undef S0
-#undef S1
-
-void
-SHA256_Update(SHA256Context *ctx, const unsigned char *input,
- unsigned int inputLen)
-{
- unsigned int inBuf = ctx->sizeLo & 0x3f;
- if (!inputLen)
- return;
-
- /* Add inputLen into the count of bytes processed, before processing */
- if ((ctx->sizeLo += inputLen) < inputLen)
- ctx->sizeHi++;
-
- /* if data already in buffer, attemp to fill rest of buffer */
- if (inBuf) {
- unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
- if (inputLen < todo)
- todo = inputLen;
- memcpy(B + inBuf, input, todo);
- input += todo;
- inputLen -= todo;
- if (inBuf + todo == SHA256_BLOCK_LENGTH)
- SHA256_Compress(ctx);
- }
-
- /* if enough data to fill one or more whole buffers, process them. */
- while (inputLen >= SHA256_BLOCK_LENGTH) {
- memcpy(B, input, SHA256_BLOCK_LENGTH);
- input += SHA256_BLOCK_LENGTH;
- inputLen -= SHA256_BLOCK_LENGTH;
- SHA256_Compress(ctx);
- }
- /* if data left over, fill it into buffer */
- if (inputLen)
- memcpy(B, input, inputLen);
-}
-
-void
-SHA256_End(SHA256Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
-{
- unsigned int inBuf = ctx->sizeLo & 0x3f;
- unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf);
- PRUint32 hi, lo;
-#ifdef SWAP4MASK
- PRUint32 t1;
-#endif
-
- hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29);
- lo = (ctx->sizeLo << 3);
-
- SHA256_Update(ctx, pad, padLen);
-
-#if defined(IS_LITTLE_ENDIAN)
- W[14] = SHA_HTONL(hi);
- W[15] = SHA_HTONL(lo);
-#else
- W[14] = hi;
- W[15] = lo;
-#endif
- SHA256_Compress(ctx);
-
- /* now output the answer */
-#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP4(H[0]);
- BYTESWAP4(H[1]);
- BYTESWAP4(H[2]);
- BYTESWAP4(H[3]);
- BYTESWAP4(H[4]);
- BYTESWAP4(H[5]);
- BYTESWAP4(H[6]);
- BYTESWAP4(H[7]);
-#endif
- padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);
- memcpy(digest, H, padLen);
- if (digestLen)
- *digestLen = padLen;
-}
-
-void SHA256_Clone(SHA256Context* dest, SHA256Context* src)
-{
- memcpy(dest, src, sizeof *dest);
-}
-
-/* Comment out unused code, mostly the SHA384 and SHA512 implementations. */
-#if 0
-SECStatus
-SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length)
-{
- SHA256Context ctx;
- unsigned int outLen;
-
- SHA256_Begin(&ctx);
- SHA256_Update(&ctx, src, src_length);
- SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH);
-
- return SECSuccess;
-}
-
-
-SECStatus
-SHA256_Hash(unsigned char *dest, const char *src)
-{
- return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
-}
-
-
-void SHA256_TraceState(SHA256Context *ctx) { }
-
-unsigned int
-SHA256_FlattenSize(SHA256Context *ctx)
-{
- return sizeof *ctx;
-}
-
-SECStatus
-SHA256_Flatten(SHA256Context *ctx,unsigned char *space)
-{
- PORT_Memcpy(space, ctx, sizeof *ctx);
- return SECSuccess;
-}
-
-SHA256Context *
-SHA256_Resurrect(unsigned char *space, void *arg)
-{
- SHA256Context *ctx = SHA256_NewContext();
- if (ctx)
- PORT_Memcpy(ctx, space, sizeof *ctx);
- return ctx;
-}
-
-/* ======= SHA512 and SHA384 common constants and defines ================= */
-
-/* common #defines for SHA512 and SHA384 */
-#if defined(HAVE_LONG_LONG)
-#define ROTR64(x,n) ((x >> n) | (x << (64 - n)))
-#define ROTL64(x,n) ((x << n) | (x >> (64 - n)))
-
-#define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))
-#define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))
-#define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7))
-#define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6))
-
-#if PR_BYTES_PER_LONG == 8
-#define ULLC(hi,lo) 0x ## hi ## lo ## UL
-#elif defined(_MSC_VER)
-#define ULLC(hi,lo) 0x ## hi ## lo ## ui64
-#else
-#define ULLC(hi,lo) 0x ## hi ## lo ## ULL
-#endif
-
-#define SHA_MASK16 ULLC(0000FFFF,0000FFFF)
-#define SHA_MASK8 ULLC(00FF00FF,00FF00FF)
-#define SHA_HTONLL(x) (t1 = x, \
- t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \
- t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \
- (t1 >> 32) | (t1 << 32))
-#define BYTESWAP8(x) x = SHA_HTONLL(x)
-
-#else /* no long long */
-
-#if defined(IS_LITTLE_ENDIAN)
-#define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U }
-#else
-#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U }
-#endif
-
-#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
- x.hi ^= x.lo ^= x.hi ^= x.lo, x)
-#define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \
- tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0)
-#endif
-
-/* SHA-384 and SHA-512 constants, K512. */
-static const PRUint64 K512[80] = {
-#if PR_BYTES_PER_LONG == 8
- 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL ,
- 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL ,
- 0x3956c25bf348b538UL , 0x59f111f1b605d019UL ,
- 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL ,
- 0xd807aa98a3030242UL , 0x12835b0145706fbeUL ,
- 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL ,
- 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL ,
- 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL ,
- 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL ,
- 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL ,
- 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL ,
- 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL ,
- 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL ,
- 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL ,
- 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL ,
- 0x06ca6351e003826fUL , 0x142929670a0e6e70UL ,
- 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL ,
- 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL ,
- 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL ,
- 0x81c2c92e47edaee6UL , 0x92722c851482353bUL ,
- 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL ,
- 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL ,
- 0xd192e819d6ef5218UL , 0xd69906245565a910UL ,
- 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL ,
- 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL ,
- 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL ,
- 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL ,
- 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL ,
- 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL ,
- 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL ,
- 0x90befffa23631e28UL , 0xa4506cebde82bde9UL ,
- 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL ,
- 0xca273eceea26619cUL , 0xd186b8c721c0c207UL ,
- 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL ,
- 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL ,
- 0x113f9804bef90daeUL , 0x1b710b35131c471bUL ,
- 0x28db77f523047d84UL , 0x32caab7b40c72493UL ,
- 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL ,
- 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL ,
- 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL
-#else
- ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd),
- ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc),
- ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019),
- ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118),
- ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe),
- ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2),
- ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1),
- ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694),
- ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3),
- ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65),
- ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483),
- ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5),
- ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210),
- ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4),
- ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725),
- ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70),
- ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926),
- ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df),
- ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8),
- ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b),
- ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001),
- ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30),
- ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910),
- ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8),
- ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53),
- ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8),
- ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb),
- ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3),
- ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60),
- ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec),
- ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9),
- ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b),
- ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207),
- ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178),
- ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6),
- ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b),
- ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493),
- ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c),
- ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a),
- ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817)
-#endif
-};
-
-struct SHA512ContextStr {
- union {
- PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
- PRUint32 l[160];
- PRUint8 b[640];
- } u;
- PRUint64 h[8]; /* 8 state variables */
- PRUint64 sizeLo; /* 64-bit count of hashed bytes. */
-};
-
-/* =========== SHA512 implementation ===================================== */
-
-/* SHA-512 initial hash values */
-static const PRUint64 H512[8] = {
-#if PR_BYTES_PER_LONG == 8
- 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL ,
- 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL ,
- 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL ,
- 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL
-#else
- ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b),
- ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1),
- ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f),
- ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179)
-#endif
-};
-
-
-SHA512Context *
-SHA512_NewContext(void)
-{
- SHA512Context *ctx = PORT_New(SHA512Context);
- return ctx;
-}
-
-void
-SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
-{
- if (freeit) {
- PORT_ZFree(ctx, sizeof *ctx);
- }
-}
-
-void
-SHA512_Begin(SHA512Context *ctx)
-{
- memset(ctx, 0, sizeof *ctx);
- memcpy(H, H512, sizeof H512);
-}
-
-#if defined(SHA512_TRACE)
-#if defined(HAVE_LONG_LONG)
-#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
- n, #e, d, #a, h);
-#else
-#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
- n, #e, d.hi, d.lo, #a, h.hi, h.lo);
-#endif
-#else
-#define DUMP(n,a,d,e,h)
-#endif
-
-#if defined(HAVE_LONG_LONG)
-
-#define ADDTO(x,y) y += x
-
-#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
-
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \
- d += h; \
- h += S0(a) + Maj(a,b,c); \
- DUMP(n,a,d,e,h)
-
-#else /* use only 32-bit variables, and don't unroll loops */
-
-#undef NOUNROLL512
-#define NOUNROLL512 1
-
-#define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo)
-
-#define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
-#define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32))
-#define SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
-
-/* Capitol Sigma and lower case sigma functions */
-#define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi))
-#define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7))
-
-#define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi))
-#define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6))
-
-#define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi))
-#define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo))
-
-#define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi))
-#define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo))
-
-/* 32-bit versions of Ch and Maj */
-#define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
-#define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
-
-#define INITW(t) \
- do { \
- PRUint32 lo, tm; \
- PRUint32 cy = 0; \
- lo = s1lo(W[t-2]); \
- lo += (tm = W[t-7].lo); if (lo < tm) cy++; \
- lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \
- lo += (tm = W[t-16].lo); if (lo < tm) cy++; \
- W[t].lo = lo; \
- W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \
- } while (0)
-
-#define ROUND(n,a,b,c,d,e,f,g,h) \
- { \
- PRUint32 lo, tm, cy; \
- lo = S1lo(e); \
- lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \
- lo += (tm = K512[n].lo); if (lo < tm) cy++; \
- lo += (tm = W[n].lo); if (lo < tm) cy++; \
- h.lo += lo; if (h.lo < lo) cy++; \
- h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \
- d.lo += h.lo; \
- d.hi += h.hi + (d.lo < h.lo); \
- lo = S0lo(a); \
- lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \
- h.lo += lo; if (h.lo < lo) cy++; \
- h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \
- DUMP(n,a,d,e,h) \
- }
-#endif
-
-static void
-SHA512_Compress(SHA512Context *ctx)
-{
-#if defined(IS_LITTLE_ENDIAN)
- {
-#if defined(HAVE_LONG_LONG)
- PRUint64 t1;
-#else
- PRUint32 t1;
-#endif
- BYTESWAP8(W[0]);
- BYTESWAP8(W[1]);
- BYTESWAP8(W[2]);
- BYTESWAP8(W[3]);
- BYTESWAP8(W[4]);
- BYTESWAP8(W[5]);
- BYTESWAP8(W[6]);
- BYTESWAP8(W[7]);
- BYTESWAP8(W[8]);
- BYTESWAP8(W[9]);
- BYTESWAP8(W[10]);
- BYTESWAP8(W[11]);
- BYTESWAP8(W[12]);
- BYTESWAP8(W[13]);
- BYTESWAP8(W[14]);
- BYTESWAP8(W[15]);
- }
-#endif
-
- {
- PRUint64 t1, t2;
-#ifdef NOUNROLL512
- {
- /* prepare the "message schedule" */
- int t;
- for (t = 16; t < 80; ++t) {
- INITW(t);
- }
- }
-#else
- INITW(16);
- INITW(17);
- INITW(18);
- INITW(19);
-
- INITW(20);
- INITW(21);
- INITW(22);
- INITW(23);
- INITW(24);
- INITW(25);
- INITW(26);
- INITW(27);
- INITW(28);
- INITW(29);
-
- INITW(30);
- INITW(31);
- INITW(32);
- INITW(33);
- INITW(34);
- INITW(35);
- INITW(36);
- INITW(37);
- INITW(38);
- INITW(39);
-
- INITW(40);
- INITW(41);
- INITW(42);
- INITW(43);
- INITW(44);
- INITW(45);
- INITW(46);
- INITW(47);
- INITW(48);
- INITW(49);
-
- INITW(50);
- INITW(51);
- INITW(52);
- INITW(53);
- INITW(54);
- INITW(55);
- INITW(56);
- INITW(57);
- INITW(58);
- INITW(59);
-
- INITW(60);
- INITW(61);
- INITW(62);
- INITW(63);
- INITW(64);
- INITW(65);
- INITW(66);
- INITW(67);
- INITW(68);
- INITW(69);
-
- INITW(70);
- INITW(71);
- INITW(72);
- INITW(73);
- INITW(74);
- INITW(75);
- INITW(76);
- INITW(77);
- INITW(78);
- INITW(79);
-#endif
- }
-#ifdef SHA512_TRACE
- {
- int i;
- for (i = 0; i < 80; ++i) {
-#ifdef HAVE_LONG_LONG
- printf("W[%2d] = %016lx\n", i, W[i]);
-#else
- printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
-#endif
- }
- }
-#endif
- {
- PRUint64 a, b, c, d, e, f, g, h;
-
- a = H[0];
- b = H[1];
- c = H[2];
- d = H[3];
- e = H[4];
- f = H[5];
- g = H[6];
- h = H[7];
-
-#ifdef NOUNROLL512
- {
- int t;
- for (t = 0; t < 80; t+= 8) {
- ROUND(t+0,a,b,c,d,e,f,g,h)
- ROUND(t+1,h,a,b,c,d,e,f,g)
- ROUND(t+2,g,h,a,b,c,d,e,f)
- ROUND(t+3,f,g,h,a,b,c,d,e)
- ROUND(t+4,e,f,g,h,a,b,c,d)
- ROUND(t+5,d,e,f,g,h,a,b,c)
- ROUND(t+6,c,d,e,f,g,h,a,b)
- ROUND(t+7,b,c,d,e,f,g,h,a)
- }
- }
-#else
- ROUND( 0,a,b,c,d,e,f,g,h)
- ROUND( 1,h,a,b,c,d,e,f,g)
- ROUND( 2,g,h,a,b,c,d,e,f)
- ROUND( 3,f,g,h,a,b,c,d,e)
- ROUND( 4,e,f,g,h,a,b,c,d)
- ROUND( 5,d,e,f,g,h,a,b,c)
- ROUND( 6,c,d,e,f,g,h,a,b)
- ROUND( 7,b,c,d,e,f,g,h,a)
-
- ROUND( 8,a,b,c,d,e,f,g,h)
- ROUND( 9,h,a,b,c,d,e,f,g)
- ROUND(10,g,h,a,b,c,d,e,f)
- ROUND(11,f,g,h,a,b,c,d,e)
- ROUND(12,e,f,g,h,a,b,c,d)
- ROUND(13,d,e,f,g,h,a,b,c)
- ROUND(14,c,d,e,f,g,h,a,b)
- ROUND(15,b,c,d,e,f,g,h,a)
-
- ROUND(16,a,b,c,d,e,f,g,h)
- ROUND(17,h,a,b,c,d,e,f,g)
- ROUND(18,g,h,a,b,c,d,e,f)
- ROUND(19,f,g,h,a,b,c,d,e)
- ROUND(20,e,f,g,h,a,b,c,d)
- ROUND(21,d,e,f,g,h,a,b,c)
- ROUND(22,c,d,e,f,g,h,a,b)
- ROUND(23,b,c,d,e,f,g,h,a)
-
- ROUND(24,a,b,c,d,e,f,g,h)
- ROUND(25,h,a,b,c,d,e,f,g)
- ROUND(26,g,h,a,b,c,d,e,f)
- ROUND(27,f,g,h,a,b,c,d,e)
- ROUND(28,e,f,g,h,a,b,c,d)
- ROUND(29,d,e,f,g,h,a,b,c)
- ROUND(30,c,d,e,f,g,h,a,b)
- ROUND(31,b,c,d,e,f,g,h,a)
-
- ROUND(32,a,b,c,d,e,f,g,h)
- ROUND(33,h,a,b,c,d,e,f,g)
- ROUND(34,g,h,a,b,c,d,e,f)
- ROUND(35,f,g,h,a,b,c,d,e)
- ROUND(36,e,f,g,h,a,b,c,d)
- ROUND(37,d,e,f,g,h,a,b,c)
- ROUND(38,c,d,e,f,g,h,a,b)
- ROUND(39,b,c,d,e,f,g,h,a)
-
- ROUND(40,a,b,c,d,e,f,g,h)
- ROUND(41,h,a,b,c,d,e,f,g)
- ROUND(42,g,h,a,b,c,d,e,f)
- ROUND(43,f,g,h,a,b,c,d,e)
- ROUND(44,e,f,g,h,a,b,c,d)
- ROUND(45,d,e,f,g,h,a,b,c)
- ROUND(46,c,d,e,f,g,h,a,b)
- ROUND(47,b,c,d,e,f,g,h,a)
-
- ROUND(48,a,b,c,d,e,f,g,h)
- ROUND(49,h,a,b,c,d,e,f,g)
- ROUND(50,g,h,a,b,c,d,e,f)
- ROUND(51,f,g,h,a,b,c,d,e)
- ROUND(52,e,f,g,h,a,b,c,d)
- ROUND(53,d,e,f,g,h,a,b,c)
- ROUND(54,c,d,e,f,g,h,a,b)
- ROUND(55,b,c,d,e,f,g,h,a)
-
- ROUND(56,a,b,c,d,e,f,g,h)
- ROUND(57,h,a,b,c,d,e,f,g)
- ROUND(58,g,h,a,b,c,d,e,f)
- ROUND(59,f,g,h,a,b,c,d,e)
- ROUND(60,e,f,g,h,a,b,c,d)
- ROUND(61,d,e,f,g,h,a,b,c)
- ROUND(62,c,d,e,f,g,h,a,b)
- ROUND(63,b,c,d,e,f,g,h,a)
-
- ROUND(64,a,b,c,d,e,f,g,h)
- ROUND(65,h,a,b,c,d,e,f,g)
- ROUND(66,g,h,a,b,c,d,e,f)
- ROUND(67,f,g,h,a,b,c,d,e)
- ROUND(68,e,f,g,h,a,b,c,d)
- ROUND(69,d,e,f,g,h,a,b,c)
- ROUND(70,c,d,e,f,g,h,a,b)
- ROUND(71,b,c,d,e,f,g,h,a)
-
- ROUND(72,a,b,c,d,e,f,g,h)
- ROUND(73,h,a,b,c,d,e,f,g)
- ROUND(74,g,h,a,b,c,d,e,f)
- ROUND(75,f,g,h,a,b,c,d,e)
- ROUND(76,e,f,g,h,a,b,c,d)
- ROUND(77,d,e,f,g,h,a,b,c)
- ROUND(78,c,d,e,f,g,h,a,b)
- ROUND(79,b,c,d,e,f,g,h,a)
-#endif
-
- ADDTO(a,H[0]);
- ADDTO(b,H[1]);
- ADDTO(c,H[2]);
- ADDTO(d,H[3]);
- ADDTO(e,H[4]);
- ADDTO(f,H[5]);
- ADDTO(g,H[6]);
- ADDTO(h,H[7]);
- }
-}
-
-void
-SHA512_Update(SHA512Context *ctx, const unsigned char *input,
- unsigned int inputLen)
-{
- unsigned int inBuf;
- if (!inputLen)
- return;
-
-#if defined(HAVE_LONG_LONG)
- inBuf = (unsigned int)ctx->sizeLo & 0x7f;
- /* Add inputLen into the count of bytes processed, before processing */
- ctx->sizeLo += inputLen;
-#else
- inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
- ctx->sizeLo.lo += inputLen;
- if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++;
-#endif
-
- /* if data already in buffer, attemp to fill rest of buffer */
- if (inBuf) {
- unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
- if (inputLen < todo)
- todo = inputLen;
- memcpy(B + inBuf, input, todo);
- input += todo;
- inputLen -= todo;
- if (inBuf + todo == SHA512_BLOCK_LENGTH)
- SHA512_Compress(ctx);
- }
-
- /* if enough data to fill one or more whole buffers, process them. */
- while (inputLen >= SHA512_BLOCK_LENGTH) {
- memcpy(B, input, SHA512_BLOCK_LENGTH);
- input += SHA512_BLOCK_LENGTH;
- inputLen -= SHA512_BLOCK_LENGTH;
- SHA512_Compress(ctx);
- }
- /* if data left over, fill it into buffer */
- if (inputLen)
- memcpy(B, input, inputLen);
-}
-
-void
-SHA512_End(SHA512Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
-{
-#if defined(HAVE_LONG_LONG)
- unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
- unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
- PRUint64 lo, t1;
- lo = (ctx->sizeLo << 3);
-#else
- unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
- unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
- PRUint64 lo = ctx->sizeLo;
- PRUint32 t1;
- lo.lo <<= 3;
-#endif
-
- SHA512_Update(ctx, pad, padLen);
-
-#if defined(HAVE_LONG_LONG)
- W[14] = 0;
-#else
- W[14].lo = 0;
- W[14].hi = 0;
-#endif
-
- W[15] = lo;
-#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP8(W[15]);
-#endif
- SHA512_Compress(ctx);
-
- /* now output the answer */
-#if defined(IS_LITTLE_ENDIAN)
- BYTESWAP8(H[0]);
- BYTESWAP8(H[1]);
- BYTESWAP8(H[2]);
- BYTESWAP8(H[3]);
- BYTESWAP8(H[4]);
- BYTESWAP8(H[5]);
- BYTESWAP8(H[6]);
- BYTESWAP8(H[7]);
-#endif
- padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);
- memcpy(digest, H, padLen);
- if (digestLen)
- *digestLen = padLen;
-}
-
-SECStatus
-SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length)
-{
- SHA512Context ctx;
- unsigned int outLen;
-
- SHA512_Begin(&ctx);
- SHA512_Update(&ctx, src, src_length);
- SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH);
-
- return SECSuccess;
-}
-
-
-SECStatus
-SHA512_Hash(unsigned char *dest, const char *src)
-{
- return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
-}
-
-
-void SHA512_TraceState(SHA512Context *ctx) { }
-
-unsigned int
-SHA512_FlattenSize(SHA512Context *ctx)
-{
- return sizeof *ctx;
-}
-
-SECStatus
-SHA512_Flatten(SHA512Context *ctx,unsigned char *space)
-{
- PORT_Memcpy(space, ctx, sizeof *ctx);
- return SECSuccess;
-}
-
-SHA512Context *
-SHA512_Resurrect(unsigned char *space, void *arg)
-{
- SHA512Context *ctx = SHA512_NewContext();
- if (ctx)
- PORT_Memcpy(ctx, space, sizeof *ctx);
- return ctx;
-}
-
-void SHA512_Clone(SHA512Context *dest, SHA512Context *src)
-{
- memcpy(dest, src, sizeof *dest);
-}
-
-/* ======================================================================= */
-/* SHA384 uses a SHA512Context as the real context.
-** The only differences between SHA384 an SHA512 are:
-** a) the intialization values for the context, and
-** b) the number of bytes of data produced as output.
-*/
-
-/* SHA-384 initial hash values */
-static const PRUint64 H384[8] = {
-#if PR_BYTES_PER_LONG == 8
- 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL ,
- 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL ,
- 0x67332667ffc00b31UL , 0x8eb44a8768581511UL ,
- 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL
-#else
- ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507),
- ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939),
- ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511),
- ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4)
-#endif
-};
-
-SHA384Context *
-SHA384_NewContext(void)
-{
- return SHA512_NewContext();
-}
-
-void
-SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)
-{
- SHA512_DestroyContext(ctx, freeit);
-}
-
-void
-SHA384_Begin(SHA384Context *ctx)
-{
- memset(ctx, 0, sizeof *ctx);
- memcpy(H, H384, sizeof H384);
-}
-
-void
-SHA384_Update(SHA384Context *ctx, const unsigned char *input,
- unsigned int inputLen)
-{
- SHA512_Update(ctx, input, inputLen);
-}
-
-void
-SHA384_End(SHA384Context *ctx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
-{
-#define SHA_MIN(a,b) (a < b ? a : b)
- unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
- SHA512_End(ctx, digest, digestLen, maxLen);
-}
-
-SECStatus
-SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
- unsigned int src_length)
-{
- SHA512Context ctx;
- unsigned int outLen;
-
- SHA384_Begin(&ctx);
- SHA512_Update(&ctx, src, src_length);
- SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
-
- return SECSuccess;
-}
-
-SECStatus
-SHA384_Hash(unsigned char *dest, const char *src)
-{
- return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
-}
-
-void SHA384_TraceState(SHA384Context *ctx) { }
-
-unsigned int
-SHA384_FlattenSize(SHA384Context *ctx)
-{
- return sizeof(SHA384Context);
-}
-
-SECStatus
-SHA384_Flatten(SHA384Context *ctx,unsigned char *space)
-{
- return SHA512_Flatten(ctx, space);
-}
-
-SHA384Context *
-SHA384_Resurrect(unsigned char *space, void *arg)
-{
- return SHA512_Resurrect(space, arg);
-}
-
-void SHA384_Clone(SHA384Context *dest, SHA384Context *src)
-{
- memcpy(dest, src, sizeof *dest);
-}
-#endif /* Comment out unused code. */
-
-/* ======================================================================= */
-#ifdef SELFTEST
-#include <stdio.h>
-
-static const char abc[] = { "abc" };
-static const char abcdbc[] = {
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
-};
-static const char abcdef[] = {
- "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
- "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
-};
-
-void
-dumpHash32(const unsigned char *buf, unsigned int bufLen)
-{
- unsigned int i;
- for (i = 0; i < bufLen; i += 4) {
- printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]);
- }
- printf("\n");
-}
-
-void test256(void)
-{
- unsigned char outBuf[SHA256_LENGTH];
-
- printf("SHA256, input = %s\n", abc);
- SHA256_Hash(outBuf, abc);
- dumpHash32(outBuf, sizeof outBuf);
-
- printf("SHA256, input = %s\n", abcdbc);
- SHA256_Hash(outBuf, abcdbc);
- dumpHash32(outBuf, sizeof outBuf);
-}
-
-void
-dumpHash64(const unsigned char *buf, unsigned int bufLen)
-{
- unsigned int i;
- for (i = 0; i < bufLen; i += 8) {
- if (i % 32 == 0)
- printf("\n");
- printf(" %02x%02x%02x%02x%02x%02x%02x%02x",
- buf[i ], buf[i+1], buf[i+2], buf[i+3],
- buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
- }
- printf("\n");
-}
-
-void test512(void)
-{
- unsigned char outBuf[SHA512_LENGTH];
-
- printf("SHA512, input = %s\n", abc);
- SHA512_Hash(outBuf, abc);
- dumpHash64(outBuf, sizeof outBuf);
-
- printf("SHA512, input = %s\n", abcdef);
- SHA512_Hash(outBuf, abcdef);
- dumpHash64(outBuf, sizeof outBuf);
-}
-
-void time512(void)
-{
- unsigned char outBuf[SHA512_LENGTH];
-
- SHA512_Hash(outBuf, abc);
- SHA512_Hash(outBuf, abcdef);
-}
-
-void test384(void)
-{
- unsigned char outBuf[SHA384_LENGTH];
-
- printf("SHA384, input = %s\n", abc);
- SHA384_Hash(outBuf, abc);
- dumpHash64(outBuf, sizeof outBuf);
-
- printf("SHA384, input = %s\n", abcdef);
- SHA384_Hash(outBuf, abcdef);
- dumpHash64(outBuf, sizeof outBuf);
-}
-
-int main (int argc, char *argv[], char *envp[])
-{
- int i = 1;
- if (argc > 1) {
- i = atoi(argv[1]);
- }
- if (i < 2) {
- test256();
- test512();
- test384();
- } else {
- while (i-- > 0) {
- time512();
- }
- printf("done\n");
- }
- return 0;
-}
-
-#endif
diff --git a/crypto/wincrypt_shim.h b/crypto/wincrypt_shim.h
index 48d4b5c..dcfd4ad 100644
--- a/crypto/wincrypt_shim.h
+++ b/crypto/wincrypt_shim.h
@@ -2,8 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef NET_CRYPTO_WINCRYPT_SHIM_H_
-#define NET_CRYPTO_WINCRYPT_SHIM_H_
+#ifndef CRYPTO_WINCRYPT_SHIM_H_
+#define CRYPTO_WINCRYPT_SHIM_H_
// wincrypt.h defines macros which conflict with OpenSSL's types. This header
// includes wincrypt and undefines the OpenSSL macros which conflict. Any
@@ -22,4 +22,4 @@
#define WINCRYPT_X509_EXTENSIONS ((LPCSTR) 5)
#define WINCRYPT_X509_NAME ((LPCSTR) 7)
-#endif // NET_CRYPTO_WINCRYPT_SHIM_H_
+#endif // CRYPTO_WINCRYPT_SHIM_H_