KDF code

author: Nils Durner <durner@gnunet.org> 2010-10-03 13:29:09 +0000
committer: Nils Durner <durner@gnunet.org> 2010-10-03 13:29:09 +0000
commit: 9d9853441df5b565f6932fcf7fbb156b2d929392 (patch)
tree: 87d09554c804030a48fe33e46206c91dc312bf12 /src/util/crypto_kdf.c
parent: b7c95147188502651e4cb2b60c7062137f73e878 (diff)
download: gnunet-9d9853441df5b565f6932fcf7fbb156b2d929392.tar.gz
gnunet-9d9853441df5b565f6932fcf7fbb156b2d929392.zip
1 files changed, 88 insertions, 0 deletions
diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c
new file mode 100644
index 000000000..785603c8c
--- /dev/null
+++ b/src/util/crypto_kdf.c
@@ -0,0 +1,88 @@
+/*
+     This file is part of GNUnet.
+     (C) 2010 Christian Grothoff (and other contributing authors)
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 2, or (at your
+     option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+     Boston, MA 02111-1307, USA.
+*/
+/**
+ * @file src/util/crypto_kdf.c
+ * @brief Key derivation
+ * @author Nils Durner
+ */
+#include <gcrypt.h>
+#include "platform.h"
+#include "gnunet_crypto_lib.h"
+/**
+ * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
+ * @param xts salt
+ * @param xts_len length of xts
+ * @param skm source key material
+ * @param skm_len length of skm
+ * @param argp va_list of void * & size_t pairs for context chunks
+ * @return GNUNET_YES on success
+ */
+int
+GNUNET_CRYPTO_kdf_v (void *result, const unsigned long long out_len,
+    const void *xts, const size_t xts_len, const void *skm,
+    const size_t skm_len, va_list argp)
+{
+  /*
+   "Finally, we point out to a particularly advantageous instantiation using
+    HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from SHA-512 is
+    truncated to 256 bits). This makes sense in two ways: First, the extraction part is where we need a
+    stronger hash function due to the unconventional demand from the hash function in the extraction
+    setting. Second, as shown in Section 6, using HMAC with a truncated output as an extractor
+    allows to prove the security of HKDF under considerably weaker assumptions on the underlying
+    hash function."
+   http://eprint.iacr.org/2010/264
+   */
+  return GNUNET_CRYPTO_hkdf_v (result, out_len, GCRY_MD_SHA512, GCRY_MD_SHA256,
+      xts, xts_len, skm, skm_len, argp);
+}
+/**
+ * @brief Derive key
+ * @param result buffer for the derived key, allocated by caller
+ * @param out_len desired length of the derived key
+ * @param xts salt
+ * @param xts_len length of xts
+ * @param skm source key material
+ * @param skm_len length of skm
+ * @param ... void * & size_t pairs for context chunks
+ * @return GNUNET_YES on success
+ */
+int
+GNUNET_CRYPTO_kdf (void *result, const unsigned long long out_len,
+    const void *xts, const size_t xts_len, const void *skm,
+    const size_t skm_len, ...)
+{
+  va_list argp;
+  int ret;
+  va_start(argp, skm_len);
+  ret = GNUNET_CRYPTO_kdf_v (result, out_len, xts, xts_len, skm, skm_len, argp);
+  va_end(argp);
+  return ret;
+}
author	Nils Durner <durner@gnunet.org>	2010-10-03 13:29:09 +0000
committer	Nils Durner <durner@gnunet.org>	2010-10-03 13:29:09 +0000
commit	9d9853441df5b565f6932fcf7fbb156b2d929392 (patch)
tree	87d09554c804030a48fe33e46206c91dc312bf12 /src/util/crypto_kdf.c
parent	b7c95147188502651e4cb2b60c7062137f73e878 (diff)
download	gnunet-9d9853441df5b565f6932fcf7fbb156b2d929392.tar.gz gnunet-9d9853441df5b565f6932fcf7fbb156b2d929392.zip

diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c new file mode 100644 index 000000000..785603c8c --- /dev/null +++ b/src/util/crypto_kdf.c
@@ -0,0 +1,88 @@
	1	/*
	2	This file is part of GNUnet.
	3	(C) 2010 Christian Grothoff (and other contributing authors)
	4
	5	GNUnet is free software; you can redistribute it and/or modify
	6	it under the terms of the GNU General Public License as published
	7	by the Free Software Foundation; either version 2, or (at your
	8	option) any later version.
	9
	10	GNUnet is distributed in the hope that it will be useful, but
	11	WITHOUT ANY WARRANTY; without even the implied warranty of
	12	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	General Public License for more details.
	14
	15	You should have received a copy of the GNU General Public License
	16	along with GNUnet; see the file COPYING. If not, write to the
	17	Free Software Foundation, Inc., 59 Temple Place - Suite 330,
	18	Boston, MA 02111-1307, USA.
	19	*/
	20
	21	/**
	22	* @file src/util/crypto_kdf.c
	23	* @brief Key derivation
	24	* @author Nils Durner
	25	*/
	26
	27	#include <gcrypt.h>
	28
	29	#include "platform.h"
	30	#include "gnunet_crypto_lib.h"
	31
	32	/**
	33	* @brief Derive key
	34	* @param result buffer for the derived key, allocated by caller
	35	* @param out_len desired length of the derived key
	36	* @param xts salt
	37	* @param xts_len length of xts
	38	* @param skm source key material
	39	* @param skm_len length of skm
	40	* @param argp va_list of void * & size_t pairs for context chunks
	41	* @return GNUNET_YES on success
	42	*/
	43	int
	44	GNUNET_CRYPTO_kdf_v (void *result, const unsigned long long out_len,
	45	const void xts, const size_t xts_len, const void skm,
	46	const size_t skm_len, va_list argp)
	47	{
	48	/*
	49	"Finally, we point out to a particularly advantageous instantiation using
	50	HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from SHA-512 is
	51	truncated to 256 bits). This makes sense in two ways: First, the extraction part is where we need a
	52	stronger hash function due to the unconventional demand from the hash function in the extraction
	53	setting. Second, as shown in Section 6, using HMAC with a truncated output as an extractor
	54	allows to prove the security of HKDF under considerably weaker assumptions on the underlying
	55	hash function."
	56
	57	http://eprint.iacr.org/2010/264
	58	*/
	59
	60	return GNUNET_CRYPTO_hkdf_v (result, out_len, GCRY_MD_SHA512, GCRY_MD_SHA256,
	61	xts, xts_len, skm, skm_len, argp);
	62	}
	63
	64	/**
	65	* @brief Derive key
	66	* @param result buffer for the derived key, allocated by caller
	67	* @param out_len desired length of the derived key
	68	* @param xts salt
	69	* @param xts_len length of xts
	70	* @param skm source key material
	71	* @param skm_len length of skm
	72	* @param ... void * & size_t pairs for context chunks
	73	* @return GNUNET_YES on success
	74	*/
	75	int
	76	GNUNET_CRYPTO_kdf (void *result, const unsigned long long out_len,
	77	const void xts, const size_t xts_len, const void skm,
	78	const size_t skm_len, ...)
	79	{
	80	va_list argp;
	81	int ret;
	82
	83	va_start(argp, skm_len);
	84	ret = GNUNET_CRYPTO_kdf_v (result, out_len, xts, xts_len, skm, skm_len, argp);
	85	va_end(argp);
	86
	87	return ret;
	88	}