GH355: Implement HKDF

This patch implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. It is required to implement the QUIC and TLS 1.3 protocols (among others). Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-03-02 23:58:27 +00:00
parent b894054e3f
commit aacfb134be
13 changed files with 552 additions and 7 deletions
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -99,6 +99,7 @@
 # define EVP_PKEY_HMAC   NID_hmac
 # define EVP_PKEY_CMAC   NID_cmac
 # define EVP_PKEY_TLS1_PRF NID_tls1_prf
+# define EVP_PKEY_HKDF   NID_hkdf

 #ifdef  __cplusplus
 extern "C" {
--- a/include/openssl/kdf.h
+++ b/include/openssl/kdf.h
@@ -61,6 +61,10 @@ extern "C" {
 # define EVP_PKEY_CTRL_TLS_MD       (EVP_PKEY_ALG_CTRL)
 # define EVP_PKEY_CTRL_TLS_SECRET   (EVP_PKEY_ALG_CTRL + 1)
 # define EVP_PKEY_CTRL_TLS_SEED     (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_HKDF_MD      (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_HKDF_SALT    (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_HKDF_KEY     (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_HKDF_INFO    (EVP_PKEY_ALG_CTRL + 6)

 # define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
@@ -74,6 +78,22 @@ extern "C" {
            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
                              EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)seed)

+# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_MD, 0, (void *)md)
+
+# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)salt)
+
+# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)key)
+
+# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)info)
+
 /* BEGIN ERROR CODES */
 /*
 * The following lines are auto generated by the script mkerr.pl. Any changes
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -4511,6 +4511,10 @@
 #define LN_tls1_prf             "tls1-prf"
 #define NID_tls1_prf            1021

+#define SN_hkdf         "HKDF"
+#define LN_hkdf         "hkdf"
+#define NID_hkdf                1036
+
 #define SN_id_pkinit            "id-pkinit"
 #define NID_id_pkinit           1031
 #define OBJ_id_pkinit           1L,3L,6L,1L,5L,2L,3L