GNUnet 0.22.0
crypto_hkdf.c File Reference
#include "sodium/utils.h"
#include <stdio.h>
#include "platform.h"
#include "gnunet_common.h"
#include "gnunet_util_lib.h"
#include "sodium/crypto_auth_hmacsha256.h"
Include dependency graph for crypto_hkdf.c:

Go to the source code of this file.

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "util-crypto-hkdf", __VA_ARGS__)
 

Functions

static enum GNUNET_GenericReturnValue hkdf_expand (void *result, size_t out_len, const unsigned char *prk, size_t prk_len, va_list argp)
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_expand_v (void *result, size_t out_len, const struct GNUNET_ShortHashCode *prk, va_list argp)
 HKDF-Expand using SHA256. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_expand (void *result, size_t out_len, const struct GNUNET_ShortHashCode *prk,...)
 HKDF-Expand using SHA256. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_gnunet_v (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
 Derive key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_gnunet (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
 A peculiar HKDF instantiation that tried to mimic Truncated NMAC. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_extract (struct GNUNET_ShortHashCode *prk, const void *xts, size_t xts_len, const void *skm, size_t skm_len)
 HKDF-Extract using SHA256. More...
 

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "util-crypto-hkdf", __VA_ARGS__)

Definition at line 41 of file crypto_hkdf.c.

Function Documentation

◆ hkdf_expand()

static enum GNUNET_GenericReturnValue hkdf_expand ( void *  result,
size_t  out_len,
const unsigned char *  prk,
size_t  prk_len,
va_list  argp 
)
static

Definition at line 49 of file crypto_hkdf.c.

54{
55 unsigned char *outbuf = (unsigned char*) result;
56 size_t i;
57 size_t ctx_len;
58 va_list args;
59
60 if (out_len > (0xff * crypto_auth_hmacsha256_BYTES))
61 return GNUNET_SYSERR;
62
63 va_copy (args, argp);
64
65 ctx_len = 0;
66 while (NULL != va_arg (args, void *))
67 {
68 size_t nxt = va_arg (args, size_t);
69 if (nxt + ctx_len < nxt)
70 {
71 /* integer overflow */
72 GNUNET_break (0);
73 va_end (args);
74 return GNUNET_SYSERR;
75 }
76 ctx_len += nxt;
77 }
78
79 va_end (args);
80
81 if ( (crypto_auth_hmacsha256_BYTES + ctx_len < ctx_len) ||
82 (crypto_auth_hmacsha256_BYTES + ctx_len + 1 < ctx_len) )
83 {
84 /* integer overflow */
85 GNUNET_break (0);
86 return GNUNET_SYSERR;
87 }
88
89 memset (result, 0, out_len);
90
91 {
92 size_t left = out_len;
93 const void *ctx_arg;
94 unsigned char tmp[crypto_auth_hmacsha256_BYTES];
95 unsigned char ctx[ctx_len];
96 unsigned char *dst = ctx;
97 crypto_auth_hmacsha256_state st;
98 unsigned char counter = 1U;
99
100 sodium_memzero (ctx, sizeof ctx);
101 va_copy (args, argp);
102 while ((ctx_arg = va_arg (args, void *)))
103 {
104 size_t len;
105
106 len = va_arg (args, size_t);
107 GNUNET_memcpy (dst, ctx_arg, len);
108 dst += len;
109 }
110 va_end (args);
111
112 for (i = 0; left > 0; i += crypto_auth_hmacsha256_BYTES)
113 {
114 crypto_auth_hmacsha256_init(&st, prk, prk_len);
115 if (0 != i)
116 {
117 crypto_auth_hmacsha256_update(&st,
118 &outbuf[i - crypto_auth_hmacsha256_BYTES],
119 crypto_auth_hmacsha256_BYTES);
120 }
121 crypto_auth_hmacsha256_update(&st, ctx, ctx_len);
122 crypto_auth_hmacsha256_update(&st, &counter, 1);
123 if (left >= crypto_auth_hmacsha256_BYTES)
124 {
125 crypto_auth_hmacsha256_final(&st, &outbuf[i]);
126 left -= crypto_auth_hmacsha256_BYTES;
127 }
128 else
129 {
130 crypto_auth_hmacsha256_final(&st, tmp);
131 memcpy (&outbuf[i], tmp, left);
132 sodium_memzero(tmp, sizeof tmp);
133 left = 0;
134 }
135 counter++;
136 }
137 sodium_memzero(&st, sizeof st);
138 }
139 return GNUNET_YES;
140}
static struct GNUNET_SCHEDULER_Task * st
The shutdown task.
static struct GNUNET_FS_Handle * ctx
static int result
Global testing status.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
@ GNUNET_YES
@ GNUNET_SYSERR
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.

References consensus-simulation::args, ctx, GNUNET_break, GNUNET_memcpy, GNUNET_SYSERR, GNUNET_YES, result, and st.

Referenced by GNUNET_CRYPTO_hkdf_expand_v(), and GNUNET_CRYPTO_hkdf_gnunet_v().

Here is the caller graph for this function: