doxygen/html/lc__hkdf_8h_source.html

/*

 * Copyright (C) 2022 - 2024, Stephan Mueller <smueller@chronox.de>

 *

 * License: see LICENSE file in root directory

 *

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF

 * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE

 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT

 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE

 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH

 * DAMAGE.

 */


#ifndef LC_HKDF_H

#define LC_HKDF_H


#include "ext_headers.h"

#include "lc_hmac.h"

#include "lc_rng.h"

#include "lc_memset_secure.h"


#ifdef __cplusplus

extern "C" {

#endif


struct lc_hkdf_ctx {

        uint8_t partial[LC_SHA_MAX_SIZE_DIGEST];

        size_t partial_ptr;

        uint8_t ctr;

        uint8_t rng_initialized : 1;

        struct lc_hmac_ctx hmac_ctx;

};


#define LC_HKDF_STATE_SIZE(hashname) (LC_HMAC_CTX_SIZE(hashname))

#define LC_HKDF_CTX_SIZE(hashname)                                             \

        (sizeof(struct lc_hkdf_ctx) + LC_HKDF_STATE_SIZE(hashname))


#define _LC_HKDF_SET_CTX(name, hashname, ctx, offset)                          \

        _LC_HMAC_SET_CTX((&(name)->hmac_ctx), hashname, ctx, offset)


#define LC_HKDF_SET_CTX(name, hashname)                                        \

        _LC_HKDF_SET_CTX(name, hashname, name, sizeof(struct lc_hkdf_ctx))


int lc_hkdf_extract(struct lc_hkdf_ctx *hkdf_ctx, const uint8_t *ikm,

                    size_t ikmlen, const uint8_t *salt, size_t saltlen);


int lc_hkdf_expand(struct lc_hkdf_ctx *hkdf_ctx, const uint8_t *info,

                   size_t infolen, uint8_t *dst, size_t dlen);


static inline void lc_hkdf_zero(struct lc_hkdf_ctx *hkdf_ctx)

{

        /*

         * The use of this function implies that ->hmac_ctx is followed

         * immediately by the state buffer!

         */

        lc_hmac_zero(&hkdf_ctx->hmac_ctx);

        lc_memset_secure(hkdf_ctx->partial, 0, LC_SHA_MAX_SIZE_DIGEST);

        hkdf_ctx->ctr = 0x01;

        hkdf_ctx->rng_initialized = 0;

        hkdf_ctx->partial_ptr = LC_SHA_MAX_SIZE_DIGEST;

}


int lc_hkdf_alloc(const struct lc_hash *hash, struct lc_hkdf_ctx **hkdf_ctx);


void lc_hkdf_zero_free(struct lc_hkdf_ctx *hkdf_ctx);


#define LC_HKDF_CTX_ON_STACK(name, hashname)                                        \

        _Pragma("GCC diagnostic push")                                              \

                _Pragma("GCC diagnostic ignored \"-Wvla\"") _Pragma(                \

                        "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \

                        LC_ALIGNED_BUFFER(name##_ctx_buf,                           \

                                          LC_HKDF_CTX_SIZE(hashname),               \

                                          LC_HASH_COMMON_ALIGNMENT);                \

        struct lc_hkdf_ctx *name = (struct lc_hkdf_ctx *)name##_ctx_buf;            \

        LC_HKDF_SET_CTX(name, hashname);                                            \

        lc_hkdf_zero(name);                                                         \

        _Pragma("GCC diagnostic pop")


static inline int lc_hkdf(const struct lc_hash *hash, const uint8_t *ikm,

                          size_t ikmlen, const uint8_t *salt, size_t saltlen,

                          const uint8_t *info, size_t infolen, uint8_t *dst,

                          size_t dlen)

{

        int ret;

        LC_HKDF_CTX_ON_STACK(hkdf, hash);


        ret = lc_hkdf_extract(hkdf, ikm, ikmlen, salt, saltlen);

        if (ret < 0)

                goto out;

        ret = lc_hkdf_expand(hkdf, info, infolen, dst, dlen);


out:

        lc_hkdf_zero(hkdf);

        return ret;

}


/******************************** HKDF as RNG *********************************/


/* HKDF DRNG implementation */

extern const struct lc_rng *lc_hkdf_rng;


#define LC_HKDF_DRNG_CTX_SIZE(hashname)                                        \

        (sizeof(struct lc_rng_ctx) + LC_HKDF_CTX_SIZE(hashname))


#define LC_HKDF_DRNG_SET_CTX(name, hashname) LC_HKDF_SET_CTX(name, hashname)


#define LC_HKDF_RNG_CTX(name, hashname)                                        \

        LC_RNG_CTX(name, lc_hkdf_rng);                                         \

        LC_HKDF_DRNG_SET_CTX(((struct lc_hkdf_ctx *)(name->rng_state)),        \

                             hashname);                                        \

        lc_rng_zero(name)


#define LC_HKDF_DRNG_CTX_ON_STACK(name, hashname)                                   \

        _Pragma("GCC diagnostic push")                                              \

                _Pragma("GCC diagnostic ignored \"-Wvla\"") _Pragma(                \

                        "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \

                        LC_ALIGNED_BUFFER(name##_ctx_buf,                           \

                                          LC_HKDF_DRNG_CTX_SIZE(hashname),          \

                                          LC_HASH_COMMON_ALIGNMENT);                \

        struct lc_rng_ctx *name = (struct lc_rng_ctx *)name##_ctx_buf;              \

        LC_HKDF_RNG_CTX(name, hashname);                                            \

        _Pragma("GCC diagnostic pop")


int lc_hkdf_rng_alloc(struct lc_rng_ctx **state, const struct lc_hash *hash);


#ifdef __cplusplus

}

#endif


#endif /* LC_HKDF_H */

lc_hmac_zero
static void lc_hmac_zero(struct lc_hmac_ctx *hmac_ctx)
Zeroize HMAC context allocated with either HMAC_CTX_ON_STACK or hmac_alloc.
Definition lc_hmac.h:148

lc_hash
void lc_hash(const struct lc_hash *hash, const uint8_t *in, size_t inlen, uint8_t *digest)
Calculate message digest - one-shot.

lc_hkdf_expand
int lc_hkdf_expand(struct lc_hkdf_ctx *hkdf_ctx, const uint8_t *info, size_t infolen, uint8_t *dst, size_t dlen)
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) - RFC5869 Expand phase.

LC_HKDF_CTX_ON_STACK
#define LC_HKDF_CTX_ON_STACK(name, hashname)
Allocate stack memory for the HKDF context.
Definition lc_hkdf.h:142

lc_hkdf
static int lc_hkdf(const struct lc_hash *hash, const uint8_t *ikm, size_t ikmlen, const uint8_t *salt, size_t saltlen, const uint8_t *info, size_t infolen, uint8_t *dst, size_t dlen)
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) - RFC5869 Complete implementation.
Definition lc_hkdf.h:173

lc_hkdf_zero_free
void lc_hkdf_zero_free(struct lc_hkdf_ctx *hkdf_ctx)
Zeroize and free HKDF context.

lc_hkdf_zero
static void lc_hkdf_zero(struct lc_hkdf_ctx *hkdf_ctx)
Zeroize HKDF context allocated with either LC_HKDF_CTX_ON_STACK or hkdf_alloc.
Definition lc_hkdf.h:102

lc_hkdf_alloc
int lc_hkdf_alloc(const struct lc_hash *hash, struct lc_hkdf_ctx **hkdf_ctx)
Allocate HKDF context on heap.

lc_hkdf_extract
int lc_hkdf_extract(struct lc_hkdf_ctx *hkdf_ctx, const uint8_t *ikm, size_t ikmlen, const uint8_t *salt, size_t saltlen)
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) - RFC5869 Extract phase.

lc_hkdf_rng_alloc
int lc_hkdf_rng_alloc(struct lc_rng_ctx **state, const struct lc_hash *hash)
Allocation of a HKDF DRNG context.

lc_hkdf_rng
const struct lc_rng * lc_hkdf_rng

lc_hmac.h

lc_memset_secure.h

lc_memset_secure
static void lc_memset_secure(void *s, int c, size_t n)
Definition lc_memset_secure.h:79

lc_rng.h