| 1 | /* |
1 | /* |
| 2 | hkdf.C -- RFC 5869 HKDF implementation |
2 | hkdf.C -- RFC 5869 HKDF implementation |
| 3 | Copyright (C) 2013 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2013,2016 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 35 | |
35 | |
| 36 | #include <openssl/opensslv.h> |
36 | #include <openssl/opensslv.h> |
| 37 | #include <openssl/rand.h> |
37 | #include <openssl/rand.h> |
| 38 | #include <openssl/hmac.h> |
38 | #include <openssl/hmac.h> |
| 39 | |
39 | |
|
|
40 | #include "crypto.h" |
| 40 | #include "util.h" |
41 | #include "util.h" |
| 41 | #include "hkdf.h" |
42 | #include "hkdf.h" |
| 42 | |
43 | |
| 43 | // openssl 0.9.8 compatibility |
|
|
| 44 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
|
| 45 | #define require101(exp) exp |
|
|
| 46 | #else |
|
|
| 47 | #define require101(exp) require (exp) |
|
|
| 48 | #endif |
|
|
| 49 | |
|
|
| 50 | hkdf::hkdf (const void *salt, int len, const EVP_MD *xtr_hash) |
|
|
| 51 | { |
|
|
| 52 | HMAC_CTX_init (&ctx); |
|
|
| 53 | |
|
|
| 54 | if (!salt) |
|
|
| 55 | { |
|
|
| 56 | memset (prk, 0, sizeof prk); |
|
|
| 57 | salt = prk; |
|
|
| 58 | len = EVP_MD_size (xtr_hash); |
|
|
| 59 | } |
|
|
| 60 | |
|
|
| 61 | require101 (HMAC_Init_ex (&ctx, salt, len, xtr_hash, 0)); |
|
|
| 62 | } |
|
|
| 63 | |
|
|
| 64 | hkdf::~hkdf () |
|
|
| 65 | { |
|
|
| 66 | HMAC_CTX_cleanup (&ctx); |
|
|
| 67 | } |
|
|
| 68 | |
|
|
| 69 | void |
44 | void |
| 70 | hkdf::extract (const void *ikm, int len) |
45 | hkdf::extract (const void *ikm, int len) |
| 71 | { |
46 | { |
| 72 | require101 (HMAC_Update (&ctx, (u8 *)ikm, len)); |
47 | ctx.add (ikm, len); |
| 73 | } |
48 | } |
| 74 | |
49 | |
| 75 | void |
50 | void |
| 76 | hkdf::extract_done (const EVP_MD *prf_hash) |
51 | hkdf::extract_done (const EVP_MD *prf_hash) |
| 77 | { |
52 | { |
| 78 | require101 (HMAC_Final (&ctx, prk, 0)); |
53 | ctx.digest (prk); |
| 79 | require101 (HMAC_Init_ex (&ctx, 0, 0, prf_hash, 0)); |
54 | ctx.init (0, 0, prf_hash); |
| 80 | } |
55 | } |
| 81 | |
56 | |
| 82 | void |
57 | void |
| 83 | hkdf::expand (void *okm, int len, const void *info, int infolen) |
58 | hkdf::expand (void *okm, int len, const void *info, int infolen) |
| 84 | { |
59 | { |
| 85 | u8 tn[sizeof prk]; |
60 | u8 tn[sizeof prk]; |
| 86 | u8 iter = 0; |
61 | u8 iter = 0; |
| 87 | int md_size = HMAC_size (&ctx); |
62 | int md_size = ctx.size (); |
| 88 | |
63 | |
| 89 | while (len) |
64 | while (len) |
| 90 | { |
65 | { |
| 91 | require101 (HMAC_Init_ex (&ctx, prk, md_size, 0, 0)); |
66 | ctx.init (prk, md_size); |
| 92 | |
67 | |
| 93 | if (iter) |
68 | if (iter) |
| 94 | require101 (HMAC_Update (&ctx, tn, md_size)); |
69 | ctx.add (tn, md_size); |
| 95 | |
70 | |
| 96 | require101 (HMAC_Update (&ctx, (u8 *)info, infolen)); |
71 | ctx.add (info, infolen); |
| 97 | |
72 | |
| 98 | ++iter; |
73 | ++iter; |
| 99 | require (iter); |
74 | require (iter); |
| 100 | |
75 | |
| 101 | require101 (HMAC_Update (&ctx, &iter, 1)); |
76 | ctx.add (&iter, 1); |
| 102 | |
77 | ctx.digest (tn); |
| 103 | require101 (HMAC_Final (&ctx, tn, 0)); |
|
|
| 104 | |
78 | |
| 105 | int ol = len > md_size ? md_size : len; |
79 | int ol = len > md_size ? md_size : len; |
| 106 | |
80 | |
| 107 | memcpy (okm, tn, ol); |
81 | memcpy (okm, tn, ol); |
| 108 | |
82 | |
