/src/botan/src/lib/kdf/prf_tls/prf_tls.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * TLSv1.2 PRF |
3 | | * (C) 2004-2010 Jack Lloyd |
4 | | * (C) 2024 René Meusel, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/prf_tls.h> |
10 | | |
11 | | #include <botan/exceptn.h> |
12 | | #include <botan/mem_ops.h> |
13 | | #include <botan/internal/fmt.h> |
14 | | #include <botan/internal/stl_util.h> |
15 | | |
16 | | namespace Botan { |
17 | | |
18 | | /* |
19 | | * TLS PRF P_hash function |
20 | | */ |
21 | | void TLS_12_PRF::perform_kdf(std::span<uint8_t> key, |
22 | | std::span<const uint8_t> secret, |
23 | | std::span<const uint8_t> salt, |
24 | 11.4k | std::span<const uint8_t> label) const { |
25 | 11.4k | try { |
26 | 11.4k | m_mac->set_key(secret); |
27 | 11.4k | } catch(Invalid_Key_Length&) { |
28 | 0 | throw Internal_Error(fmt("The premaster secret of {} bytes is too long for TLS-PRF", secret.size())); |
29 | 0 | } |
30 | | |
31 | 11.4k | auto A = concat<secure_vector<uint8_t>>(label, salt); |
32 | 11.4k | secure_vector<uint8_t> h; |
33 | | |
34 | 11.4k | BufferStuffer o(key); |
35 | 35.4k | while(!o.full()) { |
36 | 24.0k | A = m_mac->process(A); |
37 | | |
38 | 24.0k | m_mac->update(A); |
39 | 24.0k | m_mac->update(label); |
40 | 24.0k | m_mac->update(salt); |
41 | 24.0k | m_mac->final(h); |
42 | | |
43 | 24.0k | const size_t writing = std::min(h.size(), o.remaining_capacity()); |
44 | 24.0k | xor_buf(o.next(writing), std::span{h}.first(writing)); |
45 | 24.0k | } |
46 | 11.4k | } |
47 | | |
48 | 0 | std::string TLS_12_PRF::name() const { |
49 | 0 | return fmt("TLS-12-PRF({})", m_mac->name()); |
50 | 0 | } |
51 | | |
52 | 0 | std::unique_ptr<KDF> TLS_12_PRF::new_object() const { |
53 | 0 | return std::make_unique<TLS_12_PRF>(m_mac->new_object()); |
54 | 0 | } |
55 | | |
56 | | } // namespace Botan |