-/* ====================================================================
- * Copyright (c) 2016 The OpenSSL Project. All rights reserved.
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <stdlib.h>
unsigned char *okm, size_t okm_len);
typedef struct {
+ int mode;
const EVP_MD *md;
unsigned char *salt;
size_t salt_len;
kctx->md = p2;
return 1;
+ case EVP_PKEY_CTRL_HKDF_MODE:
+ kctx->mode = p1;
+ return 1;
+
case EVP_PKEY_CTRL_HKDF_SALT:
if (p1 == 0 || p2 == NULL)
return 1;
static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
const char *value)
{
+ if (strcmp(type, "mode") == 0) {
+ int mode;
+
+ if (strcmp(value, "EXTRACT_AND_EXPAND") == 0)
+ mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND;
+ else if (strcmp(value, "EXTRACT_ONLY") == 0)
+ mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
+ else if (strcmp(value, "EXPAND_ONLY") == 0)
+ mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
+ else
+ return 0;
+
+ return EVP_PKEY_CTX_hkdf_mode(ctx, mode);
+ }
+
if (strcmp(type, "md") == 0)
- return EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_get_digestbyname(value));
+ return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
+ EVP_PKEY_CTRL_HKDF_MD, value);
if (strcmp(type, "salt") == 0)
return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
if (strcmp(type, "hexinfo") == 0)
return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+ KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
return -2;
}
{
HKDF_PKEY_CTX *kctx = ctx->data;
- if (kctx->md == NULL || kctx->key == NULL)
+ if (kctx->md == NULL) {
+ KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
return 0;
-
- if (HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, kctx->key_len,
- kctx->info, kctx->info_len, key, *keylen) == NULL)
- {
+ }
+ if (kctx->key == NULL) {
+ KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY);
return 0;
}
- return 1;
+ switch (kctx->mode) {
+ case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
+ return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+ kctx->key_len, kctx->info, kctx->info_len, key,
+ *keylen) != NULL;
+
+ case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
+ if (key == NULL) {
+ *keylen = EVP_MD_size(kctx->md);
+ return 1;
+ }
+ return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+ kctx->key_len, key, keylen) != NULL;
+
+ case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
+ return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info,
+ kctx->info_len, key, *keylen) != NULL;
+
+ default:
+ return 0;
+ }
}
const EVP_PKEY_METHOD hkdf_pkey_meth = {
unsigned char *okm, size_t okm_len)
{
unsigned char prk[EVP_MAX_MD_SIZE];
+ unsigned char *ret;
size_t prk_len;
if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len))
return NULL;
- return HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+ ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+ OPENSSL_cleanse(prk, sizeof(prk));
+
+ return ret;
}
static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
if (okm_len % dig_len)
n++;
- if (n > 255)
+ if (n > 255 || okm == NULL)
return NULL;
if ((hmac = HMAC_CTX_new()) == NULL)