weave/src/lib/support/crypto/HKDF.cpp - nest-cam/4320010/weave - Git at Google

 /*
  *
  *    Copyright (c) 2013-2017 Nest Labs, Inc.
  *    All rights reserved.
  *
  *    Licensed under the Apache License, Version 2.0 (the "License");
  *    you may not use this file except in compliance with the License.
  *    You may obtain a copy of the License at
  *
  *        http://www.apache.org/licenses/LICENSE-2.0
  *
  *    Unless required by applicable law or agreed to in writing, software
  *    distributed under the License is distributed on an "AS IS" BASIS,
  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *    See the License for the specific language governing permissions and
  *    limitations under the License.
  */

 /**
  *    @file
  *      Implementation of HMAC-based Extract-and-Expand Key Derivation Function (RFC-5869)
  *
  */

 #include <string.h>

 #include "WeaveCrypto.h"
 #include "HKDF.h"
 #include <Weave/Support/CodeUtils.h>

 #if HAVE_NEW
 #include <new>
 #else
 inline void * operator new     (size_t, void * p) throw() { return p; }
 inline void * operator new[]   (size_t, void * p) throw() { return p; }
 #endif

 namespace nl {
 namespace Weave {
 namespace Crypto {

 template <class H>
 HKDF<H>::HKDF()
 {
     memset(PseudoRandomKey, 0, kPseudoRandomKeyLength);
 }

 template <class H>
 HKDF<H>::~HKDF()
 {
     Reset();
 }

 template <class H>
 void HKDF<H>::BeginExtractKey(const uint8_t *salt, uint16_t saltLen)
 {
     mHMAC.Begin(salt, saltLen);
 }

 template <class H>
 void HKDF<H>::AddKeyMaterial(const uint8_t *keyData, uint16_t keyDataLen)
 {
     mHMAC.AddData(keyData, keyDataLen);
 }

 #if WEAVE_WITH_OPENSSL
 template <class H>
 void HKDF<H>::AddKeyMaterial(const BIGNUM& num)
 {
     mHMAC.AddData(num);
 }
 #endif

 template <class H>
 WEAVE_ERROR HKDF<H>::FinishExtractKey()
 {
     mHMAC.Finish(PseudoRandomKey);
     return WEAVE_NO_ERROR;
 }

 template <class H>
 WEAVE_ERROR HKDF<H>::ExpandKey(const uint8_t *info, uint16_t infoLen, uint16_t keyLen, uint8_t *outKey)
 {
     uint8_t hashNum = 1;

     if (keyLen < 1 || keyLen > 255 * H::kHashLength)
         return WEAVE_ERROR_INVALID_ARGUMENT;

     while (true)
     {
         mHMAC.Reset();

         mHMAC.Begin(PseudoRandomKey, kPseudoRandomKeyLength);

         if (hashNum > 1)
             mHMAC.AddData(outKey - H::kHashLength, H::kHashLength);

         if (info != NULL && infoLen > 0)
             mHMAC.AddData(info, infoLen);

         mHMAC.AddData(&hashNum, 1);

         if (keyLen < H::kHashLength)
         {
             uint8_t finalHash[H::kHashLength];
             mHMAC.Finish(finalHash);
             memcpy(outKey, finalHash, keyLen);
             memset(finalHash, 0, sizeof(H::kHashLength));
             break;
         }

         mHMAC.Finish(outKey);
         outKey += H::kHashLength;
         keyLen -= H::kHashLength;
         hashNum++;
     }

     return WEAVE_NO_ERROR;
 }

 template <class H>
 WEAVE_ERROR HKDF<H>::DeriveKey(const uint8_t *salt, uint16_t saltLen,
                                const uint8_t *keyMaterial1, uint16_t keyMaterial1Len,
                                const uint8_t *keyMaterial2, uint16_t keyMaterial2Len,
                                const uint8_t *info, uint16_t infoLen,
                                uint8_t *outKey, uint16_t outKeyBufSize, uint16_t outKeyLen)
 {
     WEAVE_ERROR err;
     HKDF<H> hkdf;

     VerifyOrExit(outKeyLen <= outKeyBufSize, err = WEAVE_ERROR_BUFFER_TOO_SMALL);

     hkdf.BeginExtractKey(salt, saltLen);
     hkdf.AddKeyMaterial(keyMaterial1, keyMaterial1Len);
     hkdf.AddKeyMaterial(keyMaterial2, keyMaterial2Len);

     err = hkdf.FinishExtractKey();
     SuccessOrExit(err);

     err = hkdf.ExpandKey(info, infoLen, outKeyLen, outKey);
     SuccessOrExit(err);

 exit:
     hkdf.Reset();

     return err;
 }

 template <class H>
 void HKDF<H>::Reset()
 {
     mHMAC.Reset();
     ClearSecretData(PseudoRandomKey, kPseudoRandomKeyLength);
 }

 template class HKDF<Platform::Security::SHA1>;

 template class HKDF<Platform::Security::SHA256>;


 HKDFSHA1Or256::HKDFSHA1Or256(bool useSHA1)
 {
     mUseSHA1 = useSHA1;
     if (useSHA1)
         new(ObjBuf()) HKDFSHA1;
     else
         new(ObjBuf()) HKDFSHA256;
 }

 void HKDFSHA1Or256::BeginExtractKey(const uint8_t* salt, uint16_t saltLen)
 {
     if (mUseSHA1)
         HKDFSHA1Obj()->BeginExtractKey(salt, saltLen);
     else
         HKDFSHA256Obj()->BeginExtractKey(salt, saltLen);
 }

 void HKDFSHA1Or256::AddKeyMaterial(const uint8_t* keyData, uint16_t keyDataLen)
 {
     if (mUseSHA1)
         HKDFSHA1Obj()->AddKeyMaterial(keyData, keyDataLen);
     else
         HKDFSHA256Obj()->AddKeyMaterial(keyData, keyDataLen);
 }

 WEAVE_ERROR HKDFSHA1Or256::FinishExtractKey(void)
 {
     if (mUseSHA1)
         return HKDFSHA1Obj()->FinishExtractKey();
     else
         return HKDFSHA256Obj()->FinishExtractKey();
 }

 WEAVE_ERROR HKDFSHA1Or256::ExpandKey(const uint8_t* info, uint16_t infoLen, uint16_t keyLen, uint8_t* outKey)
 {
     if (mUseSHA1)
         return HKDFSHA1Obj()->ExpandKey(info, infoLen, keyLen, outKey);
     else
         return HKDFSHA256Obj()->ExpandKey(info, infoLen, keyLen, outKey);
 }

 void HKDFSHA1Or256::Reset(void)
 {
     if (mUseSHA1)
         HKDFSHA1Obj()->Reset();
     else
         HKDFSHA256Obj()->Reset();
 }


 } /* namespace Crypto */
 } /* namespace Weave */
 } /* namespace nl */
	/*
	*
	* Copyright (c) 2013-2017 Nest Labs, Inc.
	* All rights reserved.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	/**
	* @file
	* Implementation of HMAC-based Extract-and-Expand Key Derivation Function (RFC-5869)
	*
	*/

	#include <string.h>

	#include "WeaveCrypto.h"
	#include "HKDF.h"
	#include <Weave/Support/CodeUtils.h>

	#if HAVE_NEW
	#include <new>
	#else
	inline void * operator new (size_t, void * p) throw() { return p; }
	inline void * operator new[] (size_t, void * p) throw() { return p; }
	#endif

	namespace nl {
	namespace Weave {
	namespace Crypto {

	template <class H>
	HKDF<H>::HKDF()
	{
	memset(PseudoRandomKey, 0, kPseudoRandomKeyLength);
	}

	template <class H>
	HKDF<H>::~HKDF()
	{
	Reset();
	}

	template <class H>
	void HKDF<H>::BeginExtractKey(const uint8_t *salt, uint16_t saltLen)
	{
	mHMAC.Begin(salt, saltLen);
	}

	template <class H>
	void HKDF<H>::AddKeyMaterial(const uint8_t *keyData, uint16_t keyDataLen)
	{
	mHMAC.AddData(keyData, keyDataLen);
	}

	#if WEAVE_WITH_OPENSSL
	template <class H>
	void HKDF<H>::AddKeyMaterial(const BIGNUM& num)
	{
	mHMAC.AddData(num);
	}
	#endif

	template <class H>
	WEAVE_ERROR HKDF<H>::FinishExtractKey()
	{
	mHMAC.Finish(PseudoRandomKey);
	return WEAVE_NO_ERROR;
	}

	template <class H>
	WEAVE_ERROR HKDF<H>::ExpandKey(const uint8_t info, uint16_t infoLen, uint16_t keyLen, uint8_t outKey)
	{
	uint8_t hashNum = 1;

	if (keyLen < 1 \|\| keyLen > 255 * H::kHashLength)
	return WEAVE_ERROR_INVALID_ARGUMENT;

	while (true)
	{
	mHMAC.Reset();

	mHMAC.Begin(PseudoRandomKey, kPseudoRandomKeyLength);

	if (hashNum > 1)
	mHMAC.AddData(outKey - H::kHashLength, H::kHashLength);

	if (info != NULL && infoLen > 0)
	mHMAC.AddData(info, infoLen);

	mHMAC.AddData(&hashNum, 1);

	if (keyLen < H::kHashLength)
	{
	uint8_t finalHash[H::kHashLength];
	mHMAC.Finish(finalHash);
	memcpy(outKey, finalHash, keyLen);
	memset(finalHash, 0, sizeof(H::kHashLength));
	break;
	}

	mHMAC.Finish(outKey);
	outKey += H::kHashLength;
	keyLen -= H::kHashLength;
	hashNum++;
	}

	return WEAVE_NO_ERROR;
	}

	template <class H>
	WEAVE_ERROR HKDF<H>::DeriveKey(const uint8_t *salt, uint16_t saltLen,
	const uint8_t *keyMaterial1, uint16_t keyMaterial1Len,
	const uint8_t *keyMaterial2, uint16_t keyMaterial2Len,
	const uint8_t *info, uint16_t infoLen,
	uint8_t *outKey, uint16_t outKeyBufSize, uint16_t outKeyLen)
	{
	WEAVE_ERROR err;
	HKDF<H> hkdf;

	VerifyOrExit(outKeyLen <= outKeyBufSize, err = WEAVE_ERROR_BUFFER_TOO_SMALL);

	hkdf.BeginExtractKey(salt, saltLen);
	hkdf.AddKeyMaterial(keyMaterial1, keyMaterial1Len);
	hkdf.AddKeyMaterial(keyMaterial2, keyMaterial2Len);

	err = hkdf.FinishExtractKey();
	SuccessOrExit(err);

	err = hkdf.ExpandKey(info, infoLen, outKeyLen, outKey);
	SuccessOrExit(err);

	exit:
	hkdf.Reset();

	return err;
	}

	template <class H>
	void HKDF<H>::Reset()
	{
	mHMAC.Reset();
	ClearSecretData(PseudoRandomKey, kPseudoRandomKeyLength);
	}

	template class HKDF<Platform::Security::SHA1>;

	template class HKDF<Platform::Security::SHA256>;


	HKDFSHA1Or256::HKDFSHA1Or256(bool useSHA1)
	{
	mUseSHA1 = useSHA1;
	if (useSHA1)
	new(ObjBuf()) HKDFSHA1;
	else
	new(ObjBuf()) HKDFSHA256;
	}

	void HKDFSHA1Or256::BeginExtractKey(const uint8_t* salt, uint16_t saltLen)
	{
	if (mUseSHA1)
	HKDFSHA1Obj()->BeginExtractKey(salt, saltLen);
	else
	HKDFSHA256Obj()->BeginExtractKey(salt, saltLen);
	}

	void HKDFSHA1Or256::AddKeyMaterial(const uint8_t* keyData, uint16_t keyDataLen)
	{
	if (mUseSHA1)
	HKDFSHA1Obj()->AddKeyMaterial(keyData, keyDataLen);
	else
	HKDFSHA256Obj()->AddKeyMaterial(keyData, keyDataLen);
	}

	WEAVE_ERROR HKDFSHA1Or256::FinishExtractKey(void)
	{
	if (mUseSHA1)
	return HKDFSHA1Obj()->FinishExtractKey();
	else
	return HKDFSHA256Obj()->FinishExtractKey();
	}

	WEAVE_ERROR HKDFSHA1Or256::ExpandKey(const uint8_t* info, uint16_t infoLen, uint16_t keyLen, uint8_t* outKey)
	{
	if (mUseSHA1)
	return HKDFSHA1Obj()->ExpandKey(info, infoLen, keyLen, outKey);
	else
	return HKDFSHA256Obj()->ExpandKey(info, infoLen, keyLen, outKey);
	}

	void HKDFSHA1Or256::Reset(void)
	{
	if (mUseSHA1)
	HKDFSHA1Obj()->Reset();
	else
	HKDFSHA256Obj()->Reset();
	}


	} /* namespace Crypto */
	} /* namespace Weave */
	} /* namespace nl */