summaryrefslogtreecommitdiff
path: root/libs/libsignal/src/hkdf.c
diff options
context:
space:
mode:
Diffstat (limited to 'libs/libsignal/src/hkdf.c')
-rw-r--r--libs/libsignal/src/hkdf.c256
1 files changed, 256 insertions, 0 deletions
diff --git a/libs/libsignal/src/hkdf.c b/libs/libsignal/src/hkdf.c
new file mode 100644
index 0000000000..d8df253c8b
--- /dev/null
+++ b/libs/libsignal/src/hkdf.c
@@ -0,0 +1,256 @@
+#include "hkdf.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include <assert.h>
+
+#include "signal_protocol_internal.h"
+
+#define HASH_OUTPUT_SIZE 32
+
+#define MIN(a,b) (((a)<(b))?(a):(b))
+#define MAX(a,b) (((a)>(b))?(a):(b))
+
+struct hkdf_context
+{
+ signal_type_base base;
+ signal_context *global_context;
+ int iteration_start_offset;
+};
+
+int hkdf_create(hkdf_context **context, int message_version, signal_context *global_context)
+{
+ assert(global_context);
+ *context = malloc(sizeof(hkdf_context));
+ if(!(*context)) {
+ return SG_ERR_NOMEM;
+ }
+
+ memset(*context, 0, sizeof(hkdf_context));
+
+ SIGNAL_INIT(*context, hkdf_destroy);
+ (*context)->global_context = global_context;
+
+ if(message_version == 2) {
+ (*context)->iteration_start_offset = 0;
+ }
+ else if(message_version == 3) {
+ (*context)->iteration_start_offset = 1;
+ }
+ else {
+ free(*context);
+ return SG_ERR_INVAL;
+ }
+
+ return 0;
+}
+
+ssize_t hkdf_extract(hkdf_context *context,
+ uint8_t **output,
+ const uint8_t *salt, size_t salt_len,
+ const uint8_t *input_key_material, size_t input_key_material_len)
+{
+ int result = 0;
+ signal_buffer *mac_buffer = 0;
+ uint8_t *mac = 0;
+ size_t mac_len = 0;
+ void *hmac_context;
+
+ assert(context);
+
+ result = signal_hmac_sha256_init(context->global_context,
+ &hmac_context, salt, salt_len);
+ if(result < 0) {
+ goto complete;
+ }
+
+ result = signal_hmac_sha256_update(context->global_context,
+ hmac_context, input_key_material, input_key_material_len);
+ if(result < 0) {
+ goto complete;
+ }
+
+ result = signal_hmac_sha256_final(context->global_context,
+ hmac_context, &mac_buffer);
+ if(result < 0) {
+ goto complete;
+ }
+
+ mac_len = signal_buffer_len(mac_buffer);
+ mac = malloc(mac_len);
+ if(!mac) {
+ result = SG_ERR_NOMEM;
+ goto complete;
+ }
+
+ memcpy(mac, signal_buffer_data(mac_buffer), mac_len);
+
+complete:
+ signal_hmac_sha256_cleanup(context->global_context, hmac_context);
+ signal_buffer_free(mac_buffer);
+
+ if(result >= 0) {
+ *output = mac;
+ return (ssize_t)mac_len;
+ }
+ else {
+ return result;
+ }
+}
+
+ssize_t hkdf_expand(hkdf_context *context,
+ uint8_t **output,
+ const uint8_t *prk, size_t prk_len,
+ const uint8_t *info, size_t info_len,
+ size_t output_len)
+{
+ int iterations = (int)ceil((double)output_len / (double)HASH_OUTPUT_SIZE);
+ size_t remaining_len = output_len;
+ signal_buffer *step_buffer = 0;
+ size_t step_size = 0;
+ uint8_t *result_buf = 0;
+ size_t result_buf_len = 0;
+ void *hmac_context = 0;
+ int result = 0;
+ uint8_t i;
+
+ assert(context);
+
+ for(i = context->iteration_start_offset; i < iterations + context->iteration_start_offset; i++) {
+ result = signal_hmac_sha256_init(context->global_context,
+ &hmac_context, prk, prk_len);
+ if(result < 0) {
+ goto complete;
+ }
+
+ if(step_buffer) {
+ result = signal_hmac_sha256_update(context->global_context,
+ hmac_context,
+ signal_buffer_data(step_buffer),
+ signal_buffer_len(step_buffer));
+ if(result < 0) {
+ goto complete;
+ }
+ signal_buffer_free(step_buffer);
+ step_buffer = 0;
+ }
+
+ if(info) {
+ result = signal_hmac_sha256_update(context->global_context,
+ hmac_context, info, info_len);
+ if(result < 0) {
+ goto complete;
+ }
+ }
+
+ result = signal_hmac_sha256_update(context->global_context,
+ hmac_context, &i, sizeof(uint8_t));
+ if(result < 0) {
+ goto complete;
+ }
+
+ result = signal_hmac_sha256_final(context->global_context,
+ hmac_context, &step_buffer);
+ if(result < 0) {
+ goto complete;
+ }
+
+ signal_hmac_sha256_cleanup(context->global_context, hmac_context);
+ hmac_context = 0;
+
+ step_size = MIN(remaining_len, signal_buffer_len(step_buffer));
+
+ if(!result_buf) {
+ result_buf = malloc(step_size);
+ if(!result_buf) {
+ result = SG_ERR_NOMEM;
+ goto complete;
+ }
+ memcpy(result_buf, signal_buffer_data(step_buffer), step_size);
+ result_buf_len = step_size;
+ }
+ else {
+ uint8_t *tmp_buf = realloc(result_buf, result_buf_len + step_size);
+ if(!tmp_buf) {
+ result = SG_ERR_NOMEM;
+ goto complete;
+ }
+ result_buf = tmp_buf;
+ memcpy(result_buf + result_buf_len, signal_buffer_data(step_buffer), step_size);
+ result_buf_len += step_size;
+ }
+ remaining_len -= step_size;
+ }
+
+complete:
+ if(hmac_context) {
+ signal_hmac_sha256_cleanup(context->global_context, hmac_context);
+ }
+ signal_buffer_free(step_buffer);
+ if(result < 0) {
+ free(result_buf);
+ return result;
+ }
+ else {
+ *output = result_buf;
+ return (ssize_t)result_buf_len;
+ }
+}
+
+ssize_t hkdf_derive_secrets(hkdf_context *context,
+ uint8_t **output,
+ const uint8_t *input_key_material, size_t input_key_material_len,
+ const uint8_t *salt, size_t salt_len,
+ const uint8_t *info, size_t info_len,
+ size_t output_len)
+{
+ ssize_t result = 0;
+ uint8_t *prk = 0;
+ ssize_t prk_len = 0;
+
+ assert(context);
+
+ prk_len = hkdf_extract(context, &prk, salt, salt_len, input_key_material, input_key_material_len);
+ if(prk_len < 0) {
+ signal_log(context->global_context, SG_LOG_ERROR, "hkdf_extract error: %d", prk_len);
+ return prk_len;
+ }
+
+ result = hkdf_expand(context, output, prk, (size_t)prk_len, info, info_len, output_len);
+
+ if(prk) {
+ free(prk);
+ }
+
+ return result;
+}
+
+int hkdf_compare(const hkdf_context *context1, const hkdf_context *context2)
+{
+ if(context1 == context2) {
+ return 0;
+ }
+ else if(context1 == 0 && context2 != 0) {
+ return -1;
+ }
+ else if(context1 != 0 && context2 == 0) {
+ return 1;
+ }
+ else if(context1->iteration_start_offset < context2->iteration_start_offset) {
+ return -1;
+ }
+ else if(context1->iteration_start_offset > context2->iteration_start_offset) {
+ return 1;
+ }
+ else {
+ return 0;
+ }
+}
+
+void hkdf_destroy(signal_type_base *type)
+{
+ hkdf_context *context = (hkdf_context *)type;
+ free(context);
+}