-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathkdf.h
More file actions
199 lines (165 loc) · 7.4 KB
/
kdf.h
File metadata and controls
199 lines (165 loc) · 7.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
/* kdf.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/*!
\file wolfssl/wolfcrypt/kdf.h
*/
#ifndef NO_KDF
#ifndef WOLF_CRYPT_KDF_H
#define WOLF_CRYPT_KDF_H
#if defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)
#include <wolfssl/wolfcrypt/fips.h>
#endif
#include <wolfssl/wolfcrypt/hmac.h>
#ifdef HAVE_CMAC_KDF
#include <wolfssl/wolfcrypt/cmac.h>
#endif /* HAVE_CMAC_KDF */
#ifdef __cplusplus
extern "C" {
#endif
#if FIPS_VERSION3_GE(6,0,0)
extern const unsigned int wolfCrypt_FIPS_kdf_ro_sanity[2];
WOLFSSL_LOCAL int wolfCrypt_FIPS_KDF_sanity(void);
#endif
enum max_prf {
#ifdef HAVE_FFDHE_8192
MAX_PRF_HALF = 516, /* Maximum half secret len */
#elif defined(HAVE_FFDHE_6144)
MAX_PRF_HALF = 388, /* Maximum half secret len */
#else
MAX_PRF_HALF = 260, /* Maximum half secret len */
#endif
MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
MAX_PRF_DIG = 224 /* Maximum digest len */
};
#ifdef WOLFSSL_HAVE_PRF
WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret,
word32 secLen, const byte* seed, word32 seedLen, int hash,
void* heap, int devId);
WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret,
word32 secLen, const byte* label, word32 labLen,
const byte* seed, word32 seedLen, void* heap, int devId);
WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret,
word32 secLen, const byte* label, word32 labLen,
const byte* seed, word32 seedLen, int useAtLeastSha256,
int hash_type, void* heap, int devId);
#endif /* WOLFSSL_HAVE_PRF */
#ifdef HAVE_HKDF
enum {
/*
MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
OPAQUE8_LEN + WC_MAX_DIGEST_SIZE
*/
MAX_TLS13_HKDF_LABEL_SZ = 47 + WC_MAX_DIGEST_SIZE
};
WOLFSSL_API int wc_Tls13_HKDF_Extract_ex(byte* prk, const byte* salt,
word32 saltLen, byte* ikm, word32 ikmLen, int digest,
void* heap, int devId);
WOLFSSL_API int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt,
word32 saltLen, byte* ikm, word32 ikmLen, int digest);
WOLFSSL_API int wc_Tls13_HKDF_Expand_Label_ex(byte* okm, word32 okmLen,
const byte* prk, word32 prkLen,
const byte* protocol, word32 protocolLen,
const byte* label, word32 labelLen,
const byte* info, word32 infoLen,
int digest, void* heap, int devId);
WOLFSSL_API int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen,
const byte* prk, word32 prkLen,
const byte* protocol, word32 protocolLen,
const byte* label, word32 labelLen,
const byte* info, word32 infoLen,
int digest);
#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && \
(!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
WOLFSSL_API int wc_Tls13_HKDF_Expand_Label_Alloc(byte* okm, word32 okmLen,
const byte* prk, word32 prkLen, const byte* protocol, word32 protocolLen,
const byte* label, word32 labelLen, const byte* info, word32 infoLen,
int digest, void* heap);
#endif /* !defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3) */
#endif /* HAVE_HKDF */
#ifdef WOLFSSL_WOLFSSH
WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId,
byte* key, word32 keySz,
const byte* k, word32 kSz,
const byte* h, word32 hSz,
const byte* sessionId, word32 sessionIdSz);
#endif /* WOLFSSL_WOLFSSH */
#ifdef WC_SRTP_KDF
/* Label values for purpose. */
#define WC_SRTP_LABEL_ENCRYPTION 0x00
#define WC_SRTP_LABEL_MSG_AUTH 0x01
#define WC_SRTP_LABEL_SALT 0x02
#define WC_SRTCP_LABEL_ENCRYPTION 0x03
#define WC_SRTCP_LABEL_MSG_AUTH 0x04
#define WC_SRTCP_LABEL_SALT 0x05
#define WC_SRTP_LABEL_HDR_ENCRYPTION 0x06
#define WC_SRTP_LABEL_HDR_SALT 0x07
/* Length of index for SRTP KDF. */
#define WC_SRTP_INDEX_LEN 6
/* Length of index for SRTCP KDF. */
#define WC_SRTCP_INDEX_LEN 4
/* Indicators */
enum {
WC_SRTCP_32BIT_IDX = 0,
WC_SRTCP_48BIT_IDX = 1
};
/* Maximum length of salt that can be used with SRTP/SRTCP. */
#define WC_SRTP_MAX_SALT 14
WOLFSSL_API int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt,
word32 saltSz, int kdrIdx, const byte* idx, byte* key1, word32 key1Sz,
byte* key2, word32 key2Sz, byte* key3, word32 key3Sz);
WOLFSSL_API int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt,
word32 saltSz, int kdrIdx, const byte* idx, byte* key1, word32 key1Sz,
byte* key2, word32 key2Sz, byte* key3, word32 key3Sz);
WOLFSSL_API int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt,
word32 saltSz, int kdrIdx, const byte* idx, byte* key1, word32 key1Sz,
byte* key2, word32 key2Sz, byte* key3, word32 key3Sz, int idxLenIndicator);
WOLFSSL_API int wc_SRTP_KDF_label(const byte* key, word32 keySz,
const byte* salt, word32 saltSz, int kdrIdx, const byte* idx, byte label,
byte* outKey, word32 outKeySz);
WOLFSSL_API int wc_SRTCP_KDF_label(const byte* key, word32 keySz,
const byte* salt, word32 saltSz, int kdrIdx, const byte* idx, byte label,
byte* outKey, word32 outKeySz);
WOLFSSL_API int wc_SRTP_KDF_kdr_to_idx(word32 kdr);
#endif /* WC_SRTP_KDF */
#ifdef WC_KDF_NIST_SP_800_56C
WOLFSSL_API int wc_KDA_KDF_onestep(const byte* z, word32 zSz,
const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz,
enum wc_HashType hashType, byte* output, word32 outputSz);
#endif
#ifdef HAVE_CMAC_KDF
WOLFSSL_API int wc_KDA_KDF_twostep_cmac(const byte * salt, word32 salt_len,
const byte* z, word32 zSz,
const byte* fixedInfo,
word32 fixedInfoSz,
byte* output, word32 outputSz,
void* heap, int devId);
WOLFSSL_API int wc_KDA_KDF_PRF_cmac(const byte* Kin, word32 KinSz,
const byte* fixedInfo, word32 fixedInfoSz,
byte* Kout, word32 KoutSz, CmacType type,
void* heap, int devId);
#endif /* HAVE_CMAC_KDF */
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLF_CRYPT_KDF_H */
#endif /* NO_KDF */