| blob | fb0aa03921329499b8a69d9b45fbeb9b4afec698 |
1 /*
2 Unix SMB/CIFS implementation.
3 Wrapper for gnutls key derivation functions
5 Copyright (C) Stefan Metzmacher 2009
6 Copyright (C) Catalyst.Net Ltd 2023
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
24 #include <gnutls/gnutls.h>
25 #include <gnutls/crypto.h>
39 {
48 NT_STATUS_HMAC_NOT_SUPPORTED);
49 }
55 }
61 }
66 }
71 }
77 }
78 }
83 }
86 {
88 }
90 /**
91 * @brief Derive a key using the NIST SP 800‐108 algorithm.
92 *
93 * The details of the algorithm can be found at
94 * https://csrc.nist.gov/pubs/sp/800/108/r1/final.
95 *
96 * @param KI The key‐derivation key used as input.
97 *
98 * @param KI_len The length of the key‐derivation key.
99 *
100 * @param FixedData If non‐NULL, specifies fixed data to be used in place of
101 * that constructed from the Label and Context parameters.
102 *
103 * @param FixedData_len The length of the fixed data, if it is present.
104 *
105 * @param Label A label that identifies the purpose for the derived key.
106 * Ignored if FixedData is non‐NULL.
107 *
108 * @param Label_len The length of the label.
109 *
110 * @param Context Information related to the derived key. Ignored if
111 * FixedData is non‐NULL.
112 *
113 * @param Context_len The length of the context data.
114 *
115 * @param algorithm The HMAC algorithm to use.
116 *
117 * @param KO A buffer to receive the derived key.
118 *
119 * @param KO_len The length of the key to be derived.
120 *
121 * @return NT_STATUS_OK on success, an NT status error code otherwise.
122 */
135 {
145 /* The calculation of L has overflowed. */
147 }
151 }
153 {
155 /*
156 * To ensure that the counter values are distinct, n shall not
157 * be larger than 2ʳ−1, where r = 32. We have made sure that
158 * |KO| × 8 < 2³², and we know that n ≤ |KO| from its
159 * definition. Thus n ≤ |KO| ≤ |KO| × 8 < 2³², and so the
160 * requirement n ≤ 2³² − 1 must always hold.
161 */
163 }
165 /*
166 * a simplified version of
167 * "NIST Special Publication 800-108" section 5.1.
168 */
170 algorithm,
171 KI,
172 KI_len);
175 NT_STATUS_HMAC_NOT_SUPPORTED);
176 }
178 /* (This loop would make an excellent candidate for parallelization.) */
182 {
184 FixedData,
185 FixedData_len,
186 Label,
187 Label_len,
188 Context,
189 Context_len,
190 L,
191 i,
195 }
196 }
199 /* Get the last little bit. */
202 FixedData,
203 FixedData_len,
204 Label,
205 Label_len,
206 Context,
207 Context_len,
208 L,
209 i,
210 digest);
213 }
218 }
220 out:
223 }
225 /* Hide the evidence. */
227 }
230 }