HKDF.cpp

/*
 * Copyright (C) 2022 Southern Storm Software, Pty Ltd.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included
 * in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
 */
 
#include "HKDF.h"
#include <string.h>
 
HKDFCommon::HKDFCommon()
    : hash(0)
    , buf(0)
    , counter(1)
    , posn(255)
{
}
 
HKDFCommon::~HKDFCommon()
{
}
 
void HKDFCommon::setKey(const void *key, size_t keyLen, const void *salt, size_t saltLen)
{
    // Initialise the HKDF context with the key and salt to generate the PRK.
    size_t hashSize = hash->hashSize();
    if (salt && saltLen) {
        hash->resetHMAC(salt, saltLen);
        hash->update(key, keyLen);
        hash->finalizeHMAC(salt, saltLen, buf + hashSize, hashSize);
    } else {
        // If no salt is provided, RFC 5869 says that a string of
        // hashSize zeroes should be used instead.
        memset(buf, 0, hashSize);
        hash->resetHMAC(buf, hashSize);
        hash->update(key, keyLen);
        hash->finalizeHMAC(buf, hashSize, buf + hashSize, hashSize);
    }
    counter = 1;
    posn = hashSize;
}
 
void HKDFCommon::extract(void *out, size_t outLen, const void *info, size_t infoLen)
{
    size_t hashSize = hash->hashSize();
    uint8_t *outPtr = (uint8_t *)out;
    while (outLen > 0) {
        // Generate a new output block if necessary.
        if (posn >= hashSize) {
            hash->resetHMAC(buf + hashSize, hashSize);
            if (counter != 1)
                hash->update(buf, hashSize);
            if (info && infoLen)
                hash->update(info, infoLen);
            hash->update(&counter, 1);
            hash->finalizeHMAC(buf + hashSize, hashSize, buf, hashSize);
            ++counter;
            posn = 0;
        }
 
        // Copy as much output data as we can for this block.
        size_t len = hashSize - posn;
        if (len > outLen)
            len = outLen;
        memcpy(outPtr, buf + posn, len);
        posn += len;
        outPtr += len;
        outLen -= len;
    }
}
 
void HKDFCommon::clear()
{
    size_t hashSize = hash->hashSize();
    hash->clear();
    clean(buf, hashSize * 2);
    counter = 1;
    posn = hashSize;
}