| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/hkdf.h" | 5 #include "crypto/hkdf.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/memory/scoped_ptr.h" |
| 8 #include "crypto/hmac.h" | 9 #include "crypto/hmac.h" |
| 9 | 10 |
| 10 namespace crypto { | 11 namespace crypto { |
| 11 | 12 |
| 12 const size_t kSHA256HashLength = 32; | 13 const size_t kSHA256HashLength = 32; |
| 13 | 14 |
| 14 HKDF::HKDF(const base::StringPiece& secret, | 15 HKDF::HKDF(const base::StringPiece& secret, |
| 15 const base::StringPiece& salt, | 16 const base::StringPiece& salt, |
| 16 const base::StringPiece& info, | 17 const base::StringPiece& info, |
| 17 size_t key_bytes_to_generate, | 18 size_t key_bytes_to_generate, |
| 18 size_t iv_bytes_to_generate) { | 19 size_t iv_bytes_to_generate, |
| 20 size_t subkey_secret_bytes_to_generate) { |
| 19 // https://tools.ietf.org/html/rfc5869#section-2.2 | 21 // https://tools.ietf.org/html/rfc5869#section-2.2 |
| 20 base::StringPiece actual_salt = salt; | 22 base::StringPiece actual_salt = salt; |
| 21 char zeros[kSHA256HashLength]; | 23 char zeros[kSHA256HashLength]; |
| 22 if (actual_salt.empty()) { | 24 if (actual_salt.empty()) { |
| 23 // If salt is not given, HashLength zeros are used. | 25 // If salt is not given, HashLength zeros are used. |
| 24 memset(zeros, 0, sizeof(zeros)); | 26 memset(zeros, 0, sizeof(zeros)); |
| 25 actual_salt.set(zeros, sizeof(zeros)); | 27 actual_salt.set(zeros, sizeof(zeros)); |
| 26 } | 28 } |
| 27 | 29 |
| 28 // Perform the Extract step to transform the input key and | 30 // Perform the Extract step to transform the input key and |
| 29 // salt into the pseudorandom key (PRK) used for Expand. | 31 // salt into the pseudorandom key (PRK) used for Expand. |
| 30 HMAC prk_hmac(HMAC::SHA256); | 32 HMAC prk_hmac(HMAC::SHA256); |
| 31 bool result = prk_hmac.Init(actual_salt); | 33 bool result = prk_hmac.Init(actual_salt); |
| 32 DCHECK(result); | 34 DCHECK(result); |
| 33 | 35 |
| 34 // |prk| is a pseudorandom key (of kSHA256HashLength octets). | 36 // |prk| is a pseudorandom key (of kSHA256HashLength octets). |
| 35 uint8 prk[kSHA256HashLength]; | 37 uint8 prk[kSHA256HashLength]; |
| 36 DCHECK_EQ(sizeof(prk), prk_hmac.DigestLength()); | 38 DCHECK_EQ(sizeof(prk), prk_hmac.DigestLength()); |
| 37 result = prk_hmac.Sign(secret, prk, sizeof(prk)); | 39 result = prk_hmac.Sign(secret, prk, sizeof(prk)); |
| 38 DCHECK(result); | 40 DCHECK(result); |
| 39 | 41 |
| 40 // https://tools.ietf.org/html/rfc5869#section-2.3 | 42 // https://tools.ietf.org/html/rfc5869#section-2.3 |
| 41 // Perform the Expand phase to turn the pseudorandom key | 43 // Perform the Expand phase to turn the pseudorandom key |
| 42 // and info into the output keying material. | 44 // and info into the output keying material. |
| 43 const size_t material_length = | 45 const size_t material_length = 2 * key_bytes_to_generate + |
| 44 2*key_bytes_to_generate + 2*iv_bytes_to_generate; | 46 2 * iv_bytes_to_generate + |
| 47 subkey_secret_bytes_to_generate; |
| 45 const size_t n = (material_length + kSHA256HashLength-1) / | 48 const size_t n = (material_length + kSHA256HashLength-1) / |
| 46 kSHA256HashLength; | 49 kSHA256HashLength; |
| 47 DCHECK_LT(n, 256u); | 50 DCHECK_LT(n, 256u); |
| 48 | 51 |
| 49 output_.resize(n * kSHA256HashLength); | 52 output_.resize(n * kSHA256HashLength); |
| 50 base::StringPiece previous; | 53 base::StringPiece previous; |
| 51 | 54 |
| 52 scoped_ptr<char[]> buf(new char[kSHA256HashLength + info.size() + 1]); | 55 scoped_ptr<char[]> buf(new char[kSHA256HashLength + info.size() + 1]); |
| 53 uint8 digest[kSHA256HashLength]; | 56 uint8 digest[kSHA256HashLength]; |
| 54 | 57 |
| (...skipping 28 matching lines...) Expand all Loading... |
| 83 key_bytes_to_generate); | 86 key_bytes_to_generate); |
| 84 j += key_bytes_to_generate; | 87 j += key_bytes_to_generate; |
| 85 } | 88 } |
| 86 | 89 |
| 87 if (iv_bytes_to_generate) { | 90 if (iv_bytes_to_generate) { |
| 88 client_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), | 91 client_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), |
| 89 iv_bytes_to_generate); | 92 iv_bytes_to_generate); |
| 90 j += iv_bytes_to_generate; | 93 j += iv_bytes_to_generate; |
| 91 server_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), | 94 server_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), |
| 92 iv_bytes_to_generate); | 95 iv_bytes_to_generate); |
| 96 j += iv_bytes_to_generate; |
| 97 } |
| 98 if (subkey_secret_bytes_to_generate) { |
| 99 subkey_secret_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), |
| 100 subkey_secret_bytes_to_generate); |
| 93 } | 101 } |
| 94 } | 102 } |
| 95 | 103 |
| 96 HKDF::~HKDF() { | 104 HKDF::~HKDF() { |
| 97 } | 105 } |
| 98 | 106 |
| 99 } // namespace crypto | 107 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 423333002:
Implement QUIC key extraction. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src