*/
kdf_t public;
+ /**
+ * KDF type.
+ */
+ key_derivation_function_t type;
+
/**
* Name of the KDF algorithm in Botan.
*/
*/
chunk_t salt;
-#if BOTAN_VERSION_MAJOR == 2
/**
- * Used for a manual length check in get_bytes().
+ * Length of the hash output.
*/
size_t hash_size;
-#endif
};
METHOD(kdf_t, get_type, key_derivation_function_t,
private_kdf_t *this)
{
- return KDF_PRF_PLUS;
+ return this->type;
}
METHOD(kdf_t, get_length, size_t,
private_kdf_t *this)
{
- return SIZE_MAX;
+ if (this->type == KDF_PRF_PLUS)
+ {
+ return SIZE_MAX;
+ }
+ return this->hash_size;
}
METHOD(kdf_t, get_bytes, bool,
private_kdf_t *this, size_t out_len, uint8_t *buffer)
{
+ if (this->type == KDF_PRF)
+ {
+ if (out_len != get_length(this) ||
+ botan_kdf(this->name, buffer, out_len, this->key.ptr, this->key.len,
+ this->salt.ptr, this->salt.len, NULL, 0))
+ {
+ return FALSE;
+ }
+ return TRUE;
+ }
+
#if BOTAN_VERSION_MAJOR == 2
/* Botan 2 doesn't check the length, just silently prevents wrapping the
* counter and returns truncated output, so do this manually */
METHOD(kdf_t, allocate_bytes, bool,
private_kdf_t *this, size_t out_len, chunk_t *chunk)
{
+ if (this->type == KDF_PRF)
+ {
+ out_len = out_len ?: get_length(this);
+ }
+
*chunk = chunk_alloc(out_len);
if (!get_bytes(this, out_len, chunk->ptr))
private_kdf_t *this;
pseudo_random_function_t prf_alg;
const char *hash_name;
- char *name, buf[8];
+ char *name, buf[HASH_SIZE_SHA512];
- if (algo != KDF_PRF_PLUS)
+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS)
{
return NULL;
}
{
return NULL;
}
- if (asprintf(&name, "HKDF-Expand(%s)", hash_name) <= 0)
+ if (algo == KDF_PRF)
+ {
+ if (asprintf(&name, "HKDF-Extract(%s)", hash_name) <= 0)
+ {
+ return NULL;
+ }
+ }
+ else if (asprintf(&name, "HKDF-Expand(%s)", hash_name) <= 0)
{
return NULL;
}
.set_param = _set_param,
.destroy = _destroy,
},
+ .type = algo,
.name = name,
-#if BOTAN_VERSION_MAJOR == 2
.hash_size = hasher_hash_size(hasher_algorithm_from_prf(prf_alg)),
-#endif
);
/* test if we can actually use the algorithm */
- if (!get_bytes(this, sizeof(buf), buf))
+ if (!get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf))
{
destroy(this);
return NULL;
projects / thirdparty / strongswan.git / commitdiff
