From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 25 Aug 2020 14:44:17 +0000 (+0200)
Subject: tls-hkdf: Add helper method to allocate data from the internal PRF
X-Git-Tag: 5.9.2rc1~23^2~88
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a9f661f52a5a5e002a9b3fe1e66f2e77c9049ba3;p=thirdparty%2Fstrongswan.git

tls-hkdf: Add helper method to allocate data from the internal PRF
---

diff --git a/src/libtls/tls_hkdf.c b/src/libtls/tls_hkdf.c
index 4da511bfe1..566916a231 100644
--- a/src/libtls/tls_hkdf.c
+++ b/src/libtls/tls_hkdf.c
@@ -485,6 +485,14 @@ METHOD(tls_hkdf_t, derive_finished, bool,
 								 finished);
 }
 
+METHOD(tls_hkdf_t, allocate_bytes, bool,
+	private_tls_hkdf_t *this, chunk_t key, chunk_t seed,
+	chunk_t *out)
+{
+	return this->prf->set_key(this->prf, key) &&
+		   this->prf->allocate_bytes(this->prf, seed, out);
+}
+
 METHOD(tls_hkdf_t, destroy, void,
 	private_tls_hkdf_t *this)
 {
@@ -525,6 +533,7 @@ tls_hkdf_t *tls_hkdf_create(hash_algorithm_t hash_algorithm, chunk_t psk)
 			.derive_key = _derive_key,
 			.derive_iv = _derive_iv,
 			.derive_finished = _derive_finished,
+			.allocate_bytes = _allocate_bytes,
 			.destroy = _destroy,
 		},
 		.phase = HKDF_PHASE_0,
diff --git a/src/libtls/tls_hkdf.h b/src/libtls/tls_hkdf.h
index 7debf062df..5a8a77f5b7 100644
--- a/src/libtls/tls_hkdf.h
+++ b/src/libtls/tls_hkdf.h
@@ -111,6 +111,19 @@ struct tls_hkdf_t {
 	bool (*derive_finished)(tls_hkdf_t *this, bool is_server,
 							chunk_t *finished);
 
+	/**
+	 * Use the internal PRF to allocate data (mainly for the finished message
+	 * where the key is from derive_finished() and the seed is the transcript
+	 * hash).
+	 *
+	 * @param key				key to use with the PRF
+	 * @param seed				seed to use with the PRF
+	 * @param out				output from the PRF (allocated)
+	 * @return					TRUE if output was generated
+	 */
+	bool (*allocate_bytes)(tls_hkdf_t *this, chunk_t key, chunk_t seed,
+						   chunk_t *out);
+
 	/**
 	 * Destroy a tls_hkdf_t
 	 */