diff options
Diffstat (limited to 'thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/nrf_crypto_hkdf.c')
-rw-r--r-- | thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/nrf_crypto_hkdf.c | 225 |
1 files changed, 225 insertions, 0 deletions
diff --git a/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/nrf_crypto_hkdf.c b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/nrf_crypto_hkdf.c new file mode 100644 index 0000000..00c6c7b --- /dev/null +++ b/thirdparty/nRF5_SDK_15.0.0_a53641a/components/libraries/crypto/nrf_crypto_hkdf.c @@ -0,0 +1,225 @@ +/** + * Copyright (c) 2018 - 2018, Nordic Semiconductor ASA + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without modification, + * are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form, except as embedded into a Nordic + * Semiconductor ASA integrated circuit in a product or a software update for + * such product, must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. + * + * 3. Neither the name of Nordic Semiconductor ASA nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * 4. This software, with or without modification, must only be used with a + * Nordic Semiconductor ASA integrated circuit. + * + * 5. Any software provided in binary form under this license must not be reverse + * engineered, decompiled, modified and/or disassembled. + * + * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sdk_common.h" +#if NRF_MODULE_ENABLED(NRF_CRYPTO) + +#include "stddef.h" +#include "nrf_assert.h" +#include "nrf_crypto_hmac.h" +#include "nrf_crypto_hkdf.h" +#include "nrf_crypto_error.h" +#include "nrf_crypto_mem.h" +#include "nrf_crypto_shared.h" +#include "nrf_crypto_hmac_shared.h" + +#if NRF_MODULE_ENABLED(NRF_CRYPTO_HMAC) + +static ret_code_t hkdf_expand(nrf_crypto_hmac_context_t * const p_context, + nrf_crypto_hmac_info_t const * p_info, + uint8_t * const p_output_key, + size_t output_key_size, + uint8_t const * const p_ainfo, + size_t ainfo_size, + uint8_t * const p_temp, + uint8_t const * const p_prk, + size_t prk_size) +{ + size_t const hash_digest_size = p_info->digest_size; + uint32_t const n_iterations = (output_key_size + hash_digest_size - 1) / hash_digest_size; + ret_code_t err_code = NRF_SUCCESS; + size_t temp_size; + uint8_t n_current; + int write_offset; + + VERIFY_TRUE(n_iterations <= 255, NRF_ERROR_CRYPTO_OUTPUT_LENGTH); + + write_offset = 0; + for (uint32_t i = 0; i < n_iterations; i++) + { + n_current = i + 1; + + err_code = nrf_crypto_hmac_init(p_context, p_info, p_prk, prk_size); + VERIFY_SUCCESS(err_code); + + if (i != 0) + { + err_code = nrf_crypto_hmac_update(p_context, p_temp, hash_digest_size); + VERIFY_SUCCESS(err_code); + } + + if (p_ainfo != NULL) + { + err_code = nrf_crypto_hmac_update(p_context, p_ainfo, ainfo_size); + VERIFY_SUCCESS(err_code); + } + + err_code = nrf_crypto_hmac_update(p_context, &n_current, 1); + VERIFY_SUCCESS(err_code); + + temp_size = hash_digest_size; + err_code = nrf_crypto_hmac_finalize(p_context, p_temp, &temp_size); + VERIFY_SUCCESS(err_code); + + memcpy(p_output_key + write_offset, + p_temp, + (n_current != n_iterations) ? hash_digest_size : (output_key_size - write_offset)); + + write_offset += hash_digest_size; + } + + return err_code; +} + + +ret_code_t nrf_crypto_hkdf_calculate(nrf_crypto_hmac_context_t * const p_context, + nrf_crypto_hmac_info_t const * p_info, + uint8_t * const p_output_key, + size_t * const p_output_key_size, + uint8_t const * const p_input_key, + size_t input_key_size, + uint8_t const * p_salt, + size_t salt_size, + uint8_t const * const p_ainfo, + size_t ainfo_size, + nrf_crypto_hkdf_mode_t mode) +{ + uint8_t prk[NRF_CRYPTO_HASH_SIZE_SHA512]; // Scaled for the largest supported hash size. + uint8_t temp[NRF_CRYPTO_HASH_SIZE_SHA512]; // Scaled for the largest supported hash size. + void * p_ctx = NULL; + void * p_allocated_context = NULL; + size_t prk_size = sizeof(prk); + size_t output_key_size = *p_output_key_size; + ret_code_t err_code; + + VERIFY_TRUE(p_info != NULL, NRF_ERROR_CRYPTO_INPUT_NULL); + VERIFY_TRUE(p_output_key != NULL, NRF_ERROR_CRYPTO_OUTPUT_NULL); + VERIFY_TRUE(*p_output_key_size > 0, NRF_ERROR_CRYPTO_OUTPUT_LENGTH); + VERIFY_TRUE(p_input_key != NULL, NRF_ERROR_CRYPTO_INPUT_NULL); + VERIFY_TRUE(input_key_size > 0, NRF_ERROR_CRYPTO_INPUT_LENGTH); + + if (p_salt != NULL) + { + VERIFY_TRUE(salt_size > 0, NRF_ERROR_CRYPTO_INPUT_LENGTH); + } + + if (p_ainfo != NULL) + { + VERIFY_TRUE(ainfo_size > 0, NRF_ERROR_CRYPTO_INPUT_LENGTH); + } + + *p_output_key_size = 0; // Set output length to 0 as default value (in case of error). + + // Allocate context internally if p_context is NULL + if (p_context == NULL) + { + p_allocated_context = NRF_CRYPTO_ALLOC(p_info->context_size); + if (p_allocated_context == NULL) + { + return NRF_ERROR_CRYPTO_ALLOC_FAILED; + } + p_ctx = p_allocated_context; + } + else + { + p_ctx = p_context; + } + + if (mode == NRF_CRYPTO_HKDF_EXTRACT_AND_EXPAND) + { + if (p_salt == NULL) + { + // Use default salt defined in RFC 5869: String of zeros of hash length. + salt_size = p_info->digest_size; + ASSERT(sizeof(temp) >= salt_size); + memset(temp, 0, salt_size); + p_salt = temp; + } + + // Step 1: Extract + err_code = nrf_crypto_hmac_calculate(p_context, + p_info, + prk, + &prk_size, + p_salt, + salt_size, + p_input_key, + input_key_size); + NRF_CRYPTO_VERIFY_SUCCESS_DEALLOCATE(err_code, p_allocated_context); + + // Step 2: Expand + err_code = hkdf_expand(p_ctx, + p_info, + p_output_key, + output_key_size, + p_ainfo, + ainfo_size, + temp, + prk, + prk_size); + NRF_CRYPTO_VERIFY_SUCCESS_DEALLOCATE(err_code, p_allocated_context); + } + else // NRF_CRYPTO_HKDF_EXPAND_ONLY + { + err_code = hkdf_expand(p_ctx, + p_info, + p_output_key, + output_key_size, + p_ainfo, + ainfo_size, + temp, + p_input_key, + input_key_size); + NRF_CRYPTO_VERIFY_SUCCESS_DEALLOCATE(err_code, p_allocated_context); + } + + if (p_allocated_context != NULL) + { + NRF_CRYPTO_FREE(p_allocated_context); + } + + *p_output_key_size = output_key_size; + + return NRF_SUCCESS; +} + + +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO_HMAC) +#endif // NRF_MODULE_ENABLED(NRF_CRYPTO) |