Domů Procházet Nápověda
Registrovat se Přihlásit se
Avans-TI
/
2.3-InternetRadio
2
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: b12fac4b8e
Větve Značky
2.3-InternetRad...
/
nutos
/
nut
/
contrib
/
arm-crypto-lib
/
prf_tls12
/
prf_tls12.c

prf_tls12.c 4.5 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 
  1. /* prf_tls12.c */
    2. 

  2. /*
    3. 

  3.     This file is part of the ARM-Crypto-Lib.
    4. 

  4.     Copyright (C) 2009  Daniel Otte (daniel.otte@rub.de)
    5. 

  5. 

  6.     This program is free software: you can redistribute it and/or modify
    7. 

  7.     it under the terms of the GNU General Public License as published by
    8. 

  8.     the Free Software Foundation, either version 3 of the License, or
    9. 

  9.     (at your option) any later version.
    10. 

  10. 

  11.     This program is distributed in the hope that it will be useful,
    12. 

  12.     but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.     GNU General Public License for more details.
    15. 

  15. 

  16.     You should have received a copy of the GNU General Public License
    17. 

  17.     along with this program.  If not, see <http://www.gnu.org/licenses/>.
    18. 

  18. */
    19. 

  19. /*
    20. 

  20.  * \file    prf_tls12.c
    21. 

  21.  * \author  Daniel Otte
    22. 

  22.  * \email   daniel.otte@rub.de
    23. 

  23.  * \date    2011-10-06
    24. 

  24.  * \license GPLv3 or later
    25. 

  25.  *
    26. 

  26.  */
    27. 

  27. /* from rfc5246
    28. 

  28. 

  29. 

  30.       P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
    31. 

  31.                              HMAC_hash(secret, A(2) + seed) +
    32. 

  32.                              HMAC_hash(secret, A(3) + seed) + ...
    33. 

  33. 

  34.    where + indicates concatenation.
    35. 

  35. 

  36.    A() is defined as:
    37. 

  37. 

  38.       A(0) = seed
    39. 

  39.       A(i) = HMAC_hash(secret, A(i-1))
    40. 

  40. 

  41.    P_hash can be iterated as many times as necessary to produce the
    42. 

  42.    required quantity of data.  For example, if P_SHA256 is being used to
    43. 

  43.    create 80 bytes of data, it will have to be iterated three times
    44. 

  44.    (through A(3)), creating 96 bytes of output data; the last 16 bytes
    45. 

  45.    of the final iteration will then be discarded, leaving 80 bytes of
    46. 

  46.    output data.
    47. 

  47. 

  48.    TLS's PRF is created by applying P_hash to the secret as:
    49. 

  49. 

  50.       PRF(secret, label, seed) = P_<hash>(secret, label + seed)
    51. 

  51. 

  52. */
    53. 

  53. /* long story short:
    54. 

  54.  * P(k,s) = H(k, A(1) | s) | H(k, A(2) | s) | ... | H(k, A(n) | s)
    55. 

  55.  * A(0) = s
    56. 

  56.  * A(i) = H(k, A(i-1))
    57. 

  57.  *
    58. 

  58.  * PRF(k,l,s) = P(k, l | s)
    59. 

  59.  *
    60. 

  60.  */
    61. 

  61. 

  62. /* This implementation is limited to hashfunctions which return a hash value
    63. 

  63.  * of a length (in bits) which is divideable by 8.
    64. 

  64.  *
    65. 

  65.  * Also note that our HMAC implementation may fail on hashfunction which
    66. 

  66.  * return a larger hash value then their nativ blocksize
    67. 

  67.  *
    68. 

  68.  */
    69. 

  69. 

  70. #include <stdint.h>
    71. 

  71. #include <stdlib.h>
    72. 

  72. #include <string.h>
    73. 

  73. #include <crypto/hashfunction_descriptor.h>
    74. 

  74. #include <crypto/hfal-basic.h>
    75. 

  75. #include <crypto/hfal-hmac.h>
    76. 

  76. #include <crypto/prf_tls12.h>
    77. 

  77. 

  78. uint8_t prf_tls12_init(prf_tls12_ctx_t* ctx, const hfdesc_t* hash,
    79. 

  79. 	const void* key, uint16_t keylength_b,
    80. 

  80. 	const void* seed, uint16_t seedlength_b){
    81. 

  81. 	hfhmacgen_ctx_t tmp_ctx;
    82. 

  82. 	ctx->blocklength_b = hfal_hash_getHashsize(hash);
    83. 

  83. 	ctx->seed_buffer = malloc(ctx->blocklength_b/8+(seedlength_b+7)/8);
    84. 

  84. 	if(!ctx->seed_buffer){
    85. 

  85. 		return 1;
    86. 

  86. 	}
    87. 

  87. 	ctx->bufferlength_b = ctx->blocklength_b + seedlength_b;
    88. 

  88. 	memcpy(ctx->seed_buffer+ctx->blocklength_b/8, seed, seedlength_b/8);
    89. 

  89. 	if(hfal_hmac_init(hash, &(ctx->mainctx), key, keylength_b)){
    90. 

  90. 		return 2;
    91. 

  91. 	}
    92. 

  92. 	if(hfal_hmac_ctxcopy(&tmp_ctx, &(ctx->mainctx))){
    93. 

  93. 		prf_tls12_free(ctx);
    94. 

  94. 		return 3;
    95. 

  95. 	}
    96. 

  96. 	hfal_hmac_lastBlock(&tmp_ctx, seed, seedlength_b);
    97. 

  97. 	hfal_hmac_ctx2mac(ctx->seed_buffer, &tmp_ctx);
    98. 

  98. 	hfal_hmac_free(&tmp_ctx);
    99. 

  99. 	return 0;
    100. 

  100. }
    101. 

  101. 

  102. uint8_t prf_tls12_init_w_label(prf_tls12_ctx_t* ctx, const hfdesc_t* hash,
    103. 

  103. 	const void* key, uint16_t keylength_b,
    104. 

  104. 	const void* label, uint16_t labellength_B,
    105. 

  105. 	const void* seed, uint16_t seedlength_b){
    106. 

  106. 

  107. 	uint8_t buffer[labellength_B+(seedlength_b+7)/8];
    108. 

  108. 	memcpy(buffer, label, labellength_B);
    109. 

  109. 	memcpy(buffer+labellength_B, seed, (seedlength_b+7)/8);
    110. 

  110. 	return prf_tls12_init(ctx, hash, key, keylength_b, buffer, labellength_B*8+seedlength_b);
    111. 

  111. }
    112. 

  112. 

  113. 

  114. void prf_tls12_free(prf_tls12_ctx_t* ctx){
    115. 

  115. 	free(ctx->seed_buffer);
    116. 

  116. 	hfal_hmac_free(&(ctx->mainctx));
    117. 

  117. }
    118. 

  118. 

  119. uint8_t prf_tls12_next(void* dest, prf_tls12_ctx_t* ctx){
    120. 

  120. 	hfhmacgen_ctx_t tmp_ctx;
    121. 

  121. 	if(hfal_hmac_ctxcopy(&tmp_ctx, &(ctx->mainctx))){
    122. 

  122. 		return 1;
    123. 

  123. 	}
    124. 

  124. 	hfal_hmac_lastBlock(&tmp_ctx, ctx->seed_buffer, ctx->bufferlength_b);
    125. 

  125. 	hfal_hmac_ctx2mac(dest, &tmp_ctx);
    126. 

  126. 	hfal_hmac_free(&tmp_ctx);
    127. 

  127. 	if(hfal_hmac_ctxcopy(&tmp_ctx, &(ctx->mainctx))){
    128. 

  128. 		return 2;
    129. 

  129. 	}
    130. 

  130. 	hfal_hmac_lastBlock(&tmp_ctx, ctx->seed_buffer, ctx->blocklength_b);
    131. 

  131. 	hfal_hmac_ctx2mac(ctx->seed_buffer, &tmp_ctx);
    132. 

  132. 	hfal_hmac_free(&tmp_ctx);
    133. 

  133. 	return 0;
    134. 

  134. }
    135. 

  135. 

  136. uint8_t prf_tls12_fill(void* dest, uint16_t length_B, prf_tls12_ctx_t* ctx){
    137. 

  137. 	uint16_t bs = ctx->blocklength_b/8;
    138. 

  138. 	while(length_B>=bs){
    139. 

  139. 		if(prf_tls12_next(dest, ctx)){
    140. 

  140. 			return 1;
    141. 

  141. 		}
    142. 

  142. 		length_B -= bs;
    143. 

  143. 		dest = (uint8_t*)dest + bs;
    144. 

  144. 	}
    145. 

  145. 	if(length_B){
    146. 

  146. 		uint8_t buffer[bs];
    147. 

  147. 		if(prf_tls12_next(buffer, ctx)){
    148. 

  148. 			return 2;
    149. 

  149. 		}
    150. 

  150. 		memcpy(dest, buffer, length_B);
    151. 

  151. 	}
    152. 

  152. 	return 0;
    153. 

  153. }
    154.