Imported Upstream version 4.14.1

[platform/upstream/rpm.git] / rpmio / digest_nss.c

#include "system.h"

#include <pthread.h>
#include <nss.h>
#include <sechash.h>
#include <keyhi.h>
#include <cryptohi.h>
#include <blapit.h>

#include <rpm/rpmlog.h>
#include "rpmio/digest.h"
#include "debug.h"


static int _crypto_initialized = 0;
static int _new_process = 1;

#if HAVE_NSS_INITCONTEXT
static NSSInitContext * _nss_ctx = NULL;
#endif

/**
 * MD5/SHA1 digest private data.
 */
struct DIGEST_CTX_s {
    rpmDigestFlags flags;       /*!< Bit(s) to control digest operation. */
    HASHContext *hashctx;       /*!< Internal NSS hash context. */
    int algo;                   /*!< Used hash algorithm */
};

/*
 * Only flag for re-initialization here, in the common case the child
 * exec()'s something else shutting down NSS here would be waste of time.
 */
static void at_forkchild(void)
{
    _new_process = 1;
}

int rpmInitCrypto(void)
{
    int rc = 0;

    /* Lazy NSS shutdown for re-initialization after fork() */
    if (_new_process && _crypto_initialized) {
        rpmFreeCrypto();
    }

    /*
     * Initialize NSS if not already done.
     * NSS prior to 3.12.5 only supports a global context which can cause
     * trouble when an API user wants to use NSS for their own purposes, use
     * a private context if possible.
     */
    if (!_crypto_initialized) {
        /* NSPR sets SIGPIPE to ignore behind our back, save and restore */
        struct sigaction oact;
        sigaction(SIGPIPE, NULL, &oact);
#if HAVE_NSS_INITCONTEXT
        PRUint32 flags = (NSS_INIT_READONLY|NSS_INIT_NOCERTDB|
                          NSS_INIT_NOMODDB|NSS_INIT_FORCEOPEN|
                          NSS_INIT_NOROOTINIT|NSS_INIT_OPTIMIZESPACE);
        _nss_ctx = NSS_InitContext(NULL, NULL, NULL, NULL, NULL, flags);
        if (_nss_ctx == NULL) {
#else
        if (NSS_NoDB_Init(NULL) != SECSuccess) {
#endif
            rpmlog(RPMLOG_ERR, _("Failed to initialize NSS library\n"));
            rc = -1;
        } else {
            _crypto_initialized = 1;
        }
        sigaction(SIGPIPE, &oact, NULL);
    }

    /* Register one post-fork handler per process */
    if (_new_process) {
        if (pthread_atfork(NULL, NULL, at_forkchild) != 0) {
            rpmlog(RPMLOG_WARNING, _("Failed to register fork handler: %m\n"));
        }
        _new_process = 0;
    }
    return rc;
}

int rpmFreeCrypto(void) 
{
    int rc = 0;
    if (_crypto_initialized) {
#if HAVE_NSS_INITCONTEXT
        rc = (NSS_ShutdownContext(_nss_ctx) != SECSuccess);
        _nss_ctx = NULL;
#else
        rc = (NSS_Shutdown() != SECSuccess);
#endif
        _crypto_initialized = 0;
    }
    return rc;
}

DIGEST_CTX rpmDigestDup(DIGEST_CTX octx)
{
    DIGEST_CTX nctx = NULL;
    if (octx) {
        HASHContext *hctx = HASH_Clone(octx->hashctx);
        if (hctx) {
            nctx = memcpy(xcalloc(1, sizeof(*nctx)), octx, sizeof(*nctx));
            nctx->hashctx = hctx;
        }
    }
    return nctx;
}

RPM_GNUC_PURE
static HASH_HashType getHashType(int hashalgo)
{
    switch (hashalgo) {
    case PGPHASHALGO_MD5:       return HASH_AlgMD5;
    case PGPHASHALGO_MD2:       return HASH_AlgMD2;
    case PGPHASHALGO_SHA1:      return HASH_AlgSHA1;
#ifdef SHA224_LENGTH
    case PGPHASHALGO_SHA224:    return HASH_AlgSHA224;
#endif
    case PGPHASHALGO_SHA256:    return HASH_AlgSHA256;
    case PGPHASHALGO_SHA384:    return HASH_AlgSHA384;
    case PGPHASHALGO_SHA512:    return HASH_AlgSHA512;
    }
    return HASH_AlgNULL;
}

size_t rpmDigestLength(int hashalgo)
{
    return HASH_ResultLen(getHashType(hashalgo));
}

DIGEST_CTX rpmDigestInit(int hashalgo, rpmDigestFlags flags)
{
    HASH_HashType type = getHashType(hashalgo);
    HASHContext *hashctx = NULL;
    DIGEST_CTX ctx = NULL;

    if (type == HASH_AlgNULL || rpmInitCrypto() < 0)
        goto exit;

    if ((hashctx = HASH_Create(type)) != NULL) {
        ctx = xcalloc(1, sizeof(*ctx));
        ctx->flags = flags;
        ctx->algo = hashalgo;
        ctx->hashctx = hashctx;
        HASH_Begin(ctx->hashctx);
    }
    
exit:
    return ctx;
}

int rpmDigestUpdate(DIGEST_CTX ctx, const void * data, size_t len)
{
    size_t partlen;
    const unsigned char *ptr = data;

    if (ctx == NULL)
        return -1;

   partlen = ~(unsigned int)0xFF;
   while (len > 0) {
        if (len < partlen) {
                partlen = len;
        }
        HASH_Update(ctx->hashctx, ptr, partlen);
        ptr += partlen;
        len -= partlen;
   }
   return 0;
}

int rpmDigestFinal(DIGEST_CTX ctx, void ** datap, size_t *lenp, int asAscii)
{
    unsigned char * digest;
    unsigned int digestlen;

    if (ctx == NULL)
        return -1;
    digestlen = HASH_ResultLenContext(ctx->hashctx);
    digest = xmalloc(digestlen);

/* FIX: check rc */
    HASH_End(ctx->hashctx, digest, (unsigned int *) &digestlen, digestlen);

    /* Return final digest. */
    if (!asAscii) {
        if (lenp) *lenp = digestlen;
        if (datap) {
            *datap = digest;
            digest = NULL;
        }
    } else {
        if (lenp) *lenp = (2*digestlen) + 1;
        if (datap) {
            const uint8_t * s = (const uint8_t *) digest;
            *datap = pgpHexStr(s, digestlen);
        }
    }
    if (digest) {
        memset(digest, 0, digestlen);   /* In case it's sensitive */
        free(digest);
    }
    HASH_Destroy(ctx->hashctx);
    memset(ctx, 0, sizeof(*ctx));       /* In case it's sensitive */
    free(ctx);
    return 0;
}

RPM_GNUC_PURE
static SECOidTag getHashAlg(unsigned int hashalgo)
{
    switch (hashalgo) {
    case PGPHASHALGO_MD5:       return SEC_OID_MD5;
    case PGPHASHALGO_MD2:       return SEC_OID_MD2;
    case PGPHASHALGO_SHA1:      return SEC_OID_SHA1;
#ifdef SHA224_LENGTH
    case PGPHASHALGO_SHA224:    return SEC_OID_SHA224;
#endif
    case PGPHASHALGO_SHA256:    return SEC_OID_SHA256;
    case PGPHASHALGO_SHA384:    return SEC_OID_SHA384;
    case PGPHASHALGO_SHA512:    return SEC_OID_SHA512;
    }
    return SEC_OID_UNKNOWN;
}

static int pgpMpiSet(unsigned int lbits, uint8_t *dest, const uint8_t * p)
{
    unsigned int mbits = pgpMpiBits(p);
    unsigned int nbits;
    size_t nbytes;
    uint8_t *t = dest;
    unsigned int ix;

    if (mbits > lbits)
        return 1;

    nbits = (lbits > mbits ? lbits : mbits);
    nbytes = ((nbits + 7) >> 3);
    ix = (nbits - mbits) >> 3;

    if (ix > 0)
        memset(t, '\0', ix);
    memcpy(t+ix, p+2, nbytes-ix);

    return 0;
}

static SECItem *pgpMpiItem(PRArenaPool *arena, SECItem *item, const uint8_t *p)
{
    size_t nbytes = pgpMpiLen(p)-2;

    if (item == NULL) {
        if ((item=SECITEM_AllocItem(arena, item, nbytes)) == NULL)
            return item;
    } else {
        if (arena != NULL)
            item->data = PORT_ArenaGrow(arena, item->data, item->len, nbytes);
        else
            item->data = PORT_Realloc(item->data, nbytes);
        
        if (item->data == NULL) {
            if (arena == NULL)
                SECITEM_FreeItem(item, PR_TRUE);
            return NULL;
        }
    }

    memcpy(item->data, p+2, nbytes);
    item->len = nbytes;
    return item;
}

static SECKEYPublicKey *pgpNewPublicKey(KeyType type)
{
    PRArenaPool *arena;
    SECKEYPublicKey *key;
    
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if (arena == NULL)
        return NULL;
    
    key = PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey));
    
    if (key == NULL) {
        PORT_FreeArena(arena, PR_FALSE);
        return NULL;
    }
    
    key->keyType = type;
    key->pkcs11ID = CK_INVALID_HANDLE;
    key->pkcs11Slot = NULL;
    key->arena = arena;
    return key;
}

/* compatibility with nss < 3.14 */
#ifndef DSA1_SUBPRIME_LEN
#define DSA1_SUBPRIME_LEN DSA_SUBPRIME_LEN
#endif
#ifndef DSA1_SIGNATURE_LEN
#define DSA1_SIGNATURE_LEN DSA_SIGNATURE_LEN
#endif
#ifndef DSA1_Q_BITS
#define DSA1_Q_BITS DSA_Q_BITS
#endif

static int pgpSetSigMpiDSA(pgpDigAlg pgpsig, int num, const uint8_t *p)
{
    SECItem *sig = pgpsig->data;
    unsigned int qbits = DSA1_Q_BITS;
    unsigned int subprlen = DSA1_SUBPRIME_LEN;
    unsigned int siglen = DSA1_SIGNATURE_LEN;
    int rc = 1; /* assume failure */

    switch (num) {
    case 0:
        sig = pgpsig->data = SECITEM_AllocItem(NULL, NULL, siglen);
        if (sig) {
            memset(sig->data, 0, siglen);
            rc = pgpMpiSet(qbits, sig->data, p);
        }
        break;
    case 1:
        if (sig && pgpMpiSet(qbits, sig->data+subprlen, p) == 0) {
            SECItem *signew = SECITEM_AllocItem(NULL, NULL, 0);
            if (signew == NULL)
                break;
            if (DSAU_EncodeDerSigWithLen(signew, sig, siglen) == SECSuccess) {
                SECITEM_FreeItem(sig, PR_TRUE);
                pgpsig->data = signew;
                rc = 0;
            }
        }
        break;
    }

    return rc;
}

static int pgpSetKeyMpiDSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
{
    SECItem *mpi = NULL;
    SECKEYPublicKey *key = pgpkey->data;

    if (key == NULL)
        key = pgpkey->data = pgpNewPublicKey(dsaKey);

    if (key) {
        switch (num) {
        case 0:
            mpi = pgpMpiItem(key->arena, &key->u.dsa.params.prime, p);
            break;
        case 1:
            mpi = pgpMpiItem(key->arena, &key->u.dsa.params.subPrime, p);
            break;
        case 2:
            mpi = pgpMpiItem(key->arena, &key->u.dsa.params.base, p);
            break;
        case 3:
            mpi = pgpMpiItem(key->arena, &key->u.dsa.publicValue, p);
            break;
        }
    }

    return (mpi == NULL);
}

static int pgpVerifySigDSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
                           uint8_t *hash, size_t hashlen, int hash_algo)
{
    SECItem digest = { .type = siBuffer, .data = hash, .len = hashlen };
    SECOidTag encAlg = SEC_OID_ANSIX9_DSA_SIGNATURE;
    SECOidTag hashAlg = getHashAlg(hash_algo);
    SECStatus rc;

    if (hashAlg == SEC_OID_UNKNOWN)
        return 1;

    rc = VFY_VerifyDigestDirect(&digest, pgpkey->data, pgpsig->data,
                                encAlg, hashAlg, NULL);

    return (rc != SECSuccess);
}

static int pgpSetSigMpiRSA(pgpDigAlg pgpsig, int num, const uint8_t *p)
{
    SECItem *sigitem = NULL;

    if (num == 0) {
       sigitem = pgpMpiItem(NULL, pgpsig->data, p);
       if (sigitem)
           pgpsig->data = sigitem;
    }
    return (sigitem == NULL);
}

static int pgpSetKeyMpiRSA(pgpDigAlg pgpkey, int num, const uint8_t *p)
{
    SECItem *kitem = NULL;
    SECKEYPublicKey *key = pgpkey->data;

    if (key == NULL)
        key = pgpkey->data = pgpNewPublicKey(rsaKey);

    if (key) {
        switch (num) {
        case 0:
            kitem = pgpMpiItem(key->arena, &key->u.rsa.modulus, p);
            break;
        case 1:
            kitem = pgpMpiItem(key->arena, &key->u.rsa.publicExponent, p);
            break;
        }
    }

    return (kitem == NULL);
}

static int pgpVerifySigRSA(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
                           uint8_t *hash, size_t hashlen, int hash_algo)
{
    SECItem digest = { .type = siBuffer, .data = hash, .len = hashlen };
    SECItem *sig = pgpsig->data;
    SECKEYPublicKey *key = pgpkey->data;
    SECItem *padded = NULL;
    SECOidTag encAlg = SEC_OID_PKCS1_RSA_ENCRYPTION;
    SECOidTag hashAlg = getHashAlg(hash_algo);
    SECStatus rc = SECFailure;
    size_t siglen, padlen;

    if (hashAlg == SEC_OID_UNKNOWN)
        return 1;

    /* Zero-pad signature to expected size if necessary */
    siglen = SECKEY_SignatureLen(key);
    padlen = siglen - sig->len;
    if (padlen) {
        padded = SECITEM_AllocItem(NULL, NULL, siglen);
        if (padded == NULL)
            return 1;
        memset(padded->data, 0, padlen);
        memcpy(padded->data + padlen, sig->data, sig->len);
        sig = padded;
    }

    rc = VFY_VerifyDigestDirect(&digest, key, sig, encAlg, hashAlg, NULL);

    if (padded)
        SECITEM_ZfreeItem(padded, PR_TRUE);

    return (rc != SECSuccess);
}

static void pgpFreeSigRSADSA(pgpDigAlg sa)
{
    SECITEM_ZfreeItem(sa->data, PR_TRUE);
    sa->data = NULL;
}

static void pgpFreeKeyRSADSA(pgpDigAlg ka)
{
    SECKEY_DestroyPublicKey(ka->data);
    ka->data = NULL;
}

static int pgpSetMpiNULL(pgpDigAlg pgpkey, int num, const uint8_t *p)
{
    return 1;
}

static int pgpVerifyNULL(pgpDigAlg pgpkey, pgpDigAlg pgpsig,
                         uint8_t *hash, size_t hashlen, int hash_algo)
{
    return 1;
}

pgpDigAlg pgpPubkeyNew(int algo)
{
    pgpDigAlg ka = xcalloc(1, sizeof(*ka));;

    switch (algo) {
    case PGPPUBKEYALGO_RSA:
        ka->setmpi = pgpSetKeyMpiRSA;
        ka->free = pgpFreeKeyRSADSA;
        ka->mpis = 2;
        break;
    case PGPPUBKEYALGO_DSA:
        ka->setmpi = pgpSetKeyMpiDSA;
        ka->free = pgpFreeKeyRSADSA;
        ka->mpis = 4;
        break;
    default:
        ka->setmpi = pgpSetMpiNULL;
        ka->mpis = -1;
        break;
    }

    ka->verify = pgpVerifyNULL; /* keys can't be verified */

    return ka;
}

pgpDigAlg pgpSignatureNew(int algo)
{
    pgpDigAlg sa = xcalloc(1, sizeof(*sa));

    switch (algo) {
    case PGPPUBKEYALGO_RSA:
        sa->setmpi = pgpSetSigMpiRSA;
        sa->free = pgpFreeSigRSADSA;
        sa->verify = pgpVerifySigRSA;
        sa->mpis = 1;
        break;
    case PGPPUBKEYALGO_DSA:
        sa->setmpi = pgpSetSigMpiDSA;
        sa->free = pgpFreeSigRSADSA;
        sa->verify = pgpVerifySigDSA;
        sa->mpis = 2;
        break;
    default:
        sa->setmpi = pgpSetMpiNULL;
        sa->verify = pgpVerifyNULL;
        sa->mpis = -1;
        break;
    }
    return sa;
}