diff options
Diffstat (limited to 'src/lib/kdf/prf_tls')
| -rw-r--r-- | src/lib/kdf/prf_tls/info.txt | 8 | ||||
| -rw-r--r-- | src/lib/kdf/prf_tls/prf_tls.cpp | 117 | ||||
| -rw-r--r-- | src/lib/kdf/prf_tls/prf_tls.h | 58 |
3 files changed, 183 insertions, 0 deletions
diff --git a/src/lib/kdf/prf_tls/info.txt b/src/lib/kdf/prf_tls/info.txt new file mode 100644 index 000000000..505e1ff1e --- /dev/null +++ b/src/lib/kdf/prf_tls/info.txt @@ -0,0 +1,8 @@ +define TLS_V10_PRF 20131128 +define TLS_V12_PRF 20131128 + +<requires> +hmac +md5 +sha1 +</requires> diff --git a/src/lib/kdf/prf_tls/prf_tls.cpp b/src/lib/kdf/prf_tls/prf_tls.cpp new file mode 100644 index 000000000..006b418c9 --- /dev/null +++ b/src/lib/kdf/prf_tls/prf_tls.cpp @@ -0,0 +1,117 @@ +/* +* TLS v1.0 and v1.2 PRFs +* (C) 2004-2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/prf_tls.h> +#include <botan/internal/xor_buf.h> +#include <botan/hmac.h> +#include <botan/md5.h> +#include <botan/sha160.h> + +namespace Botan { + +namespace { + +/* +* TLS PRF P_hash function +*/ +void P_hash(secure_vector<byte>& output, + MessageAuthenticationCode* mac, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) + { + try + { + mac->set_key(secret, secret_len); + } + catch(Invalid_Key_Length) + { + throw Internal_Error("The premaster secret of " + + std::to_string(secret_len) + + " bytes is too long for the PRF"); + } + + secure_vector<byte> A(seed, seed + seed_len); + + size_t offset = 0; + + while(offset != output.size()) + { + const size_t this_block_len = + std::min<size_t>(mac->output_length(), output.size() - offset); + + A = mac->process(A); + + mac->update(A); + mac->update(seed, seed_len); + secure_vector<byte> block = mac->final(); + + xor_buf(&output[offset], &block[0], this_block_len); + offset += this_block_len; + } + } + +} + +/* +* TLS PRF Constructor and Destructor +*/ +TLS_PRF::TLS_PRF() + { + hmac_md5 = new HMAC(new MD5); + hmac_sha1 = new HMAC(new SHA_160); + } + +TLS_PRF::~TLS_PRF() + { + delete hmac_md5; + delete hmac_sha1; + } + +/* +* TLS PRF +*/ +secure_vector<byte> TLS_PRF::derive(size_t key_len, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) const + { + secure_vector<byte> output(key_len); + + size_t S1_len = (secret_len + 1) / 2, + S2_len = (secret_len + 1) / 2; + const byte* S1 = secret; + const byte* S2 = secret + (secret_len - S2_len); + + P_hash(output, hmac_md5, S1, S1_len, seed, seed_len); + P_hash(output, hmac_sha1, S2, S2_len, seed, seed_len); + + return output; + } + +/* +* TLS v1.2 PRF Constructor and Destructor +*/ +TLS_12_PRF::TLS_12_PRF(MessageAuthenticationCode* mac) : hmac(mac) + { + } + +TLS_12_PRF::~TLS_12_PRF() + { + delete hmac; + } + +secure_vector<byte> TLS_12_PRF::derive(size_t key_len, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) const + { + secure_vector<byte> output(key_len); + + P_hash(output, hmac, secret, secret_len, seed, seed_len); + + return output; + } + +} diff --git a/src/lib/kdf/prf_tls/prf_tls.h b/src/lib/kdf/prf_tls/prf_tls.h new file mode 100644 index 000000000..fce11eae0 --- /dev/null +++ b/src/lib/kdf/prf_tls/prf_tls.h @@ -0,0 +1,58 @@ +/* +* TLS v1.0 and v1.2 PRFs +* (C) 2004-2010 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_TLS_PRF_H__ +#define BOTAN_TLS_PRF_H__ + +#include <botan/kdf.h> +#include <botan/mac.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* PRF used in TLS 1.0/1.1 +*/ +class BOTAN_DLL TLS_PRF : public KDF + { + public: + secure_vector<byte> derive(size_t key_len, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) const; + + std::string name() const { return "TLS-PRF"; } + KDF* clone() const { return new TLS_PRF; } + + TLS_PRF(); + ~TLS_PRF(); + private: + MessageAuthenticationCode* hmac_md5; + MessageAuthenticationCode* hmac_sha1; + }; + +/** +* PRF used in TLS 1.2 +*/ +class BOTAN_DLL TLS_12_PRF : public KDF + { + public: + secure_vector<byte> derive(size_t key_len, + const byte secret[], size_t secret_len, + const byte seed[], size_t seed_len) const; + + std::string name() const { return "TLSv12-PRF(" + hmac->name() + ")"; } + KDF* clone() const { return new TLS_12_PRF(hmac->clone()); } + + TLS_12_PRF(MessageAuthenticationCode* hmac); + ~TLS_12_PRF(); + private: + MessageAuthenticationCode* hmac; + }; + +} + +#endif |