Head

GCC Code Coverage Report

Directory:	./		Exec	Total	Coverage
File:	lib/libcrypto/hkdf/hkdf.c	Lines:	35	44	79.5 %
Date:	2017-11-07	Branches:	20	31	64.5 %


/* Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#include <openssl/hkdf.h>

#include <assert.h>
#include <string.h>

#include <openssl/err.h>
#include <openssl/hmac.h>

/* https://tools.ietf.org/html/rfc5869#section-2 */
int
HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
    const uint8_t *secret, size_t secret_len, const uint8_t *salt,
    size_t salt_len, const uint8_t *info, size_t info_len)
{
	uint8_t prk[EVP_MAX_MD_SIZE];
	size_t prk_len;

	if (!HKDF_extract(prk, &prk_len, digest, secret, secret_len, salt,
		salt_len))
		return 0;
	if (!HKDF_expand(out_key, out_len, digest, prk, prk_len, info,
		info_len))
		return 0;

	return 1;
}

/* https://tools.ietf.org/html/rfc5869#section-2.2 */
int
HKDF_extract(uint8_t *out_key, size_t *out_len,
    const EVP_MD *digest, const uint8_t *secret, size_t secret_len,
    const uint8_t *salt, size_t salt_len)
{
	unsigned int len;

	/*
	 * If salt is not given, HashLength zeros are used. However, HMAC does that
	 * internally already so we can ignore it.
	 */
	if (HMAC(digest, salt, salt_len, secret, secret_len, out_key, &len) ==
	    NULL) {
		CRYPTOerror(ERR_R_CRYPTO_LIB);
		return 0;
	}
	*out_len = len;
	return 1;
}

/* https://tools.ietf.org/html/rfc5869#section-2.3 */
int
HKDF_expand(uint8_t *out_key, size_t out_len,
    const EVP_MD *digest, const uint8_t *prk, size_t prk_len,
    const uint8_t *info, size_t info_len)
{
	const size_t digest_len = EVP_MD_size(digest);
	uint8_t previous[EVP_MAX_MD_SIZE];
	size_t n, done = 0;
	unsigned int i;
	int ret = 0;
	HMAC_CTX hmac;

	/* Expand key material to desired length. */
	n = (out_len + digest_len - 1) / digest_len;
	if (out_len + digest_len < out_len || n > 255) {
		CRYPTOerror(EVP_R_TOO_LARGE);
		return 0;
	}

	HMAC_CTX_init(&hmac);
	if (!HMAC_Init_ex(&hmac, prk, prk_len, digest, NULL))
		goto out;

	for (i = 0; i < n; i++) {
		uint8_t ctr = i + 1;
		size_t todo;

		if (i != 0 && (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL) ||
			!HMAC_Update(&hmac, previous, digest_len)))
			goto out;

		if (!HMAC_Update(&hmac, info, info_len) ||
		    !HMAC_Update(&hmac, &ctr, 1) ||
		    !HMAC_Final(&hmac, previous, NULL))
			goto out;

		todo = digest_len;
		if (done + todo > out_len)
			todo = out_len - done;

		memcpy(out_key + done, previous, todo);
		done += todo;
	}

	ret = 1;

 out:
	HMAC_CTX_cleanup(&hmac);
	if (ret != 1)
		CRYPTOerror(ERR_R_CRYPTO_LIB);
	return ret;
}


Generated by: GCOVR (Version 3.3)

Line	Branch	Exec	Source
1			/* Copyright (c) 2014, Google Inc.
2			*
3			* Permission to use, copy, modify, and/or distribute this software for any
4			* purpose with or without fee is hereby granted, provided that the above
5			* copyright notice and this permission notice appear in all copies.
6			*
7			* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8			* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9			* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10			* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11			* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12			* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13			* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
14			*/
15
16			#include <openssl/hkdf.h>
17
18			#include <assert.h>
19			#include <string.h>
20
21			#include <openssl/err.h>
22			#include <openssl/hmac.h>
23
24			/* https://tools.ietf.org/html/rfc5869#section-2 */
25			int
26			HKDF(uint8_t out_key, size_t out_len, const EVP_MD digest,
27			const uint8_t secret, size_t secret_len, const uint8_t salt,
28			size_t salt_len, const uint8_t *info, size_t info_len)
29			{
30		84	uint8_t prk[EVP_MAX_MD_SIZE];
31		42	size_t prk_len;
32
33	✗✓	42	if (!HKDF_extract(prk, &prk_len, digest, secret, secret_len, salt,
34			salt_len))
35			return 0;
36	✗✓	42	if (!HKDF_expand(out_key, out_len, digest, prk, prk_len, info,
37			info_len))
38			return 0;
39
40		42	return 1;
41		42	}
42
43			/* https://tools.ietf.org/html/rfc5869#section-2.2 */
44			int
45			HKDF_extract(uint8_t out_key, size_t out_len,
46			const EVP_MD digest, const uint8_t secret, size_t secret_len,
47			const uint8_t *salt, size_t salt_len)
48			{
49		168	unsigned int len;
50
51			/*
52			* If salt is not given, HashLength zeros are used. However, HMAC does that
53			* internally already so we can ignore it.
54			*/
55	✗✓	84	if (HMAC(digest, salt, salt_len, secret, secret_len, out_key, &len) ==
56			NULL) {
57			CRYPTOerror(ERR_R_CRYPTO_LIB);
58			return 0;
59			}
60		84	*out_len = len;
61		84	return 1;
62		84	}
63
64			/* https://tools.ietf.org/html/rfc5869#section-2.3 */
65			int
66			HKDF_expand(uint8_t *out_key, size_t out_len,
67			const EVP_MD digest, const uint8_t prk, size_t prk_len,
68			const uint8_t *info, size_t info_len)
69			{
70		168	const size_t digest_len = EVP_MD_size(digest);
71		84	uint8_t previous[EVP_MAX_MD_SIZE];
72			size_t n, done = 0;
73			unsigned int i;
74			int ret = 0;
75		84	HMAC_CTX hmac;
76
77			/* Expand key material to desired length. */
78		84	n = (out_len + digest_len - 1) / digest_len;
79	✗✓	84	if (out_len + digest_len < out_len \|\| n > 255) {
80			CRYPTOerror(EVP_R_TOO_LARGE);
81			return 0;
82			}
83
84		84	HMAC_CTX_init(&hmac);
85	✓✗	84	if (!HMAC_Init_ex(&hmac, prk, prk_len, digest, NULL))
86			goto out;
87
88	✓✓	672	for (i = 0; i < n; i++) {
89		252	uint8_t ctr = i + 1;
90			size_t todo;
91
92	✓✓✓✗ ✗✓	588	if (i != 0 && (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL) \|\|
93		168	!HMAC_Update(&hmac, previous, digest_len)))
94			goto out;
95
96	✓✗✗✓	504	if (!HMAC_Update(&hmac, info, info_len) \|\|
97	✓✗	252	!HMAC_Update(&hmac, &ctr, 1) \|\|
98		252	!HMAC_Final(&hmac, previous, NULL))
99			goto out;
100
101			todo = digest_len;
102	✓✓	252	if (done + todo > out_len)
103		84	todo = out_len - done;
104
105		252	memcpy(out_key + done, previous, todo);
106		252	done += todo;
107	✓✓✓	672	}
108
109		84	ret = 1;
110
111			out:
112		84	HMAC_CTX_cleanup(&hmac);
113	✗✓	84	if (ret != 1)
114			CRYPTOerror(ERR_R_CRYPTO_LIB);
115		84	return ret;
116		84	}