Coverage Report

Created: 2022-06-23 06:44

/src/botan/src/lib/kdf/prf_tls/prf_tls.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* TLSv1.2 PRF
3
* (C) 2004-2010 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#include <botan/internal/prf_tls.h>
9
#include <botan/exceptn.h>
10
11
namespace Botan {
12
13
namespace {
14
15
/*
16
* TLS PRF P_hash function
17
*/
18
void P_hash(uint8_t out[], size_t out_len,
19
            MessageAuthenticationCode& mac,
20
            const uint8_t secret[], size_t secret_len,
21
            const uint8_t salt[], size_t salt_len)
22
27.7k
   {
23
27.7k
   try
24
27.7k
      {
25
27.7k
      mac.set_key(secret, secret_len);
26
27.7k
      }
27
27.7k
   catch(Invalid_Key_Length&)
28
27.7k
      {
29
0
      throw Internal_Error("The premaster secret of " +
30
0
                           std::to_string(secret_len) +
31
0
                           " bytes is too long for the PRF");
32
0
      }
33
34
27.7k
   secure_vector<uint8_t> A(salt, salt + salt_len);
35
27.7k
   secure_vector<uint8_t> h;
36
37
27.7k
   size_t offset = 0;
38
39
105k
   while(offset != out_len)
40
77.7k
      {
41
77.7k
      A = mac.process(A);
42
43
77.7k
      mac.update(A);
44
77.7k
      mac.update(salt, salt_len);
45
77.7k
      mac.final(h);
46
47
77.7k
      const size_t writing = std::min(h.size(), out_len - offset);
48
77.7k
      xor_buf(&out[offset], h.data(), writing);
49
77.7k
      offset += writing;
50
77.7k
      }
51
27.7k
   }
52
53
}
54
55
void TLS_12_PRF::kdf(uint8_t key[], size_t key_len,
56
                     const uint8_t secret[], size_t secret_len,
57
                     const uint8_t salt[], size_t salt_len,
58
                     const uint8_t label[], size_t label_len) const
59
27.7k
   {
60
27.7k
   secure_vector<uint8_t> msg;
61
62
27.7k
   msg.reserve(label_len + salt_len);
63
27.7k
   msg += std::make_pair(label, label_len);
64
27.7k
   msg += std::make_pair(salt, salt_len);
65
66
27.7k
   P_hash(key, key_len, *m_mac, secret, secret_len, msg.data(), msg.size());
67
27.7k
   }
68
69
}