diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/secure_hash.h | 20 | ||||
-rw-r--r-- | crypto/secure_hash_default.cc | 50 | ||||
-rw-r--r-- | crypto/secure_hash_openssl.cc | 55 | ||||
-rw-r--r-- | crypto/secure_hash_unittest.cc | 67 | ||||
-rw-r--r-- | crypto/third_party/nss/sha512.cc | 11 |
5 files changed, 62 insertions, 141 deletions
diff --git a/crypto/secure_hash.h b/crypto/secure_hash.h index 491a299a3..a5590e5 100644 --- a/crypto/secure_hash.h +++ b/crypto/secure_hash.h @@ -10,11 +10,6 @@ #include "base/macros.h" #include "crypto/crypto_export.h" -namespace base { -class Pickle; -class PickleIterator; -} - namespace crypto { // A wrapper to calculate secure hashes incrementally, allowing to @@ -30,17 +25,12 @@ class CRYPTO_EXPORT SecureHash { virtual void Update(const void* input, size_t len) = 0; virtual void Finish(void* output, size_t len) = 0; + virtual size_t GetHashLength() const = 0; - // Serialize the context, so it can be restored at a later time. - // |pickle| will contain the serialized data. - // Returns whether or not |pickle| was filled. - virtual bool Serialize(base::Pickle* pickle) = 0; - - // Restore the context that was saved earlier. - // |data_iterator| allows this to be used as part of a larger pickle. - // |pickle| holds the saved data. - // Returns success or failure. - virtual bool Deserialize(base::PickleIterator* data_iterator) = 0; + // Create a clone of this SecureHash. The returned clone and this both + // represent the same hash state. But from this point on, calling + // Update()/Finish() on either doesn't affect the state of the other. + virtual SecureHash* Clone() const = 0; protected: SecureHash() {} diff --git a/crypto/secure_hash_default.cc b/crypto/secure_hash_default.cc index cec6fb8..b33010f 100644 --- a/crypto/secure_hash_default.cc +++ b/crypto/secure_hash_default.cc @@ -15,16 +15,16 @@ namespace crypto { namespace { -const char kSHA256Descriptor[] = "NSS"; - class SecureHashSHA256NSS : public SecureHash { public: - static const int kSecureHashVersion = 1; - SecureHashSHA256NSS() { SHA256_Begin(&ctx_); } + SecureHashSHA256NSS(const SecureHashSHA256NSS& other) { + SHA256_Clone(&ctx_, const_cast<SHA256Context*>(&other.ctx_)); + } + ~SecureHashSHA256NSS() override { memset(&ctx_, 0, sizeof(ctx_)); } // SecureHash implementation: @@ -37,50 +37,14 @@ class SecureHashSHA256NSS : public SecureHash { static_cast<unsigned int>(len)); } - bool Serialize(base::Pickle* pickle) override; - bool Deserialize(base::PickleIterator* data_iterator) override; + SecureHash* Clone() const override { return new SecureHashSHA256NSS(*this); } + + size_t GetHashLength() const override { return SHA256_LENGTH; } private: SHA256Context ctx_; }; -bool SecureHashSHA256NSS::Serialize(base::Pickle* pickle) { - if (!pickle) - return false; - - if (!pickle->WriteInt(kSecureHashVersion) || - !pickle->WriteString(kSHA256Descriptor) || - !pickle->WriteBytes(&ctx_, sizeof(ctx_))) { - return false; - } - - return true; -} - -bool SecureHashSHA256NSS::Deserialize(base::PickleIterator* data_iterator) { - int version; - if (!data_iterator->ReadInt(&version)) - return false; - - if (version > kSecureHashVersion) - return false; // We don't know how to deal with this. - - std::string type; - if (!data_iterator->ReadString(&type)) - return false; - - if (type != kSHA256Descriptor) - return false; // It's the wrong kind. - - const char* data = NULL; - if (!data_iterator->ReadBytes(&data, sizeof(ctx_))) - return false; - - memcpy(&ctx_, data, sizeof(ctx_)); - - return true; -} - } // namespace SecureHash* SecureHash::Create(Algorithm algorithm) { diff --git a/crypto/secure_hash_openssl.cc b/crypto/secure_hash_openssl.cc index ec859ff..868300f 100644 --- a/crypto/secure_hash_openssl.cc +++ b/crypto/secure_hash_openssl.cc @@ -16,16 +16,16 @@ namespace crypto { namespace { -const char kSHA256Descriptor[] = "OpenSSL"; - class SecureHashSHA256OpenSSL : public SecureHash { public: - static const int kSecureHashVersion = 1; - SecureHashSHA256OpenSSL() { SHA256_Init(&ctx_); } + SecureHashSHA256OpenSSL(const SecureHashSHA256OpenSSL& other) { + memcpy(&ctx_, &other.ctx_, sizeof(ctx_)); + } + ~SecureHashSHA256OpenSSL() override { OPENSSL_cleanse(&ctx_, sizeof(ctx_)); } @@ -40,53 +40,16 @@ class SecureHashSHA256OpenSSL : public SecureHash { SHA256_Final(result.safe_buffer(), &ctx_); } - bool Serialize(base::Pickle* pickle) override; - bool Deserialize(base::PickleIterator* data_iterator) override; + SecureHash* Clone() const override { + return new SecureHashSHA256OpenSSL(*this); + } + + size_t GetHashLength() const override { return SHA256_DIGEST_LENGTH; } private: SHA256_CTX ctx_; }; -bool SecureHashSHA256OpenSSL::Serialize(base::Pickle* pickle) { - if (!pickle) - return false; - - if (!pickle->WriteInt(kSecureHashVersion) || - !pickle->WriteString(kSHA256Descriptor) || - !pickle->WriteBytes(&ctx_, sizeof(ctx_))) { - return false; - } - - return true; -} - -bool SecureHashSHA256OpenSSL::Deserialize(base::PickleIterator* data_iterator) { - if (!data_iterator) - return false; - - int version; - if (!data_iterator->ReadInt(&version)) - return false; - - if (version > kSecureHashVersion) - return false; // We don't know how to deal with this. - - std::string type; - if (!data_iterator->ReadString(&type)) - return false; - - if (type != kSHA256Descriptor) - return false; // It's the wrong kind. - - const char* data = NULL; - if (!data_iterator->ReadBytes(&data, sizeof(ctx_))) - return false; - - memcpy(&ctx_, data, sizeof(ctx_)); - - return true; -} - } // namespace SecureHash* SecureHash::Create(Algorithm algorithm) { diff --git a/crypto/secure_hash_unittest.cc b/crypto/secure_hash_unittest.cc index df0afa6..019e86f 100644 --- a/crypto/secure_hash_unittest.cc +++ b/crypto/secure_hash_unittest.cc @@ -10,21 +10,16 @@ #include <string> #include "base/memory/scoped_ptr.h" -#include "base/pickle.h" #include "crypto/sha2.h" #include "testing/gtest/include/gtest/gtest.h" TEST(SecureHashTest, TestUpdate) { // Example B.3 from FIPS 180-2: long message. std::string input3(500000, 'a'); // 'a' repeated half a million times - int expected3[] = { 0xcd, 0xc7, 0x6e, 0x5c, - 0x99, 0x14, 0xfb, 0x92, - 0x81, 0xa1, 0xc7, 0xe2, - 0x84, 0xd7, 0x3e, 0x67, - 0xf1, 0x80, 0x9a, 0x48, - 0xa4, 0x97, 0x20, 0x0e, - 0x04, 0x6d, 0x39, 0xcc, - 0xc7, 0x11, 0x2c, 0xd0 }; + const int kExpectedHashOfInput3[] = { + 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92, 0x81, 0xa1, 0xc7, + 0xe2, 0x84, 0xd7, 0x3e, 0x67, 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, + 0x20, 0x0e, 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0}; uint8_t output3[crypto::kSHA256Length]; @@ -35,43 +30,53 @@ TEST(SecureHashTest, TestUpdate) { ctx->Finish(output3, sizeof(output3)); for (size_t i = 0; i < crypto::kSHA256Length; i++) - EXPECT_EQ(expected3[i], static_cast<int>(output3[i])); + EXPECT_EQ(kExpectedHashOfInput3[i], static_cast<int>(output3[i])); } -// Save the crypto state mid-stream, and create another instance with the -// saved state. Then feed the same data afterwards to both. -// When done, both should have the same hash value. -TEST(SecureHashTest, TestSerialization) { +TEST(SecureHashTest, TestClone) { std::string input1(10001, 'a'); // 'a' repeated 10001 times - std::string input2(10001, 'b'); // 'b' repeated 10001 times - std::string input3(10001, 'c'); // 'c' repeated 10001 times - std::string input4(10001, 'd'); // 'd' repeated 10001 times - std::string input5(10001, 'e'); // 'e' repeated 10001 times + std::string input2(10001, 'd'); // 'd' repeated 10001 times + + const uint8_t kExpectedHashOfInput1[crypto::kSHA256Length] = { + 0x0c, 0xab, 0x99, 0xa0, 0x58, 0x60, 0x0f, 0xfa, 0xad, 0x12, 0x92, + 0xd0, 0xc5, 0x3c, 0x05, 0x48, 0xeb, 0xaf, 0x88, 0xdd, 0x1d, 0x01, + 0x03, 0x03, 0x45, 0x70, 0x5f, 0x01, 0x8a, 0x81, 0x39, 0x09}; + const uint8_t kExpectedHashOfInput1And2[crypto::kSHA256Length] = { + 0x4c, 0x8e, 0x26, 0x5a, 0xc3, 0x85, 0x1f, 0x1f, 0xa5, 0x04, 0x1c, + 0xc7, 0x88, 0x53, 0x1c, 0xc7, 0x80, 0x47, 0x15, 0xfb, 0x47, 0xff, + 0x72, 0xb1, 0x28, 0x37, 0xb0, 0x4d, 0x6e, 0x22, 0x2e, 0x4d}; uint8_t output1[crypto::kSHA256Length]; uint8_t output2[crypto::kSHA256Length]; + uint8_t output3[crypto::kSHA256Length]; scoped_ptr<crypto::SecureHash> ctx1(crypto::SecureHash::Create( crypto::SecureHash::SHA256)); - scoped_ptr<crypto::SecureHash> ctx2(crypto::SecureHash::Create( - crypto::SecureHash::SHA256)); - base::Pickle pickle; ctx1->Update(input1.data(), input1.size()); - ctx1->Update(input2.data(), input2.size()); - ctx1->Update(input3.data(), input3.size()); - EXPECT_TRUE(ctx1->Serialize(&pickle)); - ctx1->Update(input4.data(), input4.size()); - ctx1->Update(input5.data(), input5.size()); + scoped_ptr<crypto::SecureHash> ctx2(ctx1->Clone()); + scoped_ptr<crypto::SecureHash> ctx3(ctx2->Clone()); + // At this point, ctx1, ctx2, and ctx3 are all equivalent and represent the + // state after hashing input1. + // Updating ctx1 and ctx2 with input2 should produce equivalent results. + ctx1->Update(input2.data(), input2.size()); ctx1->Finish(output1, sizeof(output1)); - base::PickleIterator data_iterator(pickle); - EXPECT_TRUE(ctx2->Deserialize(&data_iterator)); - ctx2->Update(input4.data(), input4.size()); - ctx2->Update(input5.data(), input5.size()); - + ctx2->Update(input2.data(), input2.size()); ctx2->Finish(output2, sizeof(output2)); EXPECT_EQ(0, memcmp(output1, output2, crypto::kSHA256Length)); + EXPECT_EQ(0, + memcmp(output1, kExpectedHashOfInput1And2, crypto::kSHA256Length)); + + // Finish() ctx3, which should produce the hash of input1. + ctx3->Finish(&output3, sizeof(output3)); + EXPECT_EQ(0, memcmp(output3, kExpectedHashOfInput1, crypto::kSHA256Length)); +} + +TEST(SecureHashTest, TestLength) { + scoped_ptr<crypto::SecureHash> ctx( + crypto::SecureHash::Create(crypto::SecureHash::SHA256)); + EXPECT_EQ(crypto::kSHA256Length, ctx->GetHashLength()); } diff --git a/crypto/third_party/nss/sha512.cc b/crypto/third_party/nss/sha512.cc index 5ef4e50..78950cb 100644 --- a/crypto/third_party/nss/sha512.cc +++ b/crypto/third_party/nss/sha512.cc @@ -471,6 +471,11 @@ SHA256_End(SHA256Context *ctx, unsigned char *digest, *digestLen = padLen; } +void SHA256_Clone(SHA256Context* dest, SHA256Context* src) +{ + memcpy(dest, src, sizeof *dest); +} + /* Comment out unused code, mostly the SHA384 and SHA512 implementations. */ #if 0 SECStatus @@ -519,12 +524,6 @@ SHA256_Resurrect(unsigned char *space, void *arg) return ctx; } -void SHA256_Clone(SHA256Context *dest, SHA256Context *src) -{ - memcpy(dest, src, sizeof *dest); -} - - /* ======= SHA512 and SHA384 common constants and defines ================= */ /* common #defines for SHA512 and SHA384 */ |