Subversion Repositories Kolibri OS

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
8774 rgimad 1 
/*
2 
 *  HKDF implementation -- RFC 5869
3 
 *
4 
 *  Copyright (C) 2016-2018, ARM Limited, All Rights Reserved
5 
 *  SPDX-License-Identifier: GPL-2.0
6 
 *
7 
 *  This program is free software; you can redistribute it and/or modify
8 
 *  it under the terms of the GNU General Public License as published by
9 
 *  the Free Software Foundation; either version 2 of the License, or
10 
 *  (at your option) any later version.
11 
 *
12 
 *  This program is distributed in the hope that it will be useful,
13 
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
 *  GNU General Public License for more details.
16 
 *
17 
 *  You should have received a copy of the GNU General Public License along
18 
 *  with this program; if not, write to the Free Software Foundation, Inc.,
19 
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 
 *
21 
 *  This file is part of mbed TLS (https://tls.mbed.org)
22 
 */
23 
#if !defined(MBEDTLS_CONFIG_FILE)
24 
#include "mbedtls/config.h"
25 
#else
26 
#include MBEDTLS_CONFIG_FILE
27 
#endif
28 
 
29 
#if defined(MBEDTLS_HKDF_C)
30 
 
31 
#include
32 
#include "mbedtls/hkdf.h"
33 
#include "mbedtls/platform_util.h"
34 
 
35 
int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
36 
                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,
37 
                  const unsigned char *info, size_t info_len,
38 
                  unsigned char *okm, size_t okm_len )
39 
{
40 
    int ret;
41 
    unsigned char prk[MBEDTLS_MD_MAX_SIZE];
42 
 
43 
    ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk );
44 
 
45 
    if( ret == 0 )
46 
    {
47 
        ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ),
48 
                                   info, info_len, okm, okm_len );
49 
    }
50 
 
51 
    mbedtls_platform_zeroize( prk, sizeof( prk ) );
52 
 
53 
    return( ret );
54 
}
55 
 
56 
int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
57 
                          const unsigned char *salt, size_t salt_len,
58 
                          const unsigned char *ikm, size_t ikm_len,
59 
                          unsigned char *prk )
60 
{
61 
    unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
62 
 
63 
    if( salt == NULL )
64 
    {
65 
        size_t hash_len;
66 
 
67 
        if( salt_len != 0 )
68 
        {
69 
            return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
70 
        }
71 
 
72 
        hash_len = mbedtls_md_get_size( md );
73 
 
74 
        if( hash_len == 0 )
75 
        {
76 
            return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
77 
        }
78 
 
79 
        salt = null_salt;
80 
        salt_len = hash_len;
81 
    }
82 
 
83 
    return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );
84 
}
85 
 
86 
int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
87 
                         size_t prk_len, const unsigned char *info,
88 
                         size_t info_len, unsigned char *okm, size_t okm_len )
89 
{
90 
    size_t hash_len;
91 
    size_t where = 0;
92 
    size_t n;
93 
    size_t t_len = 0;
94 
    size_t i;
95 
    int ret = 0;
96 
    mbedtls_md_context_t ctx;
97 
    unsigned char t[MBEDTLS_MD_MAX_SIZE];
98 
 
99 
    if( okm == NULL )
100 
    {
101 
        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
102 
    }
103 
 
104 
    hash_len = mbedtls_md_get_size( md );
105 
 
106 
    if( prk_len < hash_len || hash_len == 0 )
107 
    {
108 
        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
109 
    }
110 
 
111 
    if( info == NULL )
112 
    {
113 
        info = (const unsigned char *) "";
114 
        info_len = 0;
115 
    }
116 
 
117 
    n = okm_len / hash_len;
118 
 
119 
    if( (okm_len % hash_len) != 0 )
120 
    {
121 
        n++;
122 
    }
123 
 
124 
    /*
125 
     * Per RFC 5869 Section 2.3, okm_len must not exceed
126 
     * 255 times the hash length
127 
     */
128 
    if( n > 255 )
129 
    {
130 
        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
131 
    }
132 
 
133 
    mbedtls_md_init( &ctx );
134 
 
135 
    if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 )
136 
    {
137 
        goto exit;
138 
    }
139 
 
140 
    /*
141 
     * Compute T = T(1) | T(2) | T(3) | ... | T(N)
142 
     * Where T(N) is defined in RFC 5869 Section 2.3
143 
     */
144 
    for( i = 1; i <= n; i++ )
145 
    {
146 
        size_t num_to_copy;
147 
        unsigned char c = i & 0xff;
148 
 
149 
        ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len );
150 
        if( ret != 0 )
151 
        {
152 
            goto exit;
153 
        }
154 
 
155 
        ret = mbedtls_md_hmac_update( &ctx, t, t_len );
156 
        if( ret != 0 )
157 
        {
158 
            goto exit;
159 
        }
160 
 
161 
        ret = mbedtls_md_hmac_update( &ctx, info, info_len );
162 
        if( ret != 0 )
163 
        {
164 
            goto exit;
165 
        }
166 
 
167 
        /* The constant concatenated to the end of each T(n) is a single octet.
168 
         * */
169 
        ret = mbedtls_md_hmac_update( &ctx, &c, 1 );
170 
        if( ret != 0 )
171 
        {
172 
            goto exit;
173 
        }
174 
 
175 
        ret = mbedtls_md_hmac_finish( &ctx, t );
176 
        if( ret != 0 )
177 
        {
178 
            goto exit;
179 
        }
180 
 
181 
        num_to_copy = i != n ? hash_len : okm_len - where;
182 
        memcpy( okm + where, t, num_to_copy );
183 
        where += hash_len;
184 
        t_len = hash_len;
185 
    }
186 
 
187 
exit:
188 
    mbedtls_md_free( &ctx );
189 
    mbedtls_platform_zeroize( t, sizeof( t ) );
190 
 
191 
    return( ret );
192 
}
193 
 
194 
#endif /* MBEDTLS_HKDF_C */