首頁 探索 說明
登入
OWEALs
/
openssl
镜像来自 git://git.openssl.org/openssl.git
2
0
複刻 0
檔案 問題管理 1 Wiki
目錄樹: 48cc4e0c20
分支列表 標籤列表
openssl
/
crypto
/
hpke
/
hpke_util.c

hpke_util.c 6.6 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175 
  1. /*
    2. 

  2.  * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. #include <openssl/core_names.h>
    11. 

  11. #include <openssl/kdf.h>
    12. 

  12. #include <openssl/params.h>
    13. 

  13. #include <openssl/err.h>
    14. 

  14. #include <openssl/proverr.h>
    15. 

  15. #include "crypto/hpke.h"
    16. 

  16. #include "internal/packet.h"
    17. 

  17. 

  18. /*
    19. 

  19.  * The largest value happens inside dhkem_extract_and_expand
    20. 

  20.  * Which consists of a max dkmlen of 2*privkeylen + suiteid + small label
    21. 

  21.  */
    22. 

  22. #define LABELED_EXTRACT_SIZE (10 + 12 + 2 * OSSL_HPKE_MAX_PRIVATE)
    23. 

  23. 

  24. /*
    25. 

  25.  * The largest value happens inside dhkem_extract_and_expand
    26. 

  26.  * Which consists of a prklen of secretlen + contextlen of 3 encoded public keys
    27. 

  27.  * + suiteid + small label
    28. 

  28.  */
    29. 

  29. #define LABELED_EXPAND_SIZE (LABELED_EXTRACT_SIZE + 3 * OSSL_HPKE_MAX_PUBLIC)
    30. 

  30. 

  31. /* ASCII: "HPKE-v1", in hex for EBCDIC compatibility */
    32. 

  32. static const char LABEL_HPKEV1[] = "\x48\x50\x4B\x45\x2D\x76\x31";
    33. 

  33. 

  34. static int kdf_derive(EVP_KDF_CTX *kctx,
    35. 

  35.                       unsigned char *out, size_t outlen, int mode,
    36. 

  36.                       const unsigned char *salt, size_t saltlen,
    37. 

  37.                       const unsigned char *ikm, size_t ikmlen,
    38. 

  38.                       const unsigned char *info, size_t infolen)
    39. 

  39. {
    40. 

  40.     int ret;
    41. 

  41.     OSSL_PARAM params[5], *p = params;
    42. 

  42. 

  43.     *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
    44. 

  44.     if (salt != NULL)
    45. 

  45.         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
    46. 

  46.                                                  (char *)salt, saltlen);
    47. 

  47.     if (ikm != NULL)
    48. 

  48.         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
    49. 

  49.                                                  (char *)ikm, ikmlen);
    50. 

  50.     if (info != NULL)
    51. 

  51.         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
    52. 

  52.                                                  (char *)info, infolen);
    53. 

  53.     *p = OSSL_PARAM_construct_end();
    54. 

  54.     ret = EVP_KDF_derive(kctx, out, outlen, params) > 0;
    55. 

  55.     if (!ret)
    56. 

  56.         ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION);
    57. 

  57.     return ret;
    58. 

  58. }
    59. 

  59. 

  60. int ossl_hpke_kdf_extract(EVP_KDF_CTX *kctx,
    61. 

  61.                           unsigned char *prk, size_t prklen,
    62. 

  62.                           const unsigned char *salt, size_t saltlen,
    63. 

  63.                           const unsigned char *ikm, size_t ikmlen)
    64. 

  64. {
    65. 

  65.     return kdf_derive(kctx, prk, prklen, EVP_KDF_HKDF_MODE_EXTRACT_ONLY,
    66. 

  66.                       salt, saltlen, ikm, ikmlen, NULL, 0);
    67. 

  67. }
    68. 

  68. 

  69. /* Common code to perform a HKDF expand */
    70. 

  70. int ossl_hpke_kdf_expand(EVP_KDF_CTX *kctx,
    71. 

  71.                          unsigned char *okm, size_t okmlen,
    72. 

  72.                          const unsigned char *prk, size_t prklen,
    73. 

  73.                          const unsigned char *info, size_t infolen)
    74. 

  74. {
    75. 

  75.     return kdf_derive(kctx, okm, okmlen, EVP_KDF_HKDF_MODE_EXPAND_ONLY,
    76. 

  76.                       NULL, 0, prk, prklen, info, infolen);
    77. 

  77. }
    78. 

  78. 

  79. /*
    80. 

  80.  * See RFC 9180 Section 4 LabelExtract()
    81. 

  81.  */
    82. 

  82. int ossl_hpke_labeled_extract(EVP_KDF_CTX *kctx,
    83. 

  83.                               unsigned char *prk, size_t prklen,
    84. 

  84.                               const unsigned char *salt, size_t saltlen,
    85. 

  85.                               const unsigned char *suiteid, size_t suiteidlen,
    86. 

  86.                               const char *label,
    87. 

  87.                               const unsigned char *ikm, size_t ikmlen)
    88. 

  88. {
    89. 

  89.     int ret = 0;
    90. 

  90.     size_t labeled_ikmlen = 0;
    91. 

  91.     unsigned char labeled_ikm[LABELED_EXTRACT_SIZE];
    92. 

  92.     WPACKET pkt;
    93. 

  93. 

  94.     /* labeled_ikm = concat("HPKE-v1", suiteid, label, ikm) */
    95. 

  95.     if (!WPACKET_init_static_len(&pkt, labeled_ikm, sizeof(labeled_ikm), 0)
    96. 

  96.             || !WPACKET_memcpy(&pkt, LABEL_HPKEV1, strlen(LABEL_HPKEV1))
    97. 

  97.             || !WPACKET_memcpy(&pkt, suiteid, suiteidlen)
    98. 

  98.             || !WPACKET_memcpy(&pkt, label, strlen(label))
    99. 

  99.             || !WPACKET_memcpy(&pkt, ikm, ikmlen)
    100. 

  100.             || !WPACKET_get_total_written(&pkt, &labeled_ikmlen)
    101. 

  101.             || !WPACKET_finish(&pkt)) {
    102. 

  102.         ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
    103. 

  103.         goto end;
    104. 

  104.     }
    105. 

  105. 

  106.     ret = ossl_hpke_kdf_extract(kctx, prk, prklen, salt, saltlen,
    107. 

  107.                                 labeled_ikm, labeled_ikmlen);
    108. 

  108. end:
    109. 

  109.     WPACKET_cleanup(&pkt);
    110. 

  110.     OPENSSL_cleanse(labeled_ikm, labeled_ikmlen);
    111. 

  111.     return ret;
    112. 

  112. }
    113. 

  113. 

  114. /*
    115. 

  115.  * See RFC 9180 Section 4 LabelExpand()
    116. 

  116.  */
    117. 

  117. int ossl_hpke_labeled_expand(EVP_KDF_CTX *kctx,
    118. 

  118.                              unsigned char *okm, size_t okmlen,
    119. 

  119.                              const unsigned char *prk, size_t prklen,
    120. 

  120.                              const unsigned char *suiteid, size_t suiteidlen,
    121. 

  121.                              const char *label,
    122. 

  122.                              const unsigned char *info, size_t infolen)
    123. 

  123. {
    124. 

  124.     int ret = 0;
    125. 

  125.     size_t labeled_infolen = 0;
    126. 

  126.     unsigned char labeled_info[LABELED_EXPAND_SIZE];
    127. 

  127.     WPACKET pkt;
    128. 

  128. 

  129.     /* labeled_info = concat(okmlen, "HPKE-v1", suiteid, label, info) */
    130. 

  130.     if (!WPACKET_init_static_len(&pkt, labeled_info, sizeof(labeled_info), 0)
    131. 

  131.             || !WPACKET_put_bytes_u16(&pkt, okmlen)
    132. 

  132.             || !WPACKET_memcpy(&pkt, LABEL_HPKEV1, strlen(LABEL_HPKEV1))
    133. 

  133.             || !WPACKET_memcpy(&pkt, suiteid, suiteidlen)
    134. 

  134.             || !WPACKET_memcpy(&pkt, label, strlen(label))
    135. 

  135.             || !WPACKET_memcpy(&pkt, info, infolen)
    136. 

  136.             || !WPACKET_get_total_written(&pkt, &labeled_infolen)
    137. 

  137.             || !WPACKET_finish(&pkt)) {
    138. 

  138.         ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
    139. 

  139.         goto end;
    140. 

  140.     }
    141. 

  141. 

  142.     ret = ossl_hpke_kdf_expand(kctx, okm, okmlen,
    143. 

  143.                                prk, prklen, labeled_info, labeled_infolen);
    144. 

  144. end:
    145. 

  145.     WPACKET_cleanup(&pkt);
    146. 

  146.     return ret;
    147. 

  147. }
    148. 

  148. 

  149. /* Common code to create a HKDF ctx */
    150. 

  150. EVP_KDF_CTX *ossl_kdf_ctx_create(const char *kdfname, const char *mdname,
    151. 

  151.                                  OSSL_LIB_CTX *libctx, const char *propq)
    152. 

  152. {
    153. 

  153.     EVP_KDF *kdf;
    154. 

  154.     EVP_KDF_CTX *kctx = NULL;
    155. 

  155. 

  156.     kdf = EVP_KDF_fetch(libctx, kdfname, propq);
    157. 

  157.     kctx = EVP_KDF_CTX_new(kdf);
    158. 

  158.     EVP_KDF_free(kdf);
    159. 

  159.     if (kctx != NULL && mdname != NULL) {
    160. 

  160.         OSSL_PARAM params[3], *p = params;
    161. 

  161. 

  162.         if (mdname != NULL)
    163. 

  163.             *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
    164. 

  164.                                                     (char *)mdname, 0);
    165. 

  165.         if (propq != NULL)
    166. 

  166.             *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_PROPERTIES,
    167. 

  167.                                                     (char *)propq, 0);
    168. 

  168.         *p = OSSL_PARAM_construct_end();
    169. 

  169.         if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
    170. 

  170.             EVP_KDF_CTX_free(kctx);
    171. 

  171.             return NULL;
    172. 

  172.         }
    173. 

  173.     }
    174. 

  174.     return kctx;
    175. 

  175. }
    176.