1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/*
* Copyright (C) 2017 Red Hat, Inc.
*
* Author: Nikos Mavrogiannopoulos
*
* This file is part of GNUTLS.
*
* The GNUTLS library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>
*
*/
#include "gnutls_int.h"
#include "int/tls1-prf.h"
#include <nettle/hmac.h>
#if ENABLE_GOST
#include "gost/hmac-gost.h"
#endif
/*-
* _gnutls_prf_raw:
* @mac: the MAC algorithm to use, set to %GNUTLS_MAC_MD5_SHA1 for the TLS1.0 mac
* @master_size: length of the @master variable.
* @master: the master secret used in PRF computation
* @label_size: length of the @label variable.
* @label: label used in PRF computation, typically a short string.
* @seed_size: length of the @seed variable.
* @seed: optional extra data to seed the PRF with.
* @outsize: size of pre-allocated output buffer to hold the output.
* @out: pre-allocated buffer to hold the generated data.
*
* Apply the TLS Pseudo-Random-Function (PRF) on the master secret
* and the provided data.
*
* Returns: %GNUTLS_E_SUCCESS on success, or an error code.
-*/
int _gnutls_prf_raw(gnutls_mac_algorithm_t mac, size_t master_size,
const void *master, size_t label_size, const char *label,
size_t seed_size, const uint8_t *seed, size_t outsize,
char *out)
{
int ret;
switch (mac) {
case GNUTLS_MAC_MD5_SHA1:
tls10_prf(master_size, (uint8_t *)master, label_size, label,
seed_size, seed, outsize, (uint8_t *)out);
return 0;
case GNUTLS_MAC_SHA256: {
struct hmac_sha256_ctx ctx;
hmac_sha256_set_key(&ctx, master_size, (uint8_t *)master);
ret = tls12_prf(&ctx,
(nettle_hash_update_func *)hmac_sha256_update,
(nettle_hash_digest_func *)hmac_sha256_digest,
SHA256_DIGEST_SIZE, label_size, label,
seed_size, seed, outsize, (uint8_t *)out);
if (unlikely(ret != 1))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
break;
}
case GNUTLS_MAC_SHA384: {
struct hmac_sha384_ctx ctx;
hmac_sha384_set_key(&ctx, master_size, master);
ret = tls12_prf(&ctx,
(nettle_hash_update_func *)hmac_sha384_update,
(nettle_hash_digest_func *)hmac_sha384_digest,
SHA384_DIGEST_SIZE, label_size, label,
seed_size, seed, outsize, (uint8_t *)out);
if (unlikely(ret != 1))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
break;
}
#if ENABLE_GOST
case GNUTLS_MAC_STREEBOG_256: {
struct hmac_streebog256_ctx ctx;
hmac_streebog256_set_key(&ctx, master_size, master);
ret = tls12_prf(
&ctx,
(nettle_hash_update_func *)hmac_streebog256_update,
(nettle_hash_digest_func *)hmac_streebog256_digest,
STREEBOG256_DIGEST_SIZE, label_size, label, seed_size,
seed, outsize, (uint8_t *)out);
if (unlikely(ret != 1))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
break;
}
case GNUTLS_MAC_STREEBOG_512: {
struct hmac_streebog512_ctx ctx;
hmac_streebog512_set_key(&ctx, master_size, master);
ret = tls12_prf(
&ctx,
(nettle_hash_update_func *)hmac_streebog512_update,
(nettle_hash_digest_func *)hmac_streebog512_digest,
STREEBOG512_DIGEST_SIZE, label_size, label, seed_size,
seed, outsize, (uint8_t *)out);
if (unlikely(ret != 1))
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
break;
}
#endif
default:
gnutls_assert();
_gnutls_debug_log("unhandled PRF %s\n",
gnutls_mac_get_name(mac));
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
}
|
