1/* $NetBSD: sp800-108-kdf.c,v 1.4 2023/06/19 21:41:44 christos Exp $ */ 2 3/* 4 * Copyright (c) 2015, Secure Endpoints Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * - Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * - Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 22 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 23 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 24 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 25 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 28 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 30 * OF THE POSSIBILITY OF SUCH DAMAGE. 31 * 32 */ 33 34#include "krb5_locl.h" 35 36/* 37 * SP800-108 KDF 38 */ 39 40/** 41 * As described in SP800-108 5.1 (for HMAC) 42 * 43 * @param context Kerberos 5 context 44 * @param kdf_K1 Base key material. 45 * @param kdf_label A string that identifies the purpose for the derived key. 46 * @param kdf_context A binary string containing parties, nonce, etc. 47 * @param md Message digest function to use for PRF. 48 * @param kdf_K0 Derived key data. 49 * 50 * @return Return an error code for an failure or 0 on success. 51 * @ingroup krb5_crypto 52 */ 53krb5_error_code 54_krb5_SP800_108_HMAC_KDF(krb5_context context, 55 const krb5_data *kdf_K1, 56 const krb5_data *kdf_label, 57 const krb5_data *kdf_context, 58 const EVP_MD *md, 59 krb5_data *kdf_K0) 60{ 61 HMAC_CTX *c; 62 unsigned char *p = kdf_K0->data; 63 size_t i, n, left = kdf_K0->length; 64 unsigned char hmac[EVP_MAX_MD_SIZE]; 65 unsigned int h = EVP_MD_size(md); 66 const size_t L = kdf_K0->length; 67 68 heim_assert(md != NULL, "SP800-108 KDF internal error"); 69 70#if OPENSSL_VERSION_NUMBER < 0x10100000UL 71 HMAC_CTX cs; 72 c = &cs; 73 HMAC_CTX_init(c); 74#else 75 c = HMAC_CTX_new(); 76#endif 77 78 n = L / h; 79 80 for (i = 0; i <= n; i++) { 81 unsigned char tmp[4]; 82 size_t len; 83 84 HMAC_Init_ex(c, kdf_K1->data, kdf_K1->length, md, NULL); 85 86 _krb5_put_int(tmp, i + 1, 4); 87 HMAC_Update(c, tmp, 4); 88 HMAC_Update(c, kdf_label->data, kdf_label->length); 89 HMAC_Update(c, (unsigned char *)"", 1); 90 if (kdf_context) 91 HMAC_Update(c, kdf_context->data, kdf_context->length); 92 _krb5_put_int(tmp, L * 8, 4); 93 HMAC_Update(c, tmp, 4); 94 95 HMAC_Final(c, hmac, &h); 96 len = h > left ? left : h; 97 memcpy(p, hmac, len); 98 p += len; 99 left -= len; 100 } 101 102#if OPENSSL_VERSION_NUMBER < 0x10100000UL 103 HMAC_CTX_cleanup(c); 104#else 105 HMAC_CTX_free(c); 106#endif 107 108 return 0; 109} 110