/src/gnutls/lib/nettle/prf.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2017 Red Hat, Inc. |
3 | | * |
4 | | * Author: Nikos Mavrogiannopoulos |
5 | | * |
6 | | * This file is part of GNUTLS. |
7 | | * |
8 | | * The GNUTLS library is free software; you can redistribute it and/or |
9 | | * modify it under the terms of the GNU Lesser General Public License |
10 | | * as published by the Free Software Foundation; either version 2.1 of |
11 | | * the License, or (at your option) any later version. |
12 | | * |
13 | | * This library is distributed in the hope that it will be useful, but |
14 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | | * Lesser General Public License for more details. |
17 | | * |
18 | | * You should have received a copy of the GNU Lesser General Public License |
19 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
20 | | * |
21 | | */ |
22 | | |
23 | | #include "gnutls_int.h" |
24 | | #include "int/tls1-prf.h" |
25 | | #include <nettle/hmac.h> |
26 | | #if ENABLE_GOST |
27 | | #include "gost/hmac-gost.h" |
28 | | #endif |
29 | | |
30 | | /*- |
31 | | * _gnutls_prf_raw: |
32 | | * @mac: the MAC algorithm to use, set to %GNUTLS_MAC_MD5_SHA1 for the TLS1.0 mac |
33 | | * @master_size: length of the @master variable. |
34 | | * @master: the master secret used in PRF computation |
35 | | * @label_size: length of the @label variable. |
36 | | * @label: label used in PRF computation, typically a short string. |
37 | | * @seed_size: length of the @seed variable. |
38 | | * @seed: optional extra data to seed the PRF with. |
39 | | * @outsize: size of pre-allocated output buffer to hold the output. |
40 | | * @out: pre-allocated buffer to hold the generated data. |
41 | | * |
42 | | * Apply the TLS Pseudo-Random-Function (PRF) on the master secret |
43 | | * and the provided data. |
44 | | * |
45 | | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. |
46 | | -*/ |
47 | | int _gnutls_prf_raw(gnutls_mac_algorithm_t mac, size_t master_size, |
48 | | const void *master, size_t label_size, const char *label, |
49 | | size_t seed_size, const uint8_t *seed, size_t outsize, |
50 | | char *out) |
51 | 0 | { |
52 | 0 | int ret; |
53 | |
|
54 | 0 | switch (mac) { |
55 | 0 | case GNUTLS_MAC_MD5_SHA1: |
56 | 0 | tls10_prf(master_size, (uint8_t *)master, label_size, label, |
57 | 0 | seed_size, seed, outsize, (uint8_t *)out); |
58 | 0 | return 0; |
59 | 0 | case GNUTLS_MAC_SHA256: { |
60 | 0 | struct hmac_sha256_ctx ctx; |
61 | 0 | hmac_sha256_set_key(&ctx, master_size, (uint8_t *)master); |
62 | |
|
63 | 0 | ret = tls12_prf(&ctx, |
64 | 0 | (nettle_hash_update_func *)hmac_sha256_update, |
65 | 0 | (nettle_hash_digest_func *)hmac_sha256_digest, |
66 | 0 | SHA256_DIGEST_SIZE, label_size, label, |
67 | 0 | seed_size, seed, outsize, (uint8_t *)out); |
68 | |
|
69 | 0 | if (unlikely(ret != 1)) |
70 | 0 | return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); |
71 | 0 | break; |
72 | 0 | } |
73 | 0 | case GNUTLS_MAC_SHA384: { |
74 | 0 | struct hmac_sha384_ctx ctx; |
75 | 0 | hmac_sha384_set_key(&ctx, master_size, master); |
76 | |
|
77 | 0 | ret = tls12_prf(&ctx, |
78 | 0 | (nettle_hash_update_func *)hmac_sha384_update, |
79 | 0 | (nettle_hash_digest_func *)hmac_sha384_digest, |
80 | 0 | SHA384_DIGEST_SIZE, label_size, label, |
81 | 0 | seed_size, seed, outsize, (uint8_t *)out); |
82 | |
|
83 | 0 | if (unlikely(ret != 1)) |
84 | 0 | return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); |
85 | 0 | break; |
86 | 0 | } |
87 | 0 | #if ENABLE_GOST |
88 | 0 | case GNUTLS_MAC_STREEBOG_256: { |
89 | 0 | struct hmac_streebog256_ctx ctx; |
90 | 0 | hmac_streebog256_set_key(&ctx, master_size, master); |
91 | |
|
92 | 0 | ret = tls12_prf( |
93 | 0 | &ctx, |
94 | 0 | (nettle_hash_update_func *)hmac_streebog256_update, |
95 | 0 | (nettle_hash_digest_func *)hmac_streebog256_digest, |
96 | 0 | STREEBOG256_DIGEST_SIZE, label_size, label, seed_size, |
97 | 0 | seed, outsize, (uint8_t *)out); |
98 | |
|
99 | 0 | if (unlikely(ret != 1)) |
100 | 0 | return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); |
101 | 0 | break; |
102 | 0 | } |
103 | 0 | case GNUTLS_MAC_STREEBOG_512: { |
104 | 0 | struct hmac_streebog512_ctx ctx; |
105 | 0 | hmac_streebog512_set_key(&ctx, master_size, master); |
106 | |
|
107 | 0 | ret = tls12_prf( |
108 | 0 | &ctx, |
109 | 0 | (nettle_hash_update_func *)hmac_streebog512_update, |
110 | 0 | (nettle_hash_digest_func *)hmac_streebog512_digest, |
111 | 0 | STREEBOG512_DIGEST_SIZE, label_size, label, seed_size, |
112 | 0 | seed, outsize, (uint8_t *)out); |
113 | |
|
114 | 0 | if (unlikely(ret != 1)) |
115 | 0 | return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); |
116 | 0 | break; |
117 | 0 | } |
118 | 0 | #endif |
119 | 0 | default: |
120 | 0 | gnutls_assert(); |
121 | 0 | _gnutls_debug_log("unhandled PRF %s\n", |
122 | 0 | gnutls_mac_get_name(mac)); |
123 | 0 | return GNUTLS_E_INVALID_REQUEST; |
124 | 0 | } |
125 | | |
126 | 0 | return 0; |
127 | 0 | } |