21#include <openssl/evp.h>
22#include <openssl/opensslv.h>
24#if defined(HAVE_ERR_LOAD_KDF_STRINGS)
25#include <openssl/kdf.h>
26#define HAVE_OPENSSL_HKDF 1
44 uint8_t *key_out,
size_t key_out_len)
47 uint8_t *cp, *tmp = tor_malloc(key_in_len+1);
53 memcpy(tmp, key_in, key_in_len);
54 for (cp = key_out, i=0; cp < key_out+key_out_len;
57 if (
crypto_digest((
char*)digest, (
const char *)tmp, key_in_len+1) < 0)
59 memcpy(cp, digest, MIN(
DIGEST_LEN, key_out_len-(cp-key_out)));
66 memwipe(digest, 0,
sizeof(digest));
70#ifdef HAVE_OPENSSL_HKDF
78crypto_expand_key_material_rfc5869_sha256_openssl(
79 const uint8_t *key_in,
size_t key_in_len,
80 const uint8_t *salt_in,
size_t salt_in_len,
81 const uint8_t *info_in,
size_t info_in_len,
82 uint8_t *key_out,
size_t key_out_len)
85 EVP_PKEY_CTX *evp_pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
90 r = EVP_PKEY_derive_init(evp_pkey_ctx);
93 r = EVP_PKEY_CTX_set_hkdf_md(evp_pkey_ctx, EVP_sha256());
96 r = EVP_PKEY_CTX_set1_hkdf_salt(evp_pkey_ctx, salt_in, (
int)salt_in_len);
99 r = EVP_PKEY_CTX_set1_hkdf_key(evp_pkey_ctx, key_in, (
int)key_in_len);
102 r = EVP_PKEY_CTX_add1_hkdf_info(evp_pkey_ctx, info_in, (
int)info_in_len);
105 r = EVP_PKEY_derive(evp_pkey_ctx, key_out, &key_out_len);
108 EVP_PKEY_CTX_free(evp_pkey_ctx);
120 const uint8_t *key_in,
size_t key_in_len,
121 const uint8_t *salt_in,
size_t salt_in_len,
122 const uint8_t *info_in,
size_t info_in_len,
123 uint8_t *key_out,
size_t key_out_len)
133 (
const char*)salt_in, salt_in_len,
134 (
const char*)key_in, key_in_len);
139 memset(tmp, 0,
sizeof(tmp));
143 while (key_out_len) {
151 memcpy(tmp, info_in, info_in_len);
152 tmp[info_in_len] = i;
153 tmp_len = info_in_len + 1;
157 (
const char*)tmp, tmp_len);
159 memcpy(outp, mac, n);
180 const uint8_t *key_in,
size_t key_in_len,
181 const uint8_t *salt_in,
size_t salt_in_len,
182 const uint8_t *info_in,
size_t info_in_len,
183 uint8_t *key_out,
size_t key_out_len)
188#ifdef HAVE_OPENSSL_HKDF
189 return crypto_expand_key_material_rfc5869_sha256_openssl(key_in,
191 salt_in_len, info_in,
193 key_out, key_out_len);
197 salt_in_len, info_in,
199 key_out, key_out_len);
Macro definitions for MIN, MAX, and CLAMP.
Headers for crypto_digest.c.
void crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len)
int crypto_digest(char *digest, const char *m, size_t len)
int crypto_expand_key_material_TAP(const uint8_t *key_in, size_t key_in_len, uint8_t *key_out, size_t key_out_len)
static int crypto_expand_key_material_rfc5869_sha256_legacy(const uint8_t *key_in, size_t key_in_len, const uint8_t *salt_in, size_t salt_in_len, const uint8_t *info_in, size_t info_in_len, uint8_t *key_out, size_t key_out_len)
int crypto_expand_key_material_rfc5869_sha256(const uint8_t *key_in, size_t key_in_len, const uint8_t *salt_in, size_t salt_in_len, const uint8_t *info_in, size_t info_in_len, uint8_t *key_out, size_t key_out_len)
Headers for crypto_hkdf.h.
Headers for crypto_openssl_mgt.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
Macros to manage assertions, fatal and non-fatal.