df/d1b/hkdf_8c_source.html

/*

 *  HKDF implementation -- RFC 5869

 *

 *  Copyright The Mbed TLS Contributors

 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later

 *

 *  This file is provided under the Apache License 2.0, or the

 *  GNU General Public License v2.0 or later.

 *

 *  **********

 *  Apache License 2.0:

 *

 *  Licensed under the Apache License, Version 2.0 (the "License"); you may

 *  not use this file except in compliance with the License.

 *  You may obtain a copy of the License at

 *

 *  http://www.apache.org/licenses/LICENSE-2.0

 *

 *  Unless required by applicable law or agreed to in writing, software

 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 *  See the License for the specific language governing permissions and

 *  limitations under the License.

 *

 *  **********

 *

 *  **********

 *  GNU General Public License v2.0 or later:

 *

 *  This program is free software; you can redistribute it and/or modify

 *  it under the terms of the GNU General Public License as published by

 *  the Free Software Foundation; either version 2 of the License, or

 *  (at your option) any later version.

 *

 *  This program is distributed in the hope that it will be useful,

 *  but WITHOUT ANY WARRANTY; without even the implied warranty of

 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 *  GNU General Public License for more details.

 *

 *  You should have received a copy of the GNU General Public License along

 *  with this program; if not, write to the Free Software Foundation, Inc.,

 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 *  **********

 */

#if !defined(MBEDTLS_CONFIG_FILE)

#include "mbedtls/config.h"

#else

#include MBEDTLS_CONFIG_FILE

#endif


#if defined(MBEDTLS_HKDF_C)


#include <string.h>

#include "mbedtls/hkdf.h"

#include "mbedtls/platform_util.h"


int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,

                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,

                  const unsigned char *info, size_t info_len,

                  unsigned char *okm, size_t okm_len )

{

    int ret;

    unsigned char prk[MBEDTLS_MD_MAX_SIZE];


    ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk );


    if( ret == 0 )

    {

        ret = mbedtls_hkdf_expand( md, prk, mbedtls_md_get_size( md ),

                                   info, info_len, okm, okm_len );

    }


    mbedtls_platform_zeroize( prk, sizeof( prk ) );


    return( ret );

}


int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,

                          const unsigned char *salt, size_t salt_len,

                          const unsigned char *ikm, size_t ikm_len,

                          unsigned char *prk )

{

    unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };


    if( salt == NULL )

    {

        size_t hash_len;


        if( salt_len != 0 )

        {

            return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;

        }


        hash_len = mbedtls_md_get_size( md );


        if( hash_len == 0 )

        {

            return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;

        }


        salt = null_salt;

        salt_len = hash_len;

    }


    return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );

}


int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,

                         size_t prk_len, const unsigned char *info,

                         size_t info_len, unsigned char *okm, size_t okm_len )

{

    size_t hash_len;

    size_t where = 0;

    size_t n;

    size_t t_len = 0;

    size_t i;

    int ret = 0;

    mbedtls_md_context_t ctx;

    unsigned char t[MBEDTLS_MD_MAX_SIZE];


    if( okm == NULL )

    {

        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );

    }


    hash_len = mbedtls_md_get_size( md );


    if( prk_len < hash_len || hash_len == 0 )

    {

        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );

    }


    if( info == NULL )

    {

        info = (const unsigned char *) "";

        info_len = 0;

    }


    n = okm_len / hash_len;


    if( (okm_len % hash_len) != 0 )

    {

        n++;

    }


    /*

     * Per RFC 5869 Section 2.3, okm_len must not exceed

     * 255 times the hash length

     */

    if( n > 255 )

    {

        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );

    }


    mbedtls_md_init( &ctx );


    if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 )

    {

        goto exit;

    }


    /*

     * Compute T = T(1) | T(2) | T(3) | ... | T(N)

     * Where T(N) is defined in RFC 5869 Section 2.3

     */

    for( i = 1; i <= n; i++ )

    {

        size_t num_to_copy;

        unsigned char c = i & 0xff;


        ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len );

        if( ret != 0 )

        {

            goto exit;

        }


        ret = mbedtls_md_hmac_update( &ctx, t, t_len );

        if( ret != 0 )

        {

            goto exit;

        }


        ret = mbedtls_md_hmac_update( &ctx, info, info_len );

        if( ret != 0 )

        {

            goto exit;

        }


        /* The constant concatenated to the end of each T(n) is a single octet.

         * */

        ret = mbedtls_md_hmac_update( &ctx, &c, 1 );

        if( ret != 0 )

        {

            goto exit;

        }


        ret = mbedtls_md_hmac_finish( &ctx, t );

        if( ret != 0 )

        {

            goto exit;

        }


        num_to_copy = i != n ? hash_len : okm_len - where;

        memcpy( okm + where, t, num_to_copy );

        where += hash_len;

        t_len = hash_len;

    }


exit:

    mbedtls_md_free( &ctx );

    mbedtls_platform_zeroize( t, sizeof( t ) );


    return( ret );

}


#endif /* MBEDTLS_HKDF_C */

md
#define md
Definition: compat-1.3.h:2013

NULL
#define NULL
Definition: types.h:112

t
GLdouble GLdouble t
Definition: gl.h:2047

n
GLdouble n
Definition: glext.h:7729

c
const GLubyte * c
Definition: glext.h:8905

i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248

hkdf.h
This file contains the HKDF interface.

MBEDTLS_ERR_HKDF_BAD_INPUT_DATA
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA
Definition: hkdf.h:67

mbedtls_hkdf_expand
int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len)
Expand the supplied prk into several additional pseudorandom keys, which is the output of the HKDF.

mbedtls_hkdf_extract
int mbedtls_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk)
Take the input keying material ikm and extract from it a fixed-length pseudorandom key prk.

mbedtls_hkdf
int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len)
This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF).

mbedtls_md_setup
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
This function selects the message digest algorithm to use, and allocates internal structures.

mbedtls_md_hmac
int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the full generic HMAC on the input buffer with the provided key.

mbedtls_md_hmac_finish
int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
This function finishes the HMAC operation, and writes the result to the output buffer.

mbedtls_md_hmac_update
int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing HMAC computation.

mbedtls_md_hmac_starts
int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
This function sets the HMAC key and prepares to authenticate a new message.

MBEDTLS_MD_MAX_SIZE
#define MBEDTLS_MD_MAX_SIZE
Definition: md.h:97

mbedtls_md_init
void mbedtls_md_init(mbedtls_md_context_t *ctx)
This function initializes a message-digest context without binding it to a particular message-digest ...

mbedtls_md_get_size
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.

mbedtls_md_free
void mbedtls_md_free(mbedtls_md_context_t *ctx)
This function clears the internal structure of ctx and frees any embedded internal structure,...

memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878

mbedtls_platform_zeroize
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
Definition: platform_util.c:98

platform_util.h
Common and shared functions used by multiple modules in the Mbed TLS library.

config.h
Configuration options (set of defines)

exit
#define exit(n)
Definition: config.h:202

info
Definition: notification.c:61

mbedtls_md_context_t
Definition: md.h:111

mbedtls_md_info_t
Definition: md_internal.h:73

ctx
Definition: dbghelp_private.h:571

ret
int ret
Definition: wcstombs-tests.c:31