ReactOS 0.4.16-dev-319-g6cf4263
hkdf.c
Go to the documentation of this file.
1/*
2 * HKDF implementation -- RFC 5869
3 *
4 * Copyright The Mbed TLS Contributors
5 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
6 *
7 * This file is provided under the Apache License 2.0, or the
8 * GNU General Public License v2.0 or later.
9 *
10 * **********
11 * Apache License 2.0:
12 *
13 * Licensed under the Apache License, Version 2.0 (the "License"); you may
14 * not use this file except in compliance with the License.
15 * You may obtain a copy of the License at
16 *
17 * http://www.apache.org/licenses/LICENSE-2.0
18 *
19 * Unless required by applicable law or agreed to in writing, software
20 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
21 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22 * See the License for the specific language governing permissions and
23 * limitations under the License.
24 *
25 * **********
26 *
27 * **********
28 * GNU General Public License v2.0 or later:
29 *
30 * This program is free software; you can redistribute it and/or modify
31 * it under the terms of the GNU General Public License as published by
32 * the Free Software Foundation; either version 2 of the License, or
33 * (at your option) any later version.
34 *
35 * This program is distributed in the hope that it will be useful,
36 * but WITHOUT ANY WARRANTY; without even the implied warranty of
37 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
38 * GNU General Public License for more details.
39 *
40 * You should have received a copy of the GNU General Public License along
41 * with this program; if not, write to the Free Software Foundation, Inc.,
42 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
43 *
44 * **********
45 */
46#if !defined(MBEDTLS_CONFIG_FILE)
47#include "mbedtls/config.h"
48#else
49#include MBEDTLS_CONFIG_FILE
50#endif
51
52#if defined(MBEDTLS_HKDF_C)
53
54#include <string.h>
55#include "mbedtls/hkdf.h"
57
58int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
59 size_t salt_len, const unsigned char *ikm, size_t ikm_len,
60 const unsigned char *info, size_t info_len,
61 unsigned char *okm, size_t okm_len )
62{
63 int ret;
64 unsigned char prk[MBEDTLS_MD_MAX_SIZE];
65
66 ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, prk );
67
68 if( ret == 0 )
69 {
71 info, info_len, okm, okm_len );
72 }
73
74 mbedtls_platform_zeroize( prk, sizeof( prk ) );
75
76 return( ret );
77}
78
80 const unsigned char *salt, size_t salt_len,
81 const unsigned char *ikm, size_t ikm_len,
82 unsigned char *prk )
83{
84 unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
85
86 if( salt == NULL )
87 {
88 size_t hash_len;
89
90 if( salt_len != 0 )
91 {
93 }
94
95 hash_len = mbedtls_md_get_size( md );
96
97 if( hash_len == 0 )
98 {
100 }
101
102 salt = null_salt;
103 salt_len = hash_len;
104 }
105
106 return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );
107}
108
109int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
110 size_t prk_len, const unsigned char *info,
111 size_t info_len, unsigned char *okm, size_t okm_len )
112{
113 size_t hash_len;
114 size_t where = 0;
115 size_t n;
116 size_t t_len = 0;
117 size_t i;
118 int ret = 0;
120 unsigned char t[MBEDTLS_MD_MAX_SIZE];
121
122 if( okm == NULL )
123 {
125 }
126
127 hash_len = mbedtls_md_get_size( md );
128
129 if( prk_len < hash_len || hash_len == 0 )
130 {
132 }
133
134 if( info == NULL )
135 {
136 info = (const unsigned char *) "";
137 info_len = 0;
138 }
139
140 n = okm_len / hash_len;
141
142 if( (okm_len % hash_len) != 0 )
143 {
144 n++;
145 }
146
147 /*
148 * Per RFC 5869 Section 2.3, okm_len must not exceed
149 * 255 times the hash length
150 */
151 if( n > 255 )
152 {
154 }
155
157
158 if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 )
159 {
160 goto exit;
161 }
162
163 /*
164 * Compute T = T(1) | T(2) | T(3) | ... | T(N)
165 * Where T(N) is defined in RFC 5869 Section 2.3
166 */
167 for( i = 1; i <= n; i++ )
168 {
169 size_t num_to_copy;
170 unsigned char c = i & 0xff;
171
172 ret = mbedtls_md_hmac_starts( &ctx, prk, prk_len );
173 if( ret != 0 )
174 {
175 goto exit;
176 }
177
178 ret = mbedtls_md_hmac_update( &ctx, t, t_len );
179 if( ret != 0 )
180 {
181 goto exit;
182 }
183
184 ret = mbedtls_md_hmac_update( &ctx, info, info_len );
185 if( ret != 0 )
186 {
187 goto exit;
188 }
189
190 /* The constant concatenated to the end of each T(n) is a single octet.
191 * */
192 ret = mbedtls_md_hmac_update( &ctx, &c, 1 );
193 if( ret != 0 )
194 {
195 goto exit;
196 }
197
199 if( ret != 0 )
200 {
201 goto exit;
202 }
203
204 num_to_copy = i != n ? hash_len : okm_len - where;
205 memcpy( okm + where, t, num_to_copy );
206 where += hash_len;
207 t_len = hash_len;
208 }
209
210exit:
212 mbedtls_platform_zeroize( t, sizeof( t ) );
213
214 return( ret );
215}
216
217#endif /* MBEDTLS_HKDF_C */
#define md
Definition: compat-1.3.h:2013
#define NULL
Definition: types.h:112
GLdouble GLdouble t
Definition: gl.h:2047
GLdouble n
Definition: glext.h:7729
const GLubyte * c
Definition: glext.h:8905
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
This file contains the HKDF interface.
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA
Definition: hkdf.h:67
int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len)
Expand the supplied prk into several additional pseudorandom keys, which is the output of the HKDF.
int mbedtls_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk)
Take the input keying material ikm and extract from it a fixed-length pseudorandom key prk.
int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len)
This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
This function selects the message digest algorithm to use, and allocates internal structures.
int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the full generic HMAC on the input buffer with the provided key.
int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
This function finishes the HMAC operation, and writes the result to the output buffer.
int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing HMAC computation.
int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
This function sets the HMAC key and prepares to authenticate a new message.
#define MBEDTLS_MD_MAX_SIZE
Definition: md.h:97
void mbedtls_md_init(mbedtls_md_context_t *ctx)
This function initializes a message-digest context without binding it to a particular message-digest ...
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.
void mbedtls_md_free(mbedtls_md_context_t *ctx)
This function clears the internal structure of ctx and frees any embedded internal structure,...
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.
Definition: platform_util.c:98
Common and shared functions used by multiple modules in the Mbed TLS library.
Configuration options (set of defines)
#define exit(n)
Definition: config.h:202
int ret