1 /* $NetBSD: sp800-108-kdf.c,v 1.4 2023/06/19 21:41:44 christos Exp $ */
2
3 /*
4 * Copyright (c) 2015, Secure Endpoints Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * - Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * - Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
30 * OF THE POSSIBILITY OF SUCH DAMAGE.
31 *
32 */
33
34 #include "krb5_locl.h"
35
36 /*
37 * SP800-108 KDF
38 */
39
40 /**
41 * As described in SP800-108 5.1 (for HMAC)
42 *
43 * @param context Kerberos 5 context
44 * @param kdf_K1 Base key material.
45 * @param kdf_label A string that identifies the purpose for the derived key.
46 * @param kdf_context A binary string containing parties, nonce, etc.
47 * @param md Message digest function to use for PRF.
48 * @param kdf_K0 Derived key data.
49 *
50 * @return Return an error code for an failure or 0 on success.
51 * @ingroup krb5_crypto
52 */
53 krb5_error_code
_krb5_SP800_108_HMAC_KDF(krb5_context context,const krb5_data * kdf_K1,const krb5_data * kdf_label,const krb5_data * kdf_context,const EVP_MD * md,krb5_data * kdf_K0)54 _krb5_SP800_108_HMAC_KDF(krb5_context context,
55 const krb5_data *kdf_K1,
56 const krb5_data *kdf_label,
57 const krb5_data *kdf_context,
58 const EVP_MD *md,
59 krb5_data *kdf_K0)
60 {
61 HMAC_CTX *c;
62 unsigned char *p = kdf_K0->data;
63 size_t i, n, left = kdf_K0->length;
64 unsigned char hmac[EVP_MAX_MD_SIZE];
65 unsigned int h = EVP_MD_size(md);
66 const size_t L = kdf_K0->length;
67
68 heim_assert(md != NULL, "SP800-108 KDF internal error");
69
70 #if OPENSSL_VERSION_NUMBER < 0x10100000UL
71 HMAC_CTX cs;
72 c = &cs;
73 HMAC_CTX_init(c);
74 #else
75 c = HMAC_CTX_new();
76 #endif
77
78 n = L / h;
79
80 for (i = 0; i <= n; i++) {
81 unsigned char tmp[4];
82 size_t len;
83
84 HMAC_Init_ex(c, kdf_K1->data, kdf_K1->length, md, NULL);
85
86 _krb5_put_int(tmp, i + 1, 4);
87 HMAC_Update(c, tmp, 4);
88 HMAC_Update(c, kdf_label->data, kdf_label->length);
89 HMAC_Update(c, (unsigned char *)"", 1);
90 if (kdf_context)
91 HMAC_Update(c, kdf_context->data, kdf_context->length);
92 _krb5_put_int(tmp, L * 8, 4);
93 HMAC_Update(c, tmp, 4);
94
95 HMAC_Final(c, hmac, &h);
96 len = h > left ? left : h;
97 memcpy(p, hmac, len);
98 p += len;
99 left -= len;
100 }
101
102 #if OPENSSL_VERSION_NUMBER < 0x10100000UL
103 HMAC_CTX_cleanup(c);
104 #else
105 HMAC_CTX_free(c);
106 #endif
107
108 return 0;
109 }
110