Botan  1.10.9
prf_tls.cpp
Go to the documentation of this file.
1 /*
2 * TLS v1.0 and v1.2 PRFs
3 * (C) 2004-2010 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/prf_tls.h>
9 #include <botan/internal/xor_buf.h>
10 #include <botan/hmac.h>
11 #include <botan/md5.h>
12 #include <botan/sha160.h>
13 
14 namespace Botan {
15 
16 namespace {
17 
18 /*
19 * TLS PRF P_hash function
20 */
21 void P_hash(MemoryRegion<byte>& output,
22  MessageAuthenticationCode* mac,
23  const byte secret[], size_t secret_len,
24  const byte seed[], size_t seed_len)
25  {
26  mac->set_key(secret, secret_len);
27 
28  SecureVector<byte> A(seed, seed_len);
29 
30  size_t offset = 0;
31 
32  while(offset != output.size())
33  {
34  const size_t this_block_len =
35  std::min<size_t>(mac->output_length(), output.size() - offset);
36 
37  A = mac->process(A);
38 
39  mac->update(A);
40  mac->update(seed, seed_len);
41  SecureVector<byte> block = mac->final();
42 
43  xor_buf(&output[offset], &block[0], this_block_len);
44  offset += this_block_len;
45  }
46  }
47 
48 }
49 
50 /*
51 * TLS PRF Constructor and Destructor
52 */
54  {
55  hmac_md5 = new HMAC(new MD5);
56  hmac_sha1 = new HMAC(new SHA_160);
57  }
58 
60  {
61  delete hmac_md5;
62  delete hmac_sha1;
63  }
64 
65 /*
66 * TLS PRF
67 */
69  const byte secret[], size_t secret_len,
70  const byte seed[], size_t seed_len) const
71  {
72  SecureVector<byte> output(key_len);
73 
74  size_t S1_len = (secret_len + 1) / 2,
75  S2_len = (secret_len + 1) / 2;
76  const byte* S1 = secret;
77  const byte* S2 = secret + (secret_len - S2_len);
78 
79  P_hash(output, hmac_md5, S1, S1_len, seed, seed_len);
80  P_hash(output, hmac_sha1, S2, S2_len, seed, seed_len);
81 
82  return output;
83  }
84 
85 /*
86 * TLS v1.2 PRF Constructor and Destructor
87 */
89  {
90  }
91 
93  {
94  delete hmac;
95  }
96 
98  const byte secret[], size_t secret_len,
99  const byte seed[], size_t seed_len) const
100  {
101  SecureVector<byte> output(key_len);
102 
103  P_hash(output, hmac, secret, secret_len, seed, seed_len);
104 
105  return output;
106  }
107 
108 }
SecureVector< byte > derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const
Definition: prf_tls.cpp:97
unsigned char byte
Definition: types.h:22
MessageAuthenticationCode * mac
Definition: fpe_fe1.cpp:94
Definition: md5.h:18
TLS_12_PRF(MessageAuthenticationCode *hmac)
Definition: prf_tls.cpp:88
SecureVector< byte > derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const
Definition: prf_tls.cpp:68
void xor_buf(byte out[], const byte in[], size_t length)
Definition: xor_buf.h:21