library/hkdf.c - third_party/github/ARMmbed/mbedtls - Git at Google

 /*
  *  HKDF implementation -- RFC 5869
  *
  *  Copyright The Mbed TLS Contributors
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 #include "common.h"

 #if defined(MBEDTLS_HKDF_C)

 #include <string.h>
 #include "mbedtls/hkdf.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"

 int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,
                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,
                  const unsigned char *info, size_t info_len,
                  unsigned char *okm, size_t okm_len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char prk[MBEDTLS_MD_MAX_SIZE];

     ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk);

     if (ret == 0) {
         ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md),
                                   info, info_len, okm, okm_len);
     }

     mbedtls_platform_zeroize(prk, sizeof(prk));

     return ret;
 }

 int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
                          const unsigned char *salt, size_t salt_len,
                          const unsigned char *ikm, size_t ikm_len,
                          unsigned char *prk)
 {
     unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };

     if (salt == NULL) {
         size_t hash_len;

         if (salt_len != 0) {
             return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
         }

         hash_len = mbedtls_md_get_size(md);

         if (hash_len == 0) {
             return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
         }

         salt = null_salt;
         salt_len = hash_len;
     }

     return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk);
 }

 int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
                         size_t prk_len, const unsigned char *info,
                         size_t info_len, unsigned char *okm, size_t okm_len)
 {
     size_t hash_len;
     size_t where = 0;
     size_t n;
     size_t t_len = 0;
     size_t i;
     int ret = 0;
     mbedtls_md_context_t ctx;
     unsigned char t[MBEDTLS_MD_MAX_SIZE];

     if (okm == NULL) {
         return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
     }

     hash_len = mbedtls_md_get_size(md);

     if (prk_len < hash_len || hash_len == 0) {
         return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
     }

     if (info == NULL) {
         info = (const unsigned char *) "";
         info_len = 0;
     }

     n = okm_len / hash_len;

     if (okm_len % hash_len != 0) {
         n++;
     }

     /*
      * Per RFC 5869 Section 2.3, okm_len must not exceed
      * 255 times the hash length
      */
     if (n > 255) {
         return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
     }

     mbedtls_md_init(&ctx);

     if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) {
         goto exit;
     }

     memset(t, 0, hash_len);

     /*
      * Compute T = T(1) | T(2) | T(3) | ... | T(N)
      * Where T(N) is defined in RFC 5869 Section 2.3
      */
     for (i = 1; i <= n; i++) {
         size_t num_to_copy;
         unsigned char c = i & 0xff;

         ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len);
         if (ret != 0) {
             goto exit;
         }

         ret = mbedtls_md_hmac_update(&ctx, t, t_len);
         if (ret != 0) {
             goto exit;
         }

         ret = mbedtls_md_hmac_update(&ctx, info, info_len);
         if (ret != 0) {
             goto exit;
         }

         /* The constant concatenated to the end of each T(n) is a single octet.
          * */
         ret = mbedtls_md_hmac_update(&ctx, &c, 1);
         if (ret != 0) {
             goto exit;
         }

         ret = mbedtls_md_hmac_finish(&ctx, t);
         if (ret != 0) {
             goto exit;
         }

         num_to_copy = i != n ? hash_len : okm_len - where;
         memcpy(okm + where, t, num_to_copy);
         where += hash_len;
         t_len = hash_len;
     }

 exit:
     mbedtls_md_free(&ctx);
     mbedtls_platform_zeroize(t, sizeof(t));

     return ret;
 }

 #endif /* MBEDTLS_HKDF_C */
	/*
	* HKDF implementation -- RFC 5869
	*
	* Copyright The Mbed TLS Contributors
	* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
	*/
	#include "common.h"

	#if defined(MBEDTLS_HKDF_C)

	#include <string.h>
	#include "mbedtls/hkdf.h"
	#include "mbedtls/platform_util.h"
	#include "mbedtls/error.h"

	int mbedtls_hkdf(const mbedtls_md_info_t md, const unsigned char salt,
	size_t salt_len, const unsigned char *ikm, size_t ikm_len,
	const unsigned char *info, size_t info_len,
	unsigned char *okm, size_t okm_len)
	{
	int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
	unsigned char prk[MBEDTLS_MD_MAX_SIZE];

	ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk);

	if (ret == 0) {
	ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md),
	info, info_len, okm, okm_len);
	}

	mbedtls_platform_zeroize(prk, sizeof(prk));

	return ret;
	}

	int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
	const unsigned char *salt, size_t salt_len,
	const unsigned char *ikm, size_t ikm_len,
	unsigned char *prk)
	{
	unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };

	if (salt == NULL) {
	size_t hash_len;

	if (salt_len != 0) {
	return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
	}

	hash_len = mbedtls_md_get_size(md);

	if (hash_len == 0) {
	return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
	}

	salt = null_salt;
	salt_len = hash_len;
	}

	return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk);
	}

	int mbedtls_hkdf_expand(const mbedtls_md_info_t md, const unsigned char prk,
	size_t prk_len, const unsigned char *info,
	size_t info_len, unsigned char *okm, size_t okm_len)
	{
	size_t hash_len;
	size_t where = 0;
	size_t n;
	size_t t_len = 0;
	size_t i;
	int ret = 0;
	mbedtls_md_context_t ctx;
	unsigned char t[MBEDTLS_MD_MAX_SIZE];

	if (okm == NULL) {
	return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
	}

	hash_len = mbedtls_md_get_size(md);

	if (prk_len < hash_len \|\| hash_len == 0) {
	return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
	}

	if (info == NULL) {
	info = (const unsigned char *) "";
	info_len = 0;
	}

	n = okm_len / hash_len;

	if (okm_len % hash_len != 0) {
	n++;
	}

	/*
	* Per RFC 5869 Section 2.3, okm_len must not exceed
	* 255 times the hash length
	*/
	if (n > 255) {
	return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
	}

	mbedtls_md_init(&ctx);

	if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) {
	goto exit;
	}

	memset(t, 0, hash_len);

	/*
	* Compute T = T(1) \| T(2) \| T(3) \| ... \| T(N)
	* Where T(N) is defined in RFC 5869 Section 2.3
	*/
	for (i = 1; i <= n; i++) {
	size_t num_to_copy;
	unsigned char c = i & 0xff;

	ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len);
	if (ret != 0) {
	goto exit;
	}

	ret = mbedtls_md_hmac_update(&ctx, t, t_len);
	if (ret != 0) {
	goto exit;
	}

	ret = mbedtls_md_hmac_update(&ctx, info, info_len);
	if (ret != 0) {
	goto exit;
	}

	/* The constant concatenated to the end of each T(n) is a single octet.
	* */
	ret = mbedtls_md_hmac_update(&ctx, &c, 1);
	if (ret != 0) {
	goto exit;
	}

	ret = mbedtls_md_hmac_finish(&ctx, t);
	if (ret != 0) {
	goto exit;
	}

	num_to_copy = i != n ? hash_len : okm_len - where;
	memcpy(okm + where, t, num_to_copy);
	where += hash_len;
	t_len = hash_len;
	}

	exit:
	mbedtls_md_free(&ctx);
	mbedtls_platform_zeroize(t, sizeof(t));

	return ret;
	}

	#endif /* MBEDTLS_HKDF_C */