1 files changed, 116 insertions, 0 deletions
diff --git a/src/lib/libcrypto/hkdf/hkdf.c b/src/lib/libcrypto/hkdf/hkdf.c
new file mode 100644
index 0000000000..9fe587de13
--- /dev/null
+++ b/src/lib/libcrypto/hkdf/hkdf.c
@@ -0,0 +1,116 @@
+/* Copyright (c) 2014, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/hkdf.h>
+#include <assert.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/hmac.h>
+/* https://tools.ietf.org/html/rfc5869#section-2 */
+int
+HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
+    const uint8_t *secret, size_t secret_len, const uint8_t *salt,
+    size_t salt_len, const uint8_t *info, size_t info_len)
+{
+        uint8_t prk[EVP_MAX_MD_SIZE];
+        size_t prk_len;
+        if (!HKDF_extract(prk, &prk_len, digest, secret, secret_len, salt,
+                salt_len))
+                return 0;
+        if (!HKDF_expand(out_key, out_len, digest, prk, prk_len, info,
+                info_len))
+                return 0;
+        return 1;
+}
+/* https://tools.ietf.org/html/rfc5869#section-2.2 */
+int
+HKDF_extract(uint8_t *out_key, size_t *out_len,
+    const EVP_MD *digest, const uint8_t *secret, size_t secret_len,
+    const uint8_t *salt, size_t salt_len)
+{
+        unsigned int len;
+        /*
+         * If salt is not given, HashLength zeros are used. However, HMAC does that
+         * internally already so we can ignore it.
+         */
+        if (HMAC(digest, salt, salt_len, secret, secret_len, out_key, &len) ==
+            NULL) {
+                CRYPTOerror(ERR_R_CRYPTO_LIB);
+                return 0;
+        }
+        *out_len = len;
+        return 1;
+}
+/* https://tools.ietf.org/html/rfc5869#section-2.3 */
+int
+HKDF_expand(uint8_t *out_key, size_t out_len,
+    const EVP_MD *digest, const uint8_t *prk, size_t prk_len,
+    const uint8_t *info, size_t info_len)
+{
+        const size_t digest_len = EVP_MD_size(digest);
+        uint8_t previous[EVP_MAX_MD_SIZE];
+        size_t n, done = 0;
+        unsigned int i;
+        int ret = 0;
+        HMAC_CTX hmac;
+        /* Expand key material to desired length. */
+        n = (out_len + digest_len - 1) / digest_len;
+        if (out_len + digest_len < out_len || n > 255) {
+                CRYPTOerror(EVP_R_TOO_LARGE);
+                return 0;
+        }
+        HMAC_CTX_init(&hmac);
+        if (!HMAC_Init_ex(&hmac, prk, prk_len, digest, NULL))
+                goto out;
+        for (i = 0; i < n; i++) {
+                uint8_t ctr = i + 1;
+                size_t todo;
+                if (i != 0 && (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL) ||
+                        !HMAC_Update(&hmac, previous, digest_len)))
+                        goto out;
+                if (!HMAC_Update(&hmac, info, info_len) ||
+                    !HMAC_Update(&hmac, &ctr, 1) ||
+                    !HMAC_Final(&hmac, previous, NULL))
+                        goto out;
+                todo = digest_len;
+                if (done + todo > out_len)
+                        todo = out_len - done;
+                memcpy(out_key + done, previous, todo);
+                done += todo;
+        }
+        ret = 1;
+ out:
+        HMAC_CTX_cleanup(&hmac);
+        if (ret != 1)
+                CRYPTOerror(ERR_R_CRYPTO_LIB);
+        return ret;
+}

diff --git a/src/lib/libcrypto/hkdf/hkdf.c b/src/lib/libcrypto/hkdf/hkdf.c new file mode 100644 index 0000000000..9fe587de13 --- /dev/null +++ b/src/lib/libcrypto/hkdf/hkdf.c
@@ -0,0 +1,116 @@
	1	/* Copyright (c) 2014, Google Inc.
	2	*
	3	* Permission to use, copy, modify, and/or distribute this software for any
	4	* purpose with or without fee is hereby granted, provided that the above
	5	* copyright notice and this permission notice appear in all copies.
	6	*
	7	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	8	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	9	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	10	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	11	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	12	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	13	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	14	*/
	15
	16	#include <openssl/hkdf.h>
	17
	18	#include <assert.h>
	19	#include <string.h>
	20
	21	#include <openssl/err.h>
	22	#include <openssl/hmac.h>
	23
	24	/* https://tools.ietf.org/html/rfc5869#section-2 */
	25	int
	26	HKDF(uint8_t out_key, size_t out_len, const EVP_MD digest,
	27	const uint8_t secret, size_t secret_len, const uint8_t salt,
	28	size_t salt_len, const uint8_t *info, size_t info_len)
	29	{
	30	uint8_t prk[EVP_MAX_MD_SIZE];
	31	size_t prk_len;
	32
	33	if (!HKDF_extract(prk, &prk_len, digest, secret, secret_len, salt,
	34	salt_len))
	35	return 0;
	36	if (!HKDF_expand(out_key, out_len, digest, prk, prk_len, info,
	37	info_len))
	38	return 0;
	39
	40	return 1;
	41	}
	42
	43	/* https://tools.ietf.org/html/rfc5869#section-2.2 */
	44	int
	45	HKDF_extract(uint8_t out_key, size_t out_len,
	46	const EVP_MD digest, const uint8_t secret, size_t secret_len,
	47	const uint8_t *salt, size_t salt_len)
	48	{
	49	unsigned int len;
	50
	51	/*
	52	* If salt is not given, HashLength zeros are used. However, HMAC does that
	53	* internally already so we can ignore it.
	54	*/
	55	if (HMAC(digest, salt, salt_len, secret, secret_len, out_key, &len) ==
	56	NULL) {
	57	CRYPTOerror(ERR_R_CRYPTO_LIB);
	58	return 0;
	59	}
	60	*out_len = len;
	61	return 1;
	62	}
	63
	64	/* https://tools.ietf.org/html/rfc5869#section-2.3 */
	65	int
	66	HKDF_expand(uint8_t *out_key, size_t out_len,
	67	const EVP_MD digest, const uint8_t prk, size_t prk_len,
	68	const uint8_t *info, size_t info_len)
	69	{
	70	const size_t digest_len = EVP_MD_size(digest);
	71	uint8_t previous[EVP_MAX_MD_SIZE];
	72	size_t n, done = 0;
	73	unsigned int i;
	74	int ret = 0;
	75	HMAC_CTX hmac;
	76
	77	/* Expand key material to desired length. */
	78	n = (out_len + digest_len - 1) / digest_len;
	79	if (out_len + digest_len < out_len \|\| n > 255) {
	80	CRYPTOerror(EVP_R_TOO_LARGE);
	81	return 0;
	82	}
	83
	84	HMAC_CTX_init(&hmac);
	85	if (!HMAC_Init_ex(&hmac, prk, prk_len, digest, NULL))
	86	goto out;
	87
	88	for (i = 0; i < n; i++) {
	89	uint8_t ctr = i + 1;
	90	size_t todo;
	91
	92	if (i != 0 && (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL) \|\|
	93	!HMAC_Update(&hmac, previous, digest_len)))
	94	goto out;
	95
	96	if (!HMAC_Update(&hmac, info, info_len) \|\|
	97	!HMAC_Update(&hmac, &ctr, 1) \|\|
	98	!HMAC_Final(&hmac, previous, NULL))
	99	goto out;
	100
	101	todo = digest_len;
	102	if (done + todo > out_len)
	103	todo = out_len - done;
	104
	105	memcpy(out_key + done, previous, todo);
	106	done += todo;
	107	}
	108
	109	ret = 1;
	110
	111	out:
	112	HMAC_CTX_cleanup(&hmac);
	113	if (ret != 1)
	114	CRYPTOerror(ERR_R_CRYPTO_LIB);
	115	return ret;
	116	}