summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/crypto_hash/src/lib.rs
blob: 9303f3cfd912531e352c1d6d2abf9c1ccb3ec953 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

extern crate base64;
extern crate digest;
extern crate libc;
extern crate md5;
extern crate nsstring;
extern crate sha1;
extern crate sha2;
#[macro_use]
extern crate xpcom;

use base64::Engine;
use digest::{Digest, DynDigest};
use nserror::{
    nsresult, NS_ERROR_FAILURE, NS_ERROR_INVALID_ARG, NS_ERROR_NOT_AVAILABLE,
    NS_ERROR_NOT_INITIALIZED, NS_OK,
};
use nsstring::{nsACString, nsCString};
use xpcom::interfaces::{nsICryptoHash, nsIInputStream};
use xpcom::xpcom_method;

use std::borrow::Borrow;
use std::sync::Mutex;

enum Algorithm {
    Md5,
    Sha1,
    Sha256,
    Sha384,
    Sha512,
}

impl TryFrom<u32> for Algorithm {
    type Error = nsresult;

    fn try_from(value: u32) -> Result<Self, Self::Error> {
        match value {
            nsICryptoHash::MD5 => Ok(Algorithm::Md5),
            nsICryptoHash::SHA1 => Ok(Algorithm::Sha1),
            nsICryptoHash::SHA256 => Ok(Algorithm::Sha256),
            nsICryptoHash::SHA384 => Ok(Algorithm::Sha384),
            nsICryptoHash::SHA512 => Ok(Algorithm::Sha512),
            _ => Err(NS_ERROR_INVALID_ARG),
        }
    }
}

impl TryFrom<&nsACString> for Algorithm {
    type Error = nsresult;

    fn try_from(value: &nsACString) -> Result<Self, Self::Error> {
        match value.to_utf8().borrow() {
            "md5" => Ok(Algorithm::Md5),
            "sha1" => Ok(Algorithm::Sha1),
            "sha256" => Ok(Algorithm::Sha256),
            "sha384" => Ok(Algorithm::Sha384),
            "sha512" => Ok(Algorithm::Sha512),
            _ => Err(NS_ERROR_INVALID_ARG),
        }
    }
}

#[xpcom(implement(nsICryptoHash), atomic)]
struct CryptoHash {
    digest: Mutex<Option<Box<dyn DynDigest>>>,
}

impl CryptoHash {
    xpcom_method!(init => Init(algorithm: u32));
    fn init(&self, algorithm: u32) -> Result<(), nsresult> {
        let algorithm = algorithm.try_into()?;
        self.init_with_algorithm(algorithm)
    }

    xpcom_method!(init_with_string => InitWithString(algorithm: *const nsACString));
    fn init_with_string(&self, algorithm: &nsACString) -> Result<(), nsresult> {
        let algorithm = algorithm.try_into()?;
        self.init_with_algorithm(algorithm)
    }

    fn init_with_algorithm(&self, algorithm: Algorithm) -> Result<(), nsresult> {
        let digest = match algorithm {
            Algorithm::Md5 => Box::new(md5::Md5::new()) as Box<dyn DynDigest>,
            Algorithm::Sha1 => Box::new(sha1::Sha1::new()) as Box<dyn DynDigest>,
            Algorithm::Sha256 => Box::new(sha2::Sha256::new()) as Box<dyn DynDigest>,
            Algorithm::Sha384 => Box::new(sha2::Sha384::new()) as Box<dyn DynDigest>,
            Algorithm::Sha512 => Box::new(sha2::Sha512::new()) as Box<dyn DynDigest>,
        };
        let mut guard = self.digest.lock().map_err(|_| NS_ERROR_FAILURE)?;
        if let Some(_expected_none_digest) = (*guard).replace(digest) {
            return Err(NS_ERROR_FAILURE);
        }
        Ok(())
    }

    xpcom_method!(update => Update(data: *const u8, len: u32));
    fn update(&self, data: *const u8, len: u32) -> Result<(), nsresult> {
        let mut guard = self.digest.lock().map_err(|_| NS_ERROR_FAILURE)?;
        let digest = match (*guard).as_mut() {
            Some(digest) => digest,
            None => return Err(NS_ERROR_NOT_INITIALIZED),
        };
        // Safety: this is safe as long as xpcom gave us valid arguments.
        let data = unsafe {
            std::slice::from_raw_parts(data, len.try_into().map_err(|_| NS_ERROR_INVALID_ARG)?)
        };
        digest.update(data);
        Ok(())
    }

    xpcom_method!(update_from_stream => UpdateFromStream(stream: *const nsIInputStream, len: u32));
    fn update_from_stream(&self, stream: &nsIInputStream, len: u32) -> Result<(), nsresult> {
        let mut guard = self.digest.lock().map_err(|_| NS_ERROR_FAILURE)?;
        let digest = match (*guard).as_mut() {
            Some(digest) => digest,
            None => return Err(NS_ERROR_NOT_INITIALIZED),
        };
        let mut available = 0u64;
        unsafe { stream.Available(&mut available as *mut u64).to_result()? };
        let mut to_read = if len == u32::MAX { available } else { len as u64 };
        if available == 0 || available < to_read {
            return Err(NS_ERROR_NOT_AVAILABLE);
        }
        let mut buf = vec![0u8; 4096];
        let buf_len = buf.len() as u64;
        while to_read > 0 {
            let chunk_len = if to_read >= buf_len { buf_len as u32 } else { to_read as u32 };
            let mut read = 0u32;
            unsafe {
                stream
                    .Read(
                        buf.as_mut_ptr() as *mut libc::c_char,
                        chunk_len,
                        &mut read as *mut u32,
                    )
                    .to_result()?
            };
            if read > chunk_len {
                return Err(NS_ERROR_FAILURE);
            }
            digest.update(&buf[0..read.try_into().map_err(|_| NS_ERROR_FAILURE)?]);
            to_read -= read as u64;
        }
        Ok(())
    }

    xpcom_method!(finish => Finish(ascii: bool) -> nsACString);
    fn finish(&self, ascii: bool) -> Result<nsCString, nsresult> {
        let mut guard = self.digest.lock().map_err(|_| NS_ERROR_FAILURE)?;
        let digest = match (*guard).take() {
            Some(digest) => digest,
            None => return Err(NS_ERROR_NOT_INITIALIZED),
        };
        let result = digest.finalize();
        if ascii {
            Ok(nsCString::from(
                base64::engine::general_purpose::STANDARD.encode(result),
            ))
        } else {
            Ok(nsCString::from(result))
        }
    }
}

#[no_mangle]
pub extern "C" fn crypto_hash_constructor(
    iid: *const xpcom::nsIID,
    result: *mut *mut xpcom::reexports::libc::c_void,
) -> nserror::nsresult {
    let crypto_hash = CryptoHash::allocate(InitCryptoHash {
        digest: Mutex::new(None),
    });
    unsafe { crypto_hash.QueryInterface(iid, result) }
}