CPP_DOC/doxyhtml/hkdf_8c_source.html

 /*

  *  HKDF implementation -- RFC 5869

  *

  *  Copyright The Mbed TLS Contributors

  *  SPDX-License-Identifier: Apache-2.0

  *

  *  Licensed under the Apache License, Version 2.0 (the "License"); you may

  *  not use this file except in compliance with the License.

  *  You may obtain a copy of the License at

  *

  *  http://www.apache.org/licenses/LICENSE-2.0

  *

  *  Unless required by applicable law or agreed to in writing, software

  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT

  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  *  See the License for the specific language governing permissions and

  *  limitations under the License.

  */

 #include "common.h"


 #if defined(MBEDTLS_HKDF_C)


 #include <string.h>

 #include "mbedtls/hkdf.h"

 #include "mbedtls/platform_util.h"

 #include "mbedtls/error.h"


 int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt,

                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,

                  const unsigned char *info, size_t info_len,

                  unsigned char *okm, size_t okm_len)

 {

     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

     unsigned char prk[MBEDTLS_MD_MAX_SIZE];


     ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk);


     if (ret == 0) {

         ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md),

                                   info, info_len, okm, okm_len);

     }


     mbedtls_platform_zeroize(prk, sizeof(prk));


     return ret;

 }


 int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,

                          const unsigned char *salt, size_t salt_len,

                          const unsigned char *ikm, size_t ikm_len,

                          unsigned char *prk)

 {

     unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };


     if (salt == NULL) {

         size_t hash_len;


         if (salt_len != 0) {

             return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;

         }


         hash_len = mbedtls_md_get_size(md);


         if (hash_len == 0) {

             return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;

         }


         salt = null_salt;

         salt_len = hash_len;

     }


     return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk);

 }


 int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,

                         size_t prk_len, const unsigned char *info,

                         size_t info_len, unsigned char *okm, size_t okm_len)

 {

     size_t hash_len;

     size_t where = 0;

     size_t n;

     size_t t_len = 0;

     size_t i;

     int ret = 0;

     mbedtls_md_context_t ctx;

     unsigned char t[MBEDTLS_MD_MAX_SIZE];


     if (okm == NULL) {

         return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;

     }


     hash_len = mbedtls_md_get_size(md);


     if (prk_len < hash_len || hash_len == 0) {

         return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;

     }


     if (info == NULL) {

         info = (const unsigned char *) "";

         info_len = 0;

     }


     n = okm_len / hash_len;


     if (okm_len % hash_len != 0) {

         n++;

     }


     /*

      * Per RFC 5869 Section 2.3, okm_len must not exceed

      * 255 times the hash length

      */

     if (n > 255) {

         return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;

     }


     mbedtls_md_init(&ctx);


     if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) {

         goto exit;

     }


     memset(t, 0, hash_len);


     /*

      * Compute T = T(1) | T(2) | T(3) | ... | T(N)

      * Where T(N) is defined in RFC 5869 Section 2.3

      */

     for (i = 1; i <= n; i++) {

         size_t num_to_copy;

         unsigned char c = i & 0xff;


         ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len);

         if (ret != 0) {

             goto exit;

         }


         ret = mbedtls_md_hmac_update(&ctx, t, t_len);

         if (ret != 0) {

             goto exit;

         }


         ret = mbedtls_md_hmac_update(&ctx, info, info_len);

         if (ret != 0) {

             goto exit;

         }


         /* The constant concatenated to the end of each T(n) is a single octet.

          * */

         ret = mbedtls_md_hmac_update(&ctx, &c, 1);

         if (ret != 0) {

             goto exit;

         }


         ret = mbedtls_md_hmac_finish(&ctx, t);

         if (ret != 0) {

             goto exit;

         }


         num_to_copy = i != n ? hash_len : okm_len - where;

         memcpy(okm + where, t, num_to_copy);

         where += hash_len;

         t_len = hash_len;

     }


 exit:

     mbedtls_md_free(&ctx);

     mbedtls_platform_zeroize(t, sizeof(t));


     return ret;

 }


 #endif /* MBEDTLS_HKDF_C */

md
#define md
Definition: compat-1.3.h:2001

ctx
CS_CONTEXT * ctx
Definition: t0006.c:12

common.h

NULL
#define NULL
Definition: ncbistd.hpp:225

hash_len
@ hash_len
Definition: sec_negotiate_gnutls.h:208

hkdf.h
This file contains the HKDF interface.

MBEDTLS_ERR_HKDF_BAD_INPUT_DATA
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA
Bad input parameters to function.
Definition: hkdf.h:41

mbedtls_hkdf_expand
int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len)
Expand the supplied prk into several additional pseudorandom keys, which is the output of the HKDF.

mbedtls_hkdf_extract
int mbedtls_hkdf_extract(const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk)
Take the input keying material ikm and extract from it a fixed-length pseudorandom key prk.

mbedtls_hkdf
int mbedtls_hkdf(const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len)
This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF).

exit
exit(2)

i
int i
Definition: lex.newick.cpp:1456

n
yy_size_t n
Definition: lex.newick.cpp:1455

mbedtls_md_hmac
MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the full generic HMAC on the input buffer with the provided key.

mbedtls_md_hmac_finish
MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output)
This function finishes the HMAC operation, and writes the result to the output buffer.

mbedtls_md_hmac_update
MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
This function feeds an input buffer into an ongoing HMAC computation.

mbedtls_md_setup
MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
This function selects the message digest algorithm to use, and allocates internal structures.

MBEDTLS_MD_MAX_SIZE
#define MBEDTLS_MD_MAX_SIZE
Definition: md.h:78

mbedtls_md_init
void mbedtls_md_init(mbedtls_md_context_t *ctx)
This function initializes a message-digest context without binding it to a particular message-digest ...

mbedtls_md_get_size
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info)
This function extracts the message-digest size from the message-digest information structure.

mbedtls_md_free
void mbedtls_md_free(mbedtls_md_context_t *ctx)
This function clears the internal structure of ctx and frees any embedded internal structure,...

mbedtls_md_hmac_starts
MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen)
This function sets the HMAC key and prepares to authenticate a new message.

info
static MDB_envinfo info
Definition: mdb_load.c:37

t
EIPRangeType t
Definition: ncbi_localip.c:101

platform_util.h
Common and shared functions used by multiple modules in the Mbed TLS library.

mbedtls_platform_zeroize
void mbedtls_platform_zeroize(void *buf, size_t len)
Securely zeroize a buffer.

error.h
Error to string translation.

MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED
This is a bug in the library.
Definition: error.h:122

string.h

mbedtls_md_context_t
The generic message-digest context.
Definition: md.h:95

mbedtls_md_info_t
Message digest information.
Definition: md_internal.h:45