1 /*
2  * Pidgin-Encryption MGF-1 Mask Generation Function (see PKCS#1 v2.1)
3  *
4  * Copyright (C) 2003 William Tompkins
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; either version 2 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
19  */
20 
21 #include <pk11func.h>
22 
23 /* for g_assert; PORT_Assert seems disabled... */
24 #include <glib.h>
25 
26 #include "nss_mgf1.h"
27 
28 static const SECOidTag Hash_OID = SEC_OID_SHA1;
29 
30 /* Mask Generation function:  From a seed, produce a variably sized mask, and */
31 /*   XOR it with the maskee.                                                  */
32 
33 /* Note- this is an inefficient implementation, as we repeatedly hash the     */
34 /*         seed.  If we saved the intermediate context, we'd probably save    */
35 /*         a bunch of time.  But, the NSS exported interface doesn't let us   */
36 /*         do that easily, so we don't.                                       */
37 
memxor(unsigned char * a,unsigned char * b,int len)38 static void memxor (unsigned char* a, unsigned char* b, int len) {
39    while (len-- > 0) {
40       *a++ ^= *b++;
41    }
42 }
43 
mgf1(unsigned char * maskee,unsigned int maskee_len,unsigned char * seed,unsigned seed_len)44 int mgf1(unsigned char* maskee, unsigned int maskee_len,
45          unsigned char* seed, unsigned seed_len) {
46 
47    unsigned char* extended_seed = PORT_Alloc(seed_len + 4);
48    unsigned char* hash_out;
49    unsigned int hash_len;
50 
51    unsigned long int counter = 0;
52    unsigned int counter_pos = seed_len;
53 
54    unsigned int maskee_pos = 0;
55    unsigned int cur_block_size;
56 
57    SECStatus rv;
58 
59    hash_len = 20;
60 
61    hash_out = PORT_Alloc(hash_len);
62    PORT_Memcpy(extended_seed, seed, seed_len);
63 
64    while (maskee_pos < maskee_len) {
65       /* Store counter at counter_pos, msb first */
66       extended_seed[counter_pos] = (unsigned char) ((counter >> 24) & 0xff);
67       extended_seed[counter_pos+1] = (unsigned char) ((counter >> 16) & 0xff);
68       extended_seed[counter_pos+2] = (unsigned char) ((counter >> 8) & 0xff);
69       extended_seed[counter_pos+3] = (unsigned char) (counter & 0xff);
70 
71       rv = PK11_HashBuf(Hash_OID, hash_out, extended_seed, seed_len + 4);
72       g_assert(rv == SECSuccess);
73 
74       cur_block_size = (maskee_len - maskee_pos);
75       if (cur_block_size > hash_len) cur_block_size = hash_len;
76 
77       memxor(maskee + maskee_pos, hash_out, cur_block_size);
78       maskee_pos += cur_block_size;
79 
80       ++counter;
81    }
82 
83    PORT_ZFree(extended_seed, seed_len+4);
84    PORT_ZFree(hash_out, hash_len);
85    return 1;
86 }
87