diff options
Diffstat (limited to 'src/kdf/prf_tls')
-rw-r--r-- | src/kdf/prf_tls/info.txt | 7 | ||||
-rw-r--r-- | src/kdf/prf_tls/prf_tls.cpp | 108 | ||||
-rw-r--r-- | src/kdf/prf_tls/prf_tls.h | 58 |
3 files changed, 173 insertions, 0 deletions
diff --git a/src/kdf/prf_tls/info.txt b/src/kdf/prf_tls/info.txt new file mode 100644 index 000000000..9531a6a83 --- /dev/null +++ b/src/kdf/prf_tls/info.txt @@ -0,0 +1,7 @@ +define TLS_V10_PRF + +<requires> +hmac +md5 +sha1 +</requires> diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp new file mode 100644 index 000000000..2b57cdd25 --- /dev/null +++ b/src/kdf/prf_tls/prf_tls.cpp @@ -0,0 +1,108 @@ +/* +* TLS v1.0 and v1.2 PRFs +* (C) 2004-2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/prf_tls.h> +#include <botan/internal/xor_buf.h> +#include <botan/hmac.h> +#include <botan/md5.h> +#include <botan/sha160.h> + +namespace Botan { + +namespace { + +/* +* TLS PRF P_hash function +*/ +void P_hash(MemoryRegion<byte>& output, + MessageAuthenticationCode* mac, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) + { + mac->set_key(secret, secret_len); + + SecureVector<byte> A(seed, seed_len); + + size_t offset = 0; + + while(offset != output.size()) + { + const size_t this_block_len = + std::min<size_t>(mac->output_length(), output.size() - offset); + + A = mac->process(A); + + mac->update(A); + mac->update(seed, seed_len); + SecureVector<byte> block = mac->final(); + + xor_buf(&output[offset], &block[0], this_block_len); + offset += this_block_len; + } + } + +} + +/* +* TLS PRF Constructor and Destructor +*/ +TLS_PRF::TLS_PRF() + { + hmac_md5 = new HMAC(new MD5); + hmac_sha1 = new HMAC(new SHA_160); + } + +TLS_PRF::~TLS_PRF() + { + delete hmac_md5; + delete hmac_sha1; + } + +/* +* TLS PRF +*/ +SecureVector<byte> TLS_PRF::derive(size_t key_len, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) const + { + SecureVector<byte> output(key_len); + + size_t S1_len = (secret_len + 1) / 2, + S2_len = (secret_len + 1) / 2; + const byte* S1 = secret; + const byte* S2 = secret + (secret_len - S2_len); + + P_hash(output, hmac_md5, S1, S1_len, seed, seed_len); + P_hash(output, hmac_sha1, S2, S2_len, seed, seed_len); + + return output; + } + +/* +* TLS v1.2 PRF Constructor and Destructor +*/ +TLS_12_PRF::TLS_12_PRF(MessageAuthenticationCode* mac) : hmac(mac) + { + } + +TLS_12_PRF::~TLS_12_PRF() + { + delete hmac; + } + +SecureVector<byte> TLS_12_PRF::derive(size_t key_len, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) const + { + SecureVector<byte> output(key_len); + + P_hash(output, hmac, secret, secret_len, seed, seed_len); + + return output; + } + +} diff --git a/src/kdf/prf_tls/prf_tls.h b/src/kdf/prf_tls/prf_tls.h new file mode 100644 index 000000000..5237f17c0 --- /dev/null +++ b/src/kdf/prf_tls/prf_tls.h @@ -0,0 +1,58 @@ +/* +* TLS v1.0 and v1.2 PRFs +* (C) 2004-2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_TLS_PRF_H__ +#define BOTAN_TLS_PRF_H__ + +#include <botan/kdf.h> +#include <botan/mac.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* PRF used in TLS 1.0/1.1 +*/ +class BOTAN_DLL TLS_PRF : public KDF + { + public: + SecureVector<byte> derive(size_t key_len, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) const; + + std::string name() const { return "TLS-PRF"; } + KDF* clone() const { return new TLS_PRF; } + + TLS_PRF(); + ~TLS_PRF(); + private: + MessageAuthenticationCode* hmac_md5; + MessageAuthenticationCode* hmac_sha1; + }; + +/** +* PRF used in TLS 1.2 +*/ +class BOTAN_DLL TLS_12_PRF : public KDF + { + public: + SecureVector<byte> derive(size_t key_len, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) const; + + std::string name() const { return "TLSv12-PRF(" + hmac->name() + ")"; } + KDF* clone() const { return new TLS_12_PRF(hmac->clone()); } + + TLS_12_PRF(MessageAuthenticationCode* hmac); + ~TLS_12_PRF(); + private: + MessageAuthenticationCode* hmac; + }; + +} + +#endif |