kdf_hkdf_sha512.c (3920B)
1 #include <errno.h> 2 #include <string.h> 3 4 #include "crypto_auth_hmacsha512.h" 5 #include "crypto_kdf.h" 6 #include "crypto_kdf_hkdf_sha512.h" 7 #include "randombytes.h" 8 #include "utils.h" 9 10 int 11 crypto_kdf_hkdf_sha512_extract_init(crypto_kdf_hkdf_sha512_state *state, 12 const unsigned char *salt, size_t salt_len) 13 { 14 return crypto_auth_hmacsha512_init(&state->st, salt, salt_len); 15 } 16 17 int 18 crypto_kdf_hkdf_sha512_extract_update(crypto_kdf_hkdf_sha512_state *state, 19 const unsigned char *ikm, size_t ikm_len) 20 { 21 return crypto_auth_hmacsha512_update(&state->st, ikm, ikm_len); 22 } 23 24 int 25 crypto_kdf_hkdf_sha512_extract_final(crypto_kdf_hkdf_sha512_state *state, 26 unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES]) 27 { 28 crypto_auth_hmacsha512_final(&state->st, prk); 29 sodium_memzero(state, sizeof state); 30 31 return 0; 32 } 33 34 int 35 crypto_kdf_hkdf_sha512_extract( 36 unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES], 37 const unsigned char *salt, size_t salt_len, const unsigned char *ikm, 38 size_t ikm_len) 39 { 40 crypto_kdf_hkdf_sha512_state state; 41 42 crypto_kdf_hkdf_sha512_extract_init(&state, salt, salt_len); 43 crypto_kdf_hkdf_sha512_extract_update(&state, ikm, ikm_len); 44 45 return crypto_kdf_hkdf_sha512_extract_final(&state, prk); 46 } 47 48 void 49 crypto_kdf_hkdf_sha512_keygen(unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES]) 50 { 51 randombytes_buf(prk, crypto_kdf_hkdf_sha512_KEYBYTES); 52 } 53 54 int 55 crypto_kdf_hkdf_sha512_expand(unsigned char *out, size_t out_len, 56 const char *ctx, size_t ctx_len, 57 const unsigned char prk[crypto_kdf_hkdf_sha512_KEYBYTES]) 58 { 59 crypto_auth_hmacsha512_state st; 60 unsigned char tmp[crypto_auth_hmacsha512_BYTES]; 61 size_t i; 62 size_t left; 63 unsigned char counter = 1U; 64 65 if (out_len > crypto_kdf_hkdf_sha512_BYTES_MAX) { 66 errno = EINVAL; 67 return -1; 68 } 69 for (i = (size_t) 0U; i + crypto_auth_hmacsha512_BYTES <= out_len; 70 i += crypto_auth_hmacsha512_BYTES) { 71 crypto_auth_hmacsha512_init(&st, prk, crypto_kdf_hkdf_sha512_KEYBYTES); 72 if (i != (size_t) 0U) { 73 crypto_auth_hmacsha512_update(&st, 74 &out[i - crypto_auth_hmacsha512_BYTES], 75 crypto_auth_hmacsha512_BYTES); 76 } 77 crypto_auth_hmacsha512_update(&st, 78 (const unsigned char *) ctx, ctx_len); 79 crypto_auth_hmacsha512_update(&st, &counter, (size_t) 1U); 80 crypto_auth_hmacsha512_final(&st, &out[i]); 81 counter++; 82 } 83 if ((left = out_len & (crypto_auth_hmacsha512_BYTES - 1U)) != (size_t) 0U) { 84 crypto_auth_hmacsha512_init(&st, prk, crypto_kdf_hkdf_sha512_KEYBYTES); 85 if (i != (size_t) 0U) { 86 crypto_auth_hmacsha512_update(&st, 87 &out[i - crypto_auth_hmacsha512_BYTES], 88 crypto_auth_hmacsha512_BYTES); 89 } 90 crypto_auth_hmacsha512_update(&st, 91 (const unsigned char *) ctx, ctx_len); 92 crypto_auth_hmacsha512_update(&st, &counter, (size_t) 1U); 93 crypto_auth_hmacsha512_final(&st, tmp); 94 memcpy(&out[i], tmp, left); 95 sodium_memzero(tmp, sizeof tmp); 96 } 97 sodium_memzero(&st, sizeof st); 98 99 return 0; 100 } 101 102 size_t 103 crypto_kdf_hkdf_sha512_keybytes(void) 104 { 105 return crypto_kdf_hkdf_sha512_KEYBYTES; 106 } 107 108 size_t 109 crypto_kdf_hkdf_sha512_bytes_min(void) 110 { 111 return crypto_kdf_hkdf_sha512_BYTES_MIN; 112 } 113 114 size_t 115 crypto_kdf_hkdf_sha512_bytes_max(void) 116 { 117 return crypto_kdf_hkdf_sha512_BYTES_MAX; 118 } 119 120 size_t crypto_kdf_hkdf_sha512_statebytes(void) 121 { 122 return sizeof(crypto_kdf_hkdf_sha512_state); 123 }