| 1 | /* |
1 | /* |
| 2 | hkdf.C -- RFC 5869 HKDF implementation |
2 | hkdf.C -- RFC 5869 HKDF implementation |
| 3 | Copyright (C) 2013 Marc Lehmann <gvpe@schmorp.de> |
3 | Copyright (C) 2013,2016 Marc Lehmann <gvpe@schmorp.de> |
| 4 | |
4 | |
| 5 | This file is part of GVPE. |
5 | This file is part of GVPE. |
| 6 | |
6 | |
| 7 | GVPE is free software; you can redistribute it and/or modify it |
7 | GVPE is free software; you can redistribute it and/or modify it |
| 8 | under the terms of the GNU General Public License as published by the |
8 | under the terms of the GNU General Public License as published by the |
| … | |
… | |
| 35 | |
35 | |
| 36 | #include <openssl/opensslv.h> |
36 | #include <openssl/opensslv.h> |
| 37 | #include <openssl/rand.h> |
37 | #include <openssl/rand.h> |
| 38 | #include <openssl/hmac.h> |
38 | #include <openssl/hmac.h> |
| 39 | |
39 | |
|
|
40 | #include "crypto.h" |
| 40 | #include "util.h" |
41 | #include "util.h" |
| 41 | #include "hkdf.h" |
42 | #include "hkdf.h" |
| 42 | |
43 | |
| 43 | // openssl 0.9.8 compatibility |
|
|
| 44 | #if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
|
| 45 | #define require101(exp) exp |
|
|
| 46 | #else |
|
|
| 47 | #define require101(exp) require (exp) |
|
|
| 48 | #endif |
|
|
| 49 | |
|
|
| 50 | hkdf::hkdf (const void *salt, int len, const EVP_MD *xtr_hash) |
44 | hkdf::hkdf (const void *salt, int len, const EVP_MD *xtr_hash) |
|
|
45 | : salt (salt), salt_len (len) |
| 51 | { |
46 | { |
| 52 | HMAC_CTX_init (&ctx); |
47 | ctx.init (salt, salt_len, xtr_hash); |
| 53 | |
|
|
| 54 | if (!salt) |
|
|
| 55 | { |
|
|
| 56 | memset (prk, 0, sizeof prk); |
|
|
| 57 | salt = prk; |
|
|
| 58 | len = EVP_MD_size (xtr_hash); |
|
|
| 59 | } |
|
|
| 60 | |
|
|
| 61 | require101 (HMAC_Init_ex (&ctx, salt, len, xtr_hash, 0)); |
|
|
| 62 | } |
|
|
| 63 | |
|
|
| 64 | hkdf::~hkdf () |
|
|
| 65 | { |
|
|
| 66 | HMAC_CTX_cleanup (&ctx); |
|
|
| 67 | } |
48 | } |
| 68 | |
49 | |
| 69 | void |
50 | void |
| 70 | hkdf::extract (const void *ikm, int len) |
51 | hkdf::extract (const void *ikm, int len) |
| 71 | { |
52 | { |
| 72 | require101 (HMAC_Update (&ctx, (u8 *)ikm, len)); |
53 | ctx.add (ikm, len); |
| 73 | } |
54 | } |
| 74 | |
55 | |
| 75 | void |
56 | void |
| 76 | hkdf::extract_done (const EVP_MD *prf_hash) |
57 | hkdf::extract_done (const EVP_MD *prf_hash) |
| 77 | { |
58 | { |
| 78 | require101 (HMAC_Final (&ctx, prk, 0)); |
59 | ctx.digest (prk); |
| 79 | require101 (HMAC_Init_ex (&ctx, 0, 0, prf_hash, 0)); |
60 | ctx.init (salt, salt_len, prf_hash); |
| 80 | } |
61 | } |
| 81 | |
62 | |
| 82 | void |
63 | void |
| 83 | hkdf::expand (void *okm, int len, const void *info, int infolen) |
64 | hkdf::expand (void *okm, int len, const void *info, int infolen) |
| 84 | { |
65 | { |
| 85 | u8 tn[sizeof prk]; |
66 | u8 tn[sizeof prk]; |
| 86 | u8 iter = 0; |
67 | u8 iter = 0; |
| 87 | int md_size = HMAC_size (&ctx); |
68 | int md_size = ctx.size (); |
| 88 | |
69 | |
| 89 | while (len) |
70 | while (len) |
| 90 | { |
71 | { |
| 91 | require101 (HMAC_Init_ex (&ctx, prk, md_size, 0, 0)); |
72 | ctx.init (prk, md_size); |
| 92 | |
73 | |
| 93 | if (iter) |
74 | if (iter) |
| 94 | require101 (HMAC_Update (&ctx, tn, md_size)); |
75 | ctx.add (tn, md_size); |
| 95 | |
76 | |
| 96 | require101 (HMAC_Update (&ctx, (u8 *)info, infolen)); |
77 | ctx.add (info, infolen); |
| 97 | |
78 | |
| 98 | ++iter; |
79 | ++iter; |
| 99 | require (iter); |
80 | require (iter); |
| 100 | |
81 | |
| 101 | require101 (HMAC_Update (&ctx, &iter, 1)); |
82 | ctx.add (&iter, 1); |
| 102 | |
83 | ctx.digest (tn); |
| 103 | require101 (HMAC_Final (&ctx, tn, 0)); |
|
|
| 104 | |
84 | |
| 105 | int ol = len > md_size ? md_size : len; |
85 | int ol = len > md_size ? md_size : len; |
| 106 | |
86 | |
| 107 | memcpy (okm, tn, ol); |
87 | memcpy (okm, tn, ol); |
| 108 | |
88 | |
| … | |
… | |
| 125 | u8 s[256]; |
105 | u8 s[256]; |
| 126 | |
106 | |
| 127 | unhex (const char *hs) |
107 | unhex (const char *hs) |
| 128 | { |
108 | { |
| 129 | l = 0; |
109 | l = 0; |
| 130 | p = 0; |
110 | p = s; |
| 131 | |
111 | |
| 132 | if (!hs) |
112 | if (!hs) |
| 133 | return; |
113 | return; |
| 134 | |
|
|
| 135 | p = s; |
|
|
| 136 | |
114 | |
| 137 | while (*hs) |
115 | while (*hs) |
| 138 | { |
116 | { |
| 139 | int d1 = *hs >= '0' && *hs <= '9' ? *hs - '0' : *hs - 'a' + 10; ++hs; |
117 | int d1 = *hs >= '0' && *hs <= '9' ? *hs - '0' : *hs - 'a' + 10; ++hs; |
| 140 | int d2 = *hs >= '0' && *hs <= '9' ? *hs - '0' : *hs - 'a' + 10; ++hs; |
118 | int d2 = *hs >= '0' && *hs <= '9' ? *hs - '0' : *hs - 'a' + 10; ++hs; |
