OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/hkdf.h" | 5 #include "crypto/hkdf.h" |
6 | 6 |
| 7 #include <stddef.h> |
| 8 #include <stdint.h> |
| 9 |
7 #include "base/logging.h" | 10 #include "base/logging.h" |
8 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
9 #include "crypto/hmac.h" | 12 #include "crypto/hmac.h" |
10 | 13 |
11 namespace crypto { | 14 namespace crypto { |
12 | 15 |
13 const size_t kSHA256HashLength = 32; | 16 const size_t kSHA256HashLength = 32; |
14 | 17 |
15 HKDF::HKDF(const base::StringPiece& secret, | 18 HKDF::HKDF(const base::StringPiece& secret, |
16 const base::StringPiece& salt, | 19 const base::StringPiece& salt, |
(...skipping 10 matching lines...) Expand all Loading... |
27 actual_salt.set(zeros, sizeof(zeros)); | 30 actual_salt.set(zeros, sizeof(zeros)); |
28 } | 31 } |
29 | 32 |
30 // Perform the Extract step to transform the input key and | 33 // Perform the Extract step to transform the input key and |
31 // salt into the pseudorandom key (PRK) used for Expand. | 34 // salt into the pseudorandom key (PRK) used for Expand. |
32 HMAC prk_hmac(HMAC::SHA256); | 35 HMAC prk_hmac(HMAC::SHA256); |
33 bool result = prk_hmac.Init(actual_salt); | 36 bool result = prk_hmac.Init(actual_salt); |
34 DCHECK(result); | 37 DCHECK(result); |
35 | 38 |
36 // |prk| is a pseudorandom key (of kSHA256HashLength octets). | 39 // |prk| is a pseudorandom key (of kSHA256HashLength octets). |
37 uint8 prk[kSHA256HashLength]; | 40 uint8_t prk[kSHA256HashLength]; |
38 DCHECK_EQ(sizeof(prk), prk_hmac.DigestLength()); | 41 DCHECK_EQ(sizeof(prk), prk_hmac.DigestLength()); |
39 result = prk_hmac.Sign(secret, prk, sizeof(prk)); | 42 result = prk_hmac.Sign(secret, prk, sizeof(prk)); |
40 DCHECK(result); | 43 DCHECK(result); |
41 | 44 |
42 // https://tools.ietf.org/html/rfc5869#section-2.3 | 45 // https://tools.ietf.org/html/rfc5869#section-2.3 |
43 // Perform the Expand phase to turn the pseudorandom key | 46 // Perform the Expand phase to turn the pseudorandom key |
44 // and info into the output keying material. | 47 // and info into the output keying material. |
45 const size_t material_length = 2 * key_bytes_to_generate + | 48 const size_t material_length = 2 * key_bytes_to_generate + |
46 2 * iv_bytes_to_generate + | 49 2 * iv_bytes_to_generate + |
47 subkey_secret_bytes_to_generate; | 50 subkey_secret_bytes_to_generate; |
48 const size_t n = (material_length + kSHA256HashLength-1) / | 51 const size_t n = (material_length + kSHA256HashLength-1) / |
49 kSHA256HashLength; | 52 kSHA256HashLength; |
50 DCHECK_LT(n, 256u); | 53 DCHECK_LT(n, 256u); |
51 | 54 |
52 output_.resize(n * kSHA256HashLength); | 55 output_.resize(n * kSHA256HashLength); |
53 base::StringPiece previous; | 56 base::StringPiece previous; |
54 | 57 |
55 scoped_ptr<char[]> buf(new char[kSHA256HashLength + info.size() + 1]); | 58 scoped_ptr<char[]> buf(new char[kSHA256HashLength + info.size() + 1]); |
56 uint8 digest[kSHA256HashLength]; | 59 uint8_t digest[kSHA256HashLength]; |
57 | 60 |
58 HMAC hmac(HMAC::SHA256); | 61 HMAC hmac(HMAC::SHA256); |
59 result = hmac.Init(prk, sizeof(prk)); | 62 result = hmac.Init(prk, sizeof(prk)); |
60 DCHECK(result); | 63 DCHECK(result); |
61 | 64 |
62 for (size_t i = 0; i < n; i++) { | 65 for (size_t i = 0; i < n; i++) { |
63 memcpy(buf.get(), previous.data(), previous.size()); | 66 memcpy(buf.get(), previous.data(), previous.size()); |
64 size_t j = previous.size(); | 67 size_t j = previous.size(); |
65 memcpy(buf.get() + j, info.data(), info.size()); | 68 memcpy(buf.get() + j, info.data(), info.size()); |
66 j += info.size(); | 69 j += info.size(); |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
98 if (subkey_secret_bytes_to_generate) { | 101 if (subkey_secret_bytes_to_generate) { |
99 subkey_secret_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), | 102 subkey_secret_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), |
100 subkey_secret_bytes_to_generate); | 103 subkey_secret_bytes_to_generate); |
101 } | 104 } |
102 } | 105 } |
103 | 106 |
104 HKDF::~HKDF() { | 107 HKDF::~HKDF() { |
105 } | 108 } |
106 | 109 |
107 } // namespace crypto | 110 } // namespace crypto |
OLD | NEW |