/src/BearSSL/src/ssl/prf.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org> |
3 | | * |
4 | | * Permission is hereby granted, free of charge, to any person obtaining |
5 | | * a copy of this software and associated documentation files (the |
6 | | * "Software"), to deal in the Software without restriction, including |
7 | | * without limitation the rights to use, copy, modify, merge, publish, |
8 | | * distribute, sublicense, and/or sell copies of the Software, and to |
9 | | * permit persons to whom the Software is furnished to do so, subject to |
10 | | * the following conditions: |
11 | | * |
12 | | * The above copyright notice and this permission notice shall be |
13 | | * included in all copies or substantial portions of the Software. |
14 | | * |
15 | | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
16 | | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
17 | | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
18 | | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
19 | | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
20 | | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
21 | | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
22 | | * SOFTWARE. |
23 | | */ |
24 | | |
25 | | #include "inner.h" |
26 | | |
27 | | /* see inner.h */ |
28 | | void |
29 | | br_tls_phash(void *dst, size_t len, |
30 | | const br_hash_class *dig, |
31 | | const void *secret, size_t secret_len, const char *label, |
32 | | size_t seed_num, const br_tls_prf_seed_chunk *seed) |
33 | 600 | { |
34 | 600 | unsigned char *buf; |
35 | 600 | unsigned char tmp[64], a[64]; |
36 | 600 | br_hmac_key_context kc; |
37 | 600 | br_hmac_context hc; |
38 | 600 | size_t label_len, hlen, u; |
39 | | |
40 | 600 | if (len == 0) { |
41 | 178 | return; |
42 | 178 | } |
43 | 422 | buf = dst; |
44 | 422 | for (label_len = 0; label[label_len]; label_len ++); |
45 | 422 | hlen = br_digest_size(dig); |
46 | 422 | br_hmac_key_init(&kc, dig, secret, secret_len); |
47 | 422 | br_hmac_init(&hc, &kc, 0); |
48 | 422 | br_hmac_update(&hc, label, label_len); |
49 | 1.62k | for (u = 0; u < seed_num; u ++) { |
50 | 1.20k | br_hmac_update(&hc, seed[u].data, seed[u].len); |
51 | 1.20k | } |
52 | 422 | br_hmac_out(&hc, a); |
53 | 11.1k | for (;;) { |
54 | 11.1k | br_hmac_init(&hc, &kc, 0); |
55 | 11.1k | br_hmac_update(&hc, a, hlen); |
56 | 11.1k | br_hmac_update(&hc, label, label_len); |
57 | 62.0k | for (u = 0; u < seed_num; u ++) { |
58 | 50.9k | br_hmac_update(&hc, seed[u].data, seed[u].len); |
59 | 50.9k | } |
60 | 11.1k | br_hmac_out(&hc, tmp); |
61 | 205k | for (u = 0; u < hlen && u < len; u ++) { |
62 | 194k | buf[u] ^= tmp[u]; |
63 | 194k | } |
64 | 11.1k | buf += u; |
65 | 11.1k | len -= u; |
66 | 11.1k | if (len == 0) { |
67 | 422 | return; |
68 | 422 | } |
69 | 10.6k | br_hmac_init(&hc, &kc, 0); |
70 | 10.6k | br_hmac_update(&hc, a, hlen); |
71 | 10.6k | br_hmac_out(&hc, a); |
72 | 10.6k | } |
73 | 422 | } |