diff options
Diffstat (limited to 'nss-tool')
-rw-r--r-- | nss-tool/common/util.cc | 15 | ||||
-rw-r--r-- | nss-tool/common/util.h | 1 | ||||
-rw-r--r-- | nss-tool/digest/digesttool.cc | 161 | ||||
-rw-r--r-- | nss-tool/digest/digesttool.h | 20 | ||||
-rw-r--r-- | nss-tool/nss_tool.cc | 6 | ||||
-rw-r--r-- | nss-tool/nss_tool.gyp | 1 |
6 files changed, 204 insertions, 0 deletions
diff --git a/nss-tool/common/util.cc b/nss-tool/common/util.cc index e5af2cb8a..77459155a 100644 --- a/nss-tool/common/util.cc +++ b/nss-tool/common/util.cc @@ -199,3 +199,18 @@ std::vector<uint8_t> ReadInputData(std::string dataPath) { return data; } + +std::istream &GetStreamFromFileOrStdin(std::string &path, std::ifstream &ifs) { + if (path.empty()) { + return std::cin; + } + + ifs.open(path, std::ifstream::binary); + if (!ifs.good()) { + std::cerr << "IO Error when opening " << path << std::endl; + std::cerr << "Input file does not exist or you don't have permissions." + << std::endl; + } + + return ifs; +} diff --git a/nss-tool/common/util.h b/nss-tool/common/util.h index bc2e297a4..58fb05839 100644 --- a/nss-tool/common/util.h +++ b/nss-tool/common/util.h @@ -27,5 +27,6 @@ bool ChangeSlotPassword(void); bool DBLoginIfNeeded(const ScopedPK11SlotInfo &slot); std::string StringToHex(const ScopedSECItem &input); std::vector<uint8_t> ReadInputData(std::string dataPath); +std::istream &GetStreamFromFileOrStdin(std::string &path, std::ifstream &ifs); #endif // util_h__ diff --git a/nss-tool/digest/digesttool.cc b/nss-tool/digest/digesttool.cc new file mode 100644 index 000000000..08c3e3ba7 --- /dev/null +++ b/nss-tool/digest/digesttool.cc @@ -0,0 +1,161 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "digesttool.h" +#include "argparse.h" +#include "scoped_ptrs.h" +#include "util.h" + +#include <algorithm> +#include <fstream> +#include <iomanip> +#include <iostream> + +#include <hasht.h> // contains supported digest types +#include <nss.h> +#include <pk11pub.h> +#include <prio.h> + +static SECOidData* HashTypeToOID(HASH_HashType hashtype) { + SECOidTag hashtag; + + if (hashtype <= HASH_AlgNULL || hashtype >= HASH_AlgTOTAL) { + return nullptr; + } + + switch (hashtype) { + case HASH_AlgMD5: + hashtag = SEC_OID_MD5; + break; + case HASH_AlgSHA1: + hashtag = SEC_OID_SHA1; + break; + case HASH_AlgSHA224: + hashtag = SEC_OID_SHA224; + break; + case HASH_AlgSHA256: + hashtag = SEC_OID_SHA256; + break; + case HASH_AlgSHA384: + hashtag = SEC_OID_SHA384; + break; + case HASH_AlgSHA512: + hashtag = SEC_OID_SHA512; + break; + default: + return nullptr; + } + + return SECOID_FindOIDByTag(hashtag); +} + +static SECOidData* HashNameToOID(const std::string& hashName) { + for (size_t htype = HASH_AlgNULL + 1; htype < HASH_AlgTOTAL; htype++) { + SECOidData* hashOID = HashTypeToOID(static_cast<HASH_HashType>(htype)); + if (hashOID && std::string(hashOID->desc) == hashName) { + return hashOID; + } + } + + return nullptr; +} + +static bool Digest(const ArgParser& parser, SECOidData* hashOID); +static bool ComputeDigest(std::istream& is, ScopedPK11Context& hashCtx); + +bool DigestTool::Run(const std::vector<std::string>& arguments) { + ArgParser parser(arguments); + + if (parser.GetPositionalArgumentCount() != 1) { + Usage(); + return false; + } + + // no need for a db for the digest tool + SECStatus rv = NSS_NoDB_Init("."); + if (rv != SECSuccess) { + std::cerr << "NSS init failed!" << std::endl; + return false; + } + + std::string hashName = parser.GetPositionalArgument(0); + std::transform(hashName.begin(), hashName.end(), hashName.begin(), ::toupper); + SECOidData* hashOID = HashNameToOID(hashName); + if (hashOID == nullptr) { + std::cerr << "Error: Unknown digest type " + << parser.GetPositionalArgument(0) << "." << std::endl; + return false; + } + + bool ret = Digest(parser, hashOID); + + // shutdown nss + if (NSS_Shutdown() != SECSuccess) { + std::cerr << "NSS Shutdown failed!" << std::endl; + return false; + } + + return ret; +} + +void DigestTool::Usage() { + std::cerr << "Usage: nss digest md5|sha-1|sha-224|sha-256|sha-384|sha-512 " + "[--infile <path>]" + << std::endl; +} + +static bool Digest(const ArgParser& parser, SECOidData* hashOID) { + std::string inputFile; + if (parser.Has("--infile")) { + inputFile = parser.Get("--infile"); + } + + ScopedPK11Context hashCtx(PK11_CreateDigestContext(hashOID->offset)); + if (hashCtx == nullptr) { + std::cerr << "Creating digest context failed." << std::endl; + return false; + } + PK11_DigestBegin(hashCtx.get()); + + std::ifstream fis; + std::istream& is = GetStreamFromFileOrStdin(inputFile, fis); + if (!is.good() || !ComputeDigest(is, hashCtx)) { + return false; + } + + unsigned char digest[HASH_LENGTH_MAX]; + unsigned int len; + SECStatus rv = PK11_DigestFinal(hashCtx.get(), digest, &len, HASH_LENGTH_MAX); + if (rv != SECSuccess || len == 0) { + std::cerr << "Calculating final hash value failed." << std::endl; + return false; + } + + // human readable output + for (size_t i = 0; i < len; i++) { + std::cout << std::setw(2) << std::setfill('0') << std::hex + << static_cast<int>(digest[i]); + } + std::cout << std::endl; + + return true; +} + +static bool ComputeDigest(std::istream& is, ScopedPK11Context& hashCtx) { + while (is) { + unsigned char buf[4096]; + is.read(reinterpret_cast<char*>(buf), sizeof(buf)); + if (is.fail() && !is.eof()) { + std::cerr << "Error reading from input stream." << std::endl; + return false; + } + SECStatus rv = PK11_DigestOp(hashCtx.get(), buf, is.gcount()); + if (rv != SECSuccess) { + std::cerr << "PK11_DigestOp failed." << std::endl; + return false; + } + } + + return true; +} diff --git a/nss-tool/digest/digesttool.h b/nss-tool/digest/digesttool.h new file mode 100644 index 000000000..0e18346f5 --- /dev/null +++ b/nss-tool/digest/digesttool.h @@ -0,0 +1,20 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef digest_tool_h__ +#define digest_tool_h__ + +#include <string> +#include <vector> +#include "tool.h" + +class DigestTool : public Tool { + public: + bool Run(const std::vector<std::string>& arguments) override; + + private: + void Usage() override; +}; + +#endif // digest_tool_h__ diff --git a/nss-tool/nss_tool.cc b/nss-tool/nss_tool.cc index 1d8fc6153..8864f140d 100644 --- a/nss-tool/nss_tool.cc +++ b/nss-tool/nss_tool.cc @@ -13,6 +13,7 @@ #include "argparse.h" #include "db/dbtool.h" +#include "digest/digesttool.h" #include "enc/enctool.h" #include "tool.h" @@ -21,11 +22,13 @@ static void Usage() { std::cerr << " nss db [--path <directory>] <commands>" << std::endl; std::cerr << " nss encrypt <options>" << std::endl; std::cerr << " nss decrypt <options>" << std::endl; + std::cerr << " nss digest <options>" << std::endl; } static const std::string kDbCommand = "db"; static const std::string kEncryptCommand = "encrypt"; static const std::string kDecryptCommand = "decrypt"; +static const std::string kDigestCommand = "digest"; int main(int argc, char **argv) { if (argc < 2) { @@ -46,6 +49,9 @@ int main(int argc, char **argv) { tool = std::unique_ptr<Tool>(new EncTool()); arguments.push_back("--decrypt"); } + if (argv[1] == kDigestCommand) { + tool = std::unique_ptr<Tool>(new DigestTool()); + } if (!tool) { Usage(); return 1; diff --git a/nss-tool/nss_tool.gyp b/nss-tool/nss_tool.gyp index ed408e9b6..a5d03fcf9 100644 --- a/nss-tool/nss_tool.gyp +++ b/nss-tool/nss_tool.gyp @@ -16,6 +16,7 @@ 'common/util.cc', 'db/dbtool.cc', 'enc/enctool.cc', + 'digest/digesttool.cc' ], 'include_dirs': [ 'common', |