Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
ccan
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
mirror
ccan
Commits
33ba12ad
Commit
33ba12ad
authored
Nov 30, 2016
by
Rusty Russell
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
crypto/hkdf_sha256: new module.
Signed-off-by:
Rusty Russell
<
rusty@rustcorp.com.au
>
parent
ce907a7f
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
251 additions
and
0 deletions
+251
-0
ccan/crypto/hkdf_sha256/LICENSE
ccan/crypto/hkdf_sha256/LICENSE
+1
-0
ccan/crypto/hkdf_sha256/_info
ccan/crypto/hkdf_sha256/_info
+30
-0
ccan/crypto/hkdf_sha256/hkdf_sha256.c
ccan/crypto/hkdf_sha256/hkdf_sha256.c
+97
-0
ccan/crypto/hkdf_sha256/hkdf_sha256.h
ccan/crypto/hkdf_sha256/hkdf_sha256.h
+22
-0
ccan/crypto/hkdf_sha256/test/api-rfc5869.c
ccan/crypto/hkdf_sha256/test/api-rfc5869.c
+101
-0
No files found.
ccan/crypto/hkdf_sha256/LICENSE
0 → 120000
View file @
33ba12ad
../../../licenses/BSD-MIT
\ No newline at end of file
ccan/crypto/hkdf_sha256/_info
0 → 100644
View file @
33ba12ad
#include "config.h"
#include <stdio.h>
#include <string.h>
/**
* crypto/hkdf_sha256 - RFC5869 Hardened Key Derivation Functions using SHA256
*
* This code implements the hkdf described in RFC5869.
*
* License: BSD-MIT
* Maintainer: Rusty Russell <rusty@rustcorp.com.au>
*/
int main(int argc, char *argv[])
{
/* Expect exactly one argument */
if (argc != 2)
return 1;
if (strcmp(argv[1], "depends") == 0) {
printf("ccan/crypto/hmac_sha256\n");
return 0;
}
if (strcmp(argv[1], "testdepends") == 0) {
printf("ccan/str/hex\n");
return 0;
}
return 1;
}
ccan/crypto/hkdf_sha256/hkdf_sha256.c
0 → 100644
View file @
33ba12ad
/* MIT (BSD) license - see LICENSE file for details */
#include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
#include <ccan/crypto/hmac_sha256/hmac_sha256.h>
#include <assert.h>
#include <string.h>
void
hkdf_sha256
(
unsigned
char
*
okm
,
size_t
okm_size
,
const
void
*
s
,
size_t
ssize
,
const
void
*
k
,
size_t
ksize
,
const
void
*
info
,
size_t
isize
)
{
struct
hmac_sha256
prk
,
t
;
struct
hmac_sha256_ctx
ctx
;
unsigned
char
c
;
assert
(
okm_size
<
255
*
sizeof
(
t
));
/* RFC 5869:
*
* 2.2. Step 1: Extract
*
* HKDF-Extract(salt, IKM) -> PRK
*
* Options:
* Hash a hash function; HashLen denotes the length of the
* hash function output in octets
*
* Inputs:
* salt optional salt value (a non-secret random value);
* if not provided, it is set to a string of HashLen zeros.
* IKM input keying material
*
* Output:
* PRK a pseudorandom key (of HashLen octets)
*
* The output PRK is calculated as follows:
*
* PRK = HMAC-Hash(salt, IKM)
*/
hmac_sha256
(
&
prk
,
s
,
ssize
,
k
,
ksize
);
/*
* 2.3. Step 2: Expand
*
* HKDF-Expand(PRK, info, L) -> OKM
*
* Options:
* Hash a hash function; HashLen denotes the length of the
* hash function output in octets
*
* Inputs:
* PRK a pseudorandom key of at least HashLen octets
* (usually, the output from the extract step)
* info optional context and application specific information
* (can be a zero-length string)
* L length of output keying material in octets
* (<= 255*HashLen)
*
* Output:
* OKM output keying material (of L octets)
*
* The output OKM is calculated as follows:
*
* N = ceil(L/HashLen)
* T = T(1) | T(2) | T(3) | ... | T(N)
* OKM = first L octets of T
*
* where:
* T(0) = empty string (zero length)
* T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
* T(2) = HMAC-Hash(PRK, T(1) | info | 0x02)
* T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
* ...
*
* (where the constant concatenated to the end of each T(n) is a
* single octet.)
*/
c
=
1
;
hmac_sha256_init
(
&
ctx
,
&
prk
,
sizeof
(
prk
));
hmac_sha256_update
(
&
ctx
,
info
,
isize
);
hmac_sha256_update
(
&
ctx
,
&
c
,
1
);
hmac_sha256_done
(
&
ctx
,
&
t
);
while
(
okm_size
>
sizeof
(
t
))
{
memcpy
(
okm
,
&
t
,
sizeof
(
t
));
okm
+=
sizeof
(
t
);
okm_size
-=
sizeof
(
t
);
c
++
;
hmac_sha256_init
(
&
ctx
,
&
prk
,
sizeof
(
prk
));
hmac_sha256_update
(
&
ctx
,
&
t
,
sizeof
(
t
));
hmac_sha256_update
(
&
ctx
,
info
,
isize
);
hmac_sha256_update
(
&
ctx
,
&
c
,
1
);
hmac_sha256_done
(
&
ctx
,
&
t
);
}
memcpy
(
okm
,
&
t
,
okm_size
);
}
ccan/crypto/hkdf_sha256/hkdf_sha256.h
0 → 100644
View file @
33ba12ad
#ifndef CCAN_CRYPTO_HKDF_SHA256_H
#define CCAN_CRYPTO_HKDF_SHA256_H
/* BSD-MIT - see LICENSE file for details */
#include "config.h"
#include <stdlib.h>
/**
* hkdf_sha256 - generate a derived key
* @okm: where to output the key
* @okm_size: the number of bytes pointed to by @okm (must be less than 255*32)
* @s: salt
* @ssize: the number of bytes pointed to by @s
* @k: pointer to input key
* @ksize: the number of bytes pointed to by @k
* @info: pointer to info
* @isize: the number of bytes pointed to by @info
*/
void
hkdf_sha256
(
unsigned
char
*
okm
,
size_t
okm_size
,
const
void
*
s
,
size_t
ssize
,
const
void
*
k
,
size_t
ksize
,
const
void
*
info
,
size_t
isize
);
#endif
/* CCAN_CRYPTO_HKDF_SHA256_H */
ccan/crypto/hkdf_sha256/test/api-rfc5869.c
0 → 100644
View file @
33ba12ad
/* From RFC5869 Appendix A
*
* https://tools.ietf.org/html/rfc5869
*/
#include <ccan/crypto/hkdf_sha256/hkdf_sha256.h>
#include <ccan/tap/tap.h>
#include <ccan/str/hex/hex.h>
#include <string.h>
#include <assert.h>
struct
test
{
const
char
*
ikm
,
*
salt
,
*
info
,
*
okm
;
};
static
struct
test
tests
[]
=
{
{
/* Test Case 1
Basic test case with SHA-256
*/
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
,
/* (22 octets) */
"000102030405060708090a0b0c"
,
/* (13 octets) */
"f0f1f2f3f4f5f6f7f8f9"
,
/* (10 octets) */
"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"
,
/* (42 octets) */
},
{
/* Test Case 2
*
* Test with SHA-256 and longer inputs/outputs */
"000102030405060708090a0b0c0d0e0f"
"101112131415161718191a1b1c1d1e1f"
"202122232425262728292a2b2c2d2e2f"
"303132333435363738393a3b3c3d3e3f"
"404142434445464748494a4b4c4d4e4f"
,
/* (80 octets) */
"606162636465666768696a6b6c6d6e6f"
"707172737475767778797a7b7c7d7e7f"
"808182838485868788898a8b8c8d8e8f"
"909192939495969798999a9b9c9d9e9f"
"a0a1a2a3a4a5a6a7a8a9aaabacadaeaf"
,
/* (80 octets )*/
"b0b1b2b3b4b5b6b7b8b9babbbcbdbebf"
"c0c1c2c3c4c5c6c7c8c9cacbcccdcecf"
"d0d1d2d3d4d5d6d7d8d9dadbdcdddedf"
"e0e1e2e3e4e5e6e7e8e9eaebecedeeef"
"f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff"
,
/* (80 octets) */
"b11e398dc80327a1c8e7f78c596a4934"
"4f012eda2d4efad8a050cc4c19afa97c"
"59045a99cac7827271cb41c65e590e09"
"da3275600c2f09b8367793a9aca3db71"
"cc30c58179ec3e87c14c01d5c1f3434f"
"1d87"
/* (82 octets) */
},
{
/* Test Case 3
*
* Test with SHA-256 and zero-length salt/info
*/
"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"
,
/* (22 octets) */
""
,
/* (0 octets) */
""
,
/* (0 octets) */
"8da4e775a563c18f715f802a063c5a31"
"b8a11f5c5ee1879ec3454e5f3c738d2d"
"9d201395faa4b61a96c8"
/* (42 octets) */
}
};
static
void
*
fromhex
(
const
char
*
str
,
size_t
*
len
)
{
void
*
p
;
*
len
=
hex_data_size
(
strlen
(
str
));
p
=
malloc
(
*
len
);
if
(
!
hex_decode
(
str
,
strlen
(
str
),
p
,
*
len
))
abort
();
return
p
;
}
int
main
(
void
)
{
size_t
i
;
plan_tests
(
sizeof
(
tests
)
/
sizeof
(
tests
[
0
]));
for
(
i
=
0
;
i
<
sizeof
(
tests
)
/
sizeof
(
tests
[
0
]);
i
++
)
{
size_t
ksize
,
ssize
,
isize
,
okmsize
;
void
*
k
,
*
s
,
*
info
,
*
expect
,
*
okm
;
k
=
fromhex
(
tests
[
i
].
ikm
,
&
ksize
);
s
=
fromhex
(
tests
[
i
].
salt
,
&
ssize
);
info
=
fromhex
(
tests
[
i
].
info
,
&
isize
);
expect
=
fromhex
(
tests
[
i
].
okm
,
&
okmsize
);
okm
=
malloc
(
okmsize
);
hkdf_sha256
(
okm
,
okmsize
,
s
,
ssize
,
k
,
ksize
,
info
,
isize
);
ok1
(
memcmp
(
okm
,
expect
,
okmsize
)
==
0
);
free
(
k
);
free
(
s
);
free
(
info
);
free
(
expect
);
free
(
okm
);
}
return
exit_status
();
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment