| Index: crypto/hkdf.cc
|
| diff --git a/crypto/hkdf.cc b/crypto/hkdf.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..82aae24679e45ab8ca9dd2acbc2b0a809a48f543
|
| --- /dev/null
|
| +++ b/crypto/hkdf.cc
|
| @@ -0,0 +1,107 @@
|
| +// Copyright (c) 2013 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "crypto/hkdf.h"
|
| +
|
| +#include "base/logging.h"
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "crypto/hmac.h"
|
| +
|
| +namespace crypto {
|
| +
|
| +const size_t kSHA256HashLength = 32;
|
| +
|
| +HKDF::HKDF(const base::StringPiece& secret,
|
| + const base::StringPiece& salt,
|
| + const base::StringPiece& info,
|
| + size_t key_bytes_to_generate,
|
| + size_t iv_bytes_to_generate,
|
| + size_t subkey_secret_bytes_to_generate) {
|
| + // https://tools.ietf.org/html/rfc5869#section-2.2
|
| + base::StringPiece actual_salt = salt;
|
| + char zeros[kSHA256HashLength];
|
| + if (actual_salt.empty()) {
|
| + // If salt is not given, HashLength zeros are used.
|
| + memset(zeros, 0, sizeof(zeros));
|
| + actual_salt.set(zeros, sizeof(zeros));
|
| + }
|
| +
|
| + // Perform the Extract step to transform the input key and
|
| + // salt into the pseudorandom key (PRK) used for Expand.
|
| + HMAC prk_hmac(HMAC::SHA256);
|
| + bool result = prk_hmac.Init(actual_salt);
|
| + DCHECK(result);
|
| +
|
| + // |prk| is a pseudorandom key (of kSHA256HashLength octets).
|
| + uint8 prk[kSHA256HashLength];
|
| + DCHECK_EQ(sizeof(prk), prk_hmac.DigestLength());
|
| + result = prk_hmac.Sign(secret, prk, sizeof(prk));
|
| + DCHECK(result);
|
| +
|
| + // https://tools.ietf.org/html/rfc5869#section-2.3
|
| + // Perform the Expand phase to turn the pseudorandom key
|
| + // and info into the output keying material.
|
| + const size_t material_length = 2 * key_bytes_to_generate +
|
| + 2 * iv_bytes_to_generate +
|
| + subkey_secret_bytes_to_generate;
|
| + const size_t n = (material_length + kSHA256HashLength-1) /
|
| + kSHA256HashLength;
|
| + DCHECK_LT(n, 256u);
|
| +
|
| + output_.resize(n * kSHA256HashLength);
|
| + base::StringPiece previous;
|
| +
|
| + scoped_ptr<char[]> buf(new char[kSHA256HashLength + info.size() + 1]);
|
| + uint8 digest[kSHA256HashLength];
|
| +
|
| + HMAC hmac(HMAC::SHA256);
|
| + result = hmac.Init(prk, sizeof(prk));
|
| + DCHECK(result);
|
| +
|
| + for (size_t i = 0; i < n; i++) {
|
| + memcpy(buf.get(), previous.data(), previous.size());
|
| + size_t j = previous.size();
|
| + memcpy(buf.get() + j, info.data(), info.size());
|
| + j += info.size();
|
| + buf[j++] = static_cast<char>(i + 1);
|
| +
|
| + result = hmac.Sign(base::StringPiece(buf.get(), j), digest, sizeof(digest));
|
| + DCHECK(result);
|
| +
|
| + memcpy(&output_[i*sizeof(digest)], digest, sizeof(digest));
|
| + previous = base::StringPiece(reinterpret_cast<char*>(digest),
|
| + sizeof(digest));
|
| + }
|
| +
|
| + size_t j = 0;
|
| + // On Windows, when the size of output_ is zero, dereference of 0'th element
|
| + // results in a crash. C++11 solves this problem by adding a data() getter
|
| + // method to std::vector.
|
| + if (key_bytes_to_generate) {
|
| + client_write_key_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]),
|
| + key_bytes_to_generate);
|
| + j += key_bytes_to_generate;
|
| + server_write_key_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]),
|
| + key_bytes_to_generate);
|
| + j += key_bytes_to_generate;
|
| + }
|
| +
|
| + if (iv_bytes_to_generate) {
|
| + client_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]),
|
| + iv_bytes_to_generate);
|
| + j += iv_bytes_to_generate;
|
| + server_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]),
|
| + iv_bytes_to_generate);
|
| + j += iv_bytes_to_generate;
|
| + }
|
| + if (subkey_secret_bytes_to_generate) {
|
| + subkey_secret_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]),
|
| + subkey_secret_bytes_to_generate);
|
| + }
|
| +}
|
| +
|
| +HKDF::~HKDF() {
|
| +}
|
| +
|
| +} // namespace crypto
|
|
|
Chromium Code Reviews
