leancrypto/html/lc__hkdf_8h_source.html

/*

 * Copyright (C) 2022 - 2025, Stephan Mueller <smueller@chronox.de>

 *

 * License: see LICENSE file in root directory

 *

 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED

 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF

 * WHICH ARE HEREBY DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE

 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT

 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR

 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE

 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH

 * DAMAGE.

 */


#ifndef LC_HKDF_H

#define LC_HKDF_H


#include "ext_headers.h"

#include "lc_hmac.h"

#include "lc_rng.h"

#include "lc_memset_secure.h"


#ifdef __cplusplus

extern "C" {

#endif


struct lc_hkdf_ctx {

        uint8_t partial[LC_SHA_MAX_SIZE_DIGEST];

        size_t partial_ptr;

        uint8_t ctr;

        uint8_t rng_initialized : 1;

        struct lc_hmac_ctx hmac_ctx;

};


#define LC_HKDF_STATE_SIZE(hashname) (LC_HMAC_CTX_SIZE(hashname))

#define LC_HKDF_CTX_SIZE(hashname)                                             \

        (sizeof(struct lc_hkdf_ctx) + LC_HKDF_STATE_SIZE(hashname))


#define _LC_HKDF_SET_CTX(name, hashname, ctx, offset)                          \

        _LC_HMAC_SET_CTX((&(name)->hmac_ctx), hashname, ctx, offset)


#define LC_HKDF_SET_CTX(name, hashname)                                        \

        _LC_HKDF_SET_CTX(name, hashname, name, sizeof(struct lc_hkdf_ctx))


int lc_hkdf_extract(struct lc_hkdf_ctx *hkdf_ctx, const uint8_t *ikm,

                    size_t ikmlen, const uint8_t *salt, size_t saltlen);


int lc_hkdf_expand(struct lc_hkdf_ctx *hkdf_ctx, const uint8_t *info,

                   size_t infolen, uint8_t *dst, size_t dlen);


void lc_hkdf_zero(struct lc_hkdf_ctx *hkdf_ctx);


int lc_hkdf_alloc(const struct lc_hash *hash, struct lc_hkdf_ctx **hkdf_ctx);


void lc_hkdf_zero_free(struct lc_hkdf_ctx *hkdf_ctx);


#define LC_HKDF_CTX_ON_STACK(name, hashname)                                        \

        _Pragma("GCC diagnostic push")                                              \

                _Pragma("GCC diagnostic ignored \"-Wvla\"") _Pragma(                \

                        "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \

                        LC_ALIGNED_BUFFER(name##_ctx_buf,                           \

                                          LC_HKDF_CTX_SIZE(hashname),               \

                                          LC_HASH_COMMON_ALIGNMENT);                \

        struct lc_hkdf_ctx *name = (struct lc_hkdf_ctx *)name##_ctx_buf;            \

        LC_HKDF_SET_CTX(name, hashname);                                            \

        lc_hkdf_zero(name);                                                         \

        _Pragma("GCC diagnostic pop")


int lc_hkdf(const struct lc_hash *hash, const uint8_t *ikm, size_t ikmlen,

            const uint8_t *salt, size_t saltlen, const uint8_t *info,

            size_t infolen, uint8_t *dst, size_t dlen);


/******************************** HKDF as RNG *********************************/


/* HKDF DRNG implementation */

extern const struct lc_rng *lc_hkdf_rng;


#define LC_HKDF_DRNG_CTX_SIZE(hashname)                                        \

        (sizeof(struct lc_rng_ctx) + LC_HKDF_CTX_SIZE(hashname))


#define LC_HKDF_DRNG_SET_CTX(name, hashname) LC_HKDF_SET_CTX(name, hashname)


#define LC_HKDF_RNG_CTX(name, hashname)                                        \

        LC_RNG_CTX(name, lc_hkdf_rng);                                         \

        LC_HKDF_DRNG_SET_CTX(((struct lc_hkdf_ctx *)(name->rng_state)),        \

                             hashname);                                        \

        lc_rng_zero(name)


#define LC_HKDF_DRNG_CTX_ON_STACK(name, hashname)                                   \

        _Pragma("GCC diagnostic push")                                              \

                _Pragma("GCC diagnostic ignored \"-Wvla\"") _Pragma(                \

                        "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \

                        LC_ALIGNED_BUFFER(name##_ctx_buf,                           \

                                          LC_HKDF_DRNG_CTX_SIZE(hashname),          \

                                          LC_HASH_COMMON_ALIGNMENT);                \

        struct lc_rng_ctx *name = (struct lc_rng_ctx *)name##_ctx_buf;              \

        LC_HKDF_RNG_CTX(name, hashname);                                            \

        _Pragma("GCC diagnostic pop")


int lc_hkdf_rng_alloc(struct lc_rng_ctx **state, const struct lc_hash *hash);


#ifdef __cplusplus

}

#endif


#endif /* LC_HKDF_H */

lc_hash
int lc_hash(const struct lc_hash *hash, const uint8_t *in, size_t inlen, uint8_t *digest)
Calculate message digest - one-shot.

lc_hkdf_expand
int lc_hkdf_expand(struct lc_hkdf_ctx *hkdf_ctx, const uint8_t *info, size_t infolen, uint8_t *dst, size_t dlen)
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) - RFC5869 Expand phase.

lc_hkdf
int lc_hkdf(const struct lc_hash *hash, const uint8_t *ikm, size_t ikmlen, const uint8_t *salt, size_t saltlen, const uint8_t *info, size_t infolen, uint8_t *dst, size_t dlen)
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) - RFC5869 Complete implementation.

lc_hkdf_zero_free
void lc_hkdf_zero_free(struct lc_hkdf_ctx *hkdf_ctx)
Zeroize and free HKDF context.

lc_hkdf_alloc
int lc_hkdf_alloc(const struct lc_hash *hash, struct lc_hkdf_ctx **hkdf_ctx)
Allocate HKDF context on heap.

lc_hkdf_zero
void lc_hkdf_zero(struct lc_hkdf_ctx *hkdf_ctx)
Zeroize HKDF context allocated with either LC_HKDF_CTX_ON_STACK or hkdf_alloc.

lc_hkdf_extract
int lc_hkdf_extract(struct lc_hkdf_ctx *hkdf_ctx, const uint8_t *ikm, size_t ikmlen, const uint8_t *salt, size_t saltlen)
HMAC-based Extract-and-Expand Key Derivation Function (HKDF) - RFC5869 Extract phase.

lc_hkdf_rng_alloc
int lc_hkdf_rng_alloc(struct lc_rng_ctx **state, const struct lc_hash *hash)
Allocation of a HKDF DRNG context.

lc_hkdf_rng
const struct lc_rng * lc_hkdf_rng

lc_hmac.h

lc_memset_secure.h

lc_rng.h