From 7ed22aaeec7a09f2215d08003e2e5c824f903d5d Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Wed, 2 Sep 2015 11:30:17 +0200 Subject: [PATCH] libsec: add rfc5869 hmac-based key derivation function hkdf_x() --- sys/include/libsec.h | 5 +++++ sys/src/libsec/port/hkdf.c | 39 ++++++++++++++++++++++++++++++++++++++ sys/src/libsec/port/mkfile | 3 ++- 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 sys/src/libsec/port/hkdf.c diff --git a/sys/include/libsec.h b/sys/include/libsec.h index e46180829..d5c3b85fb 100644 --- a/sys/include/libsec.h +++ b/sys/include/libsec.h @@ -464,3 +464,8 @@ void curve25519_dh_finish(uchar x[32], uchar y[32], uchar z[32]); /* password-based key derivation function 2 (rfc2898) */ void pbkdf2_x(uchar *p, ulong plen, uchar *s, ulong slen, ulong rounds, uchar *d, ulong dlen, DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen); + +/* hmac-based key derivation function (rfc5869) */ +void hkdf_x(uchar *salt, ulong nsalt, uchar *info, ulong ninfo, uchar *key, ulong nkey, uchar *d, ulong dlen, + DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*), int xlen); + diff --git a/sys/src/libsec/port/hkdf.c b/sys/src/libsec/port/hkdf.c new file mode 100644 index 000000000..6ad32d35b --- /dev/null +++ b/sys/src/libsec/port/hkdf.c @@ -0,0 +1,39 @@ +#include "os.h" +#include +#include + +/* rfc5869 */ +void +hkdf_x(salt, nsalt, info, ninfo, key, nkey, d, dlen, x, xlen) + uchar *salt, *info, *key, *d; + ulong nsalt, ninfo, nkey, dlen; + DigestState* (*x)(uchar*, ulong, uchar*, ulong, uchar*, DigestState*); + int xlen; +{ + uchar prk[256], tmp[256], cnt; + DigestState *ds; + + assert(xlen <= sizeof(tmp)); + + memset(tmp, 0, xlen); + if(nsalt == 0){ + salt = tmp; + nsalt = xlen; + } + /* note that salt and key are swapped in this case */ + (*x)(key, nkey, salt, nsalt, prk, nil); + ds = nil; + for(cnt=1;; cnt++) { + if(ninfo > 0) + ds = (*x)(info, ninfo, prk, xlen, nil, ds); + (*x)(&cnt, 1, prk, xlen, tmp, ds); + if(dlen <= xlen){ + memmove(d, tmp, dlen); + break; + } + memmove(d, tmp, xlen); + dlen -= xlen; + d += xlen; + ds = (*x)(tmp, xlen, prk, xlen, nil, nil); + } +} diff --git a/sys/src/libsec/port/mkfile b/sys/src/libsec/port/mkfile index bc9134a0c..f49420114 100644 --- a/sys/src/libsec/port/mkfile +++ b/sys/src/libsec/port/mkfile @@ -21,9 +21,10 @@ CFILES = des.c desmodes.c desECB.c desCBC.c des3ECB.c des3CBC.c\ ecc.c\ ripemd.c\ dh.c\ - pbkdf2.c\ curve25519.c\ curve25519_dh.c\ + pbkdf2.c\ + hkdf.c\ ALLOFILES=${CFILES:%.c=%.$O}