Implement SHA-256 hashing

[GoogleCodeExporter]

Update freebl/. This can be done now.

Patch NSS, using this as a guide (need to get SEC_OID_SHA256 and the CKM_* 
stuff added):

cryptohi/sechash.c:    HASH_AlgSHA256
cryptohi/sechash.c:    case SEC_OID_SHA256: ht = HASH_AlgSHA256; break;
softoken/lowpbe.c:      return HASH_AlgSHA256;
softoken/pkcs11c.c:            return HASH_AlgSHA256;
softoken/pkcs11c.c:     crv = sftk_TLSPRFInit(context, key, key_type, 
HASH_AlgSHA256);
softoken/pkcs11c.c:     crv = sftk_TLSPRFInit(context, key, key_type, 
HASH_AlgSHA256);
softoken/pkcs11c.c:    case CKM_NSS_JPAKE_ROUND1_SHA256: hashType = 
HASH_AlgSHA256; goto jpake1;
softoken/pkcs11c.c:             status = TLS_P_hash(HASH_AlgSHA256, &pms, 
"master secret",
softoken/pkcs11c.c:             status = TLS_P_hash(HASH_AlgSHA256, &master, 
"key expansion",
softoken/pkcs11c.c:    case CKM_NSS_HKDF_SHA256: hashType = HASH_AlgSHA256; 
goto hkdf;
softoken/pkcs11c.c:    case CKM_NSS_JPAKE_ROUND2_SHA256: hashType = 
HASH_AlgSHA256; goto jpake2;
softoken/pkcs11c.c:    case CKM_NSS_JPAKE_FINAL_SHA256: hashType = 
HASH_AlgSHA256; goto jpakeFinal;
softoken/sftkhmac.c:        return HASH_AlgSHA256;
ssl/derive.c:       status = TLS_P_hash(HASH_AlgSHA256, &pwSpec->msItem,
ssl/derive.c:       rv = TLS_P_hash(HASH_AlgSHA256, pms, "master secret", &crsr,
ssl/ssl3con.c:      hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
ssl/ssl3con.c:      ss->ssl3.hs.sha_obj = HASH_GetRawHashObject(HASH_AlgSHA256);
ssl/ssl3con.c:      rv = TLS_P_hash(HASH_AlgSHA256, &spec->msItem, label, 
&inData,
ssl/ssl3ext.c:        hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
ssl/ssl3ext.c:            hashObj = HASH_GetRawHashObject(HASH_AlgSHA256);
ssl/sslsnce.c:    HASH_HashBuf(HASH_AlgSHA256, snce.nameHash, name->data, 
name->len);
util/hasht.h:    HASH_AlgSHA256 = 4,

Original issue reported on code.google.com by classi...@floodgap.com on 26 Sep 2014 at 6:58

[GoogleCodeExporter]

Scratch that. We have sha512. Just implement the 3.002 changes (SHA*_* and the 
vector changes) in freebl.

Original comment by classi...@floodgap.com on 26 Sep 2014 at 7:05

[GoogleCodeExporter]

This gives us part of what we need.

https://bugzilla.mozilla.org/show_bug.cgi?id=181540

Original comment by classi...@floodgap.com on 25 Oct 2014 at 8:42

[GoogleCodeExporter]

ONLY implement SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION and SEC_OID_SHA256
DO NOT implement ECDSA, it probably doesn't work.

Need changes to (accept only, not sign):
cryptohi/hasht.h. Add HASH_AlgSHA256. SHA256_LENGTH is 32.
cryptohi/sechash.c. Pattern off SHA1: create a sha2_NewContext, use PK11
util/secoidt.h (natch - see the SSL patch)
util/secoid.c (match order with secoidt.h)
util/secdig.c (add to SGN_CreateDigestInfo list)
util/secalgid.c (add to SECOID_SetAlgorithmID list)
cryptohi/secvfy.c VFY_Begin decodeSigAlg (pattern from DecodeSigAlg 
http://hg.mozilla.org/mozilla-central/raw-file/441055ff60e5/security/nss/lib/cry
ptohi/secvfy.c ) VFY_CreateContext (not for dsaKey) 

Don't do anything (yet) to
ssl/ssl3con.c
cryptohi/secsign.c
certhi/ocsp.c (OCSP was always iffy)

Original comment by classi...@floodgap.com on 25 Oct 2014 at 9:23

[GoogleCodeExporter]

Then we need the CKMs. 

In pkcs11t.h, add CKM_SHA256_RSA_PKCS: CKM_SHA256_RSA_PKCS = 0x00000040
and CKM_SHA256 = 0x00000250
Just in case,
#define CKM_SHA256_HMAC                 0x00000251
#define CKM_SHA256_HMAC_GENERAL         0x00000252

In secoid.c, define CKM_SHA256 and CKM_SHA256_RSA_PKCS

pk11wrap/pk11slot.c: 
everywhere there is a pk11_sha1SlotList, make a pk11_sha256SlotList
add CKM_SHA256 to PK11_DefaultArray
add CKM_SHA256 to PK11_GetSlotList

softoken/pkcs11.c
add CKM_SHA256_RSA_PKCS to the RSA list, pattern off CKM_SHA1_RSA_PKCS, use 256 
instead of 128
add CKM_SHA256 to the SHA_1 list, same as CKM_SHA_1. I don't think we need the 
HMAC stuff or CKM_SHA1_KEY_DERIVATION.

softoken/pkcs11c.c
add CKM_SHA256 to NSC_DigestInit. Pattern after CKM_SHA_1. Replace SHA1_* with 
SHA256_*.

Original comment by classi...@floodgap.com on 25 Oct 2014 at 9:50

[GoogleCodeExporter]

Finally, freebl. sha512.c already exists and has BLAPI connections. Make sure 
it's in the project.

In loader.c/h, blapi.h and ldvector.c, pattern new SHA256_* functions based on 
SHA1_.

Order of attack:
Make freebl, pkcs11t, secoidt.h and hasht.h changes. Rebuild. Make sure these 
stick.
Make softoken and pk11wrap changes. Rebuild, verify stick.
Make remaning util and cryptohi changes. Rebuild, verify stick. 

Original comment by classi...@floodgap.com on 26 Oct 2014 at 12:37

[GoogleCodeExporter]

SEC_OID_* can be any value, they're enums. BUT:

in secoid.c, define pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 }
and 
#define SHAXXX NISTALGS, 2
and
CONST_OID sha256[]                              = { SHAXXX, 1 }; /*
CONST_OID sha384[]                              = { SHAXXX, 2 };
CONST_OID sha512[]                              = { SHAXXX, 3 };
CONST_OID sha224[]                              = { SHAXXX, 4 }; */

    OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION), /*
    OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION),
    OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION), */

    OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
    "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS,
    INVALID_CERT_EXTENSION ),

Original comment by classi...@floodgap.com on 26 Oct 2014 at 1:58

[GoogleCodeExporter]

do secoid.c changes with secoidt.h

Original comment by classi...@floodgap.com on 26 Oct 2014 at 2:04

[GoogleCodeExporter]

First set of changes pending rebuild

Original comment by classi...@floodgap.com on 26 Oct 2014 at 2:38

[GoogleCodeExporter]

OMFG IT WORKED THE FIRST TIME

Need to patch PIPNSS so that it properly reports the new OIDs.

Original comment by classi...@floodgap.com on 26 Oct 2014 at 3:28

[GoogleCodeExporter]

Original comment by classi...@floodgap.com on 26 Oct 2014 at 7:37

• Changed state: Started

[GoogleCodeExporter]

Original comment by classi...@floodgap.com on 27 Oct 2014 at 12:32

• Added labels: Milestone-Release9.3.3

[GoogleCodeExporter]

Original comment by classi...@floodgap.com on 29 Oct 2014 at 5:39

• Changed state: Verified