Line data Source code
1 : /*
2 : * Copyright (c) 2015, Secure Endpoints Inc.
3 : * All rights reserved.
4 : *
5 : * Redistribution and use in source and binary forms, with or without
6 : * modification, are permitted provided that the following conditions
7 : * are met:
8 : *
9 : * - Redistributions of source code must retain the above copyright
10 : * notice, this list of conditions and the following disclaimer.
11 : *
12 : * - Redistributions in binary form must reproduce the above copyright
13 : * notice, this list of conditions and the following disclaimer in
14 : * the documentation and/or other materials provided with the
15 : * distribution.
16 : *
17 : * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 : * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 : * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
20 : * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21 : * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 : * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 : * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24 : * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 : * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 : * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
28 : * OF THE POSSIBILITY OF SUCH DAMAGE.
29 : *
30 : */
31 :
32 : #include "krb5_locl.h"
33 :
34 : /*
35 : * SP800-108 KDF
36 : */
37 :
38 : /**
39 : * As described in SP800-108 5.1 (for HMAC)
40 : *
41 : * @param context Kerberos 5 context
42 : * @param kdf_K1 Base key material.
43 : * @param kdf_label A string that identifies the purpose for the derived key.
44 : * @param kdf_context A binary string containing parties, nonce, etc.
45 : * @param md Message digest function to use for PRF.
46 : * @param kdf_K0 Derived key data.
47 : *
48 : * @return Return an error code for an failure or 0 on success.
49 : * @ingroup krb5_crypto
50 : */
51 : krb5_error_code
52 0 : _krb5_SP800_108_HMAC_KDF(krb5_context context,
53 : const krb5_data *kdf_K1,
54 : const krb5_data *kdf_label,
55 : const krb5_data *kdf_context,
56 : const EVP_MD *md,
57 : krb5_data *kdf_K0)
58 : {
59 0 : HMAC_CTX c;
60 0 : unsigned char *p = kdf_K0->data;
61 0 : size_t i, n, left = kdf_K0->length;
62 0 : unsigned char hmac[EVP_MAX_MD_SIZE];
63 0 : unsigned int h = EVP_MD_size(md);
64 0 : const size_t L = kdf_K0->length;
65 :
66 0 : heim_assert(md != NULL, "SP800-108 KDF internal error");
67 :
68 0 : HMAC_CTX_init(&c);
69 :
70 0 : n = L / h;
71 :
72 0 : for (i = 0; i <= n; i++) {
73 0 : unsigned char tmp[4];
74 0 : size_t len;
75 :
76 0 : if (HMAC_Init_ex(&c, kdf_K1->data, kdf_K1->length, md, NULL) == 0) {
77 0 : HMAC_CTX_cleanup(&c);
78 0 : return krb5_enomem(context);
79 : }
80 :
81 0 : _krb5_put_int(tmp, i + 1, 4);
82 0 : HMAC_Update(&c, tmp, 4);
83 0 : HMAC_Update(&c, kdf_label->data, kdf_label->length);
84 0 : HMAC_Update(&c, (unsigned char *)"", 1);
85 0 : if (kdf_context)
86 0 : HMAC_Update(&c, kdf_context->data, kdf_context->length);
87 0 : _krb5_put_int(tmp, L * 8, 4);
88 0 : HMAC_Update(&c, tmp, 4);
89 :
90 0 : HMAC_Final(&c, hmac, &h);
91 0 : len = h > left ? left : h;
92 0 : memcpy(p, hmac, len);
93 0 : p += len;
94 0 : left -= len;
95 : }
96 :
97 0 : HMAC_CTX_cleanup(&c);
98 :
99 0 : return 0;
100 : }
|
