From fac04b76f8b2b0505a5ed434d971ba8355e8eb77 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Fri, 26 Jul 2024 22:42:37 +0800 Subject: [PATCH] Update HKDF API --- include/gmssl/hkdf.h | 4 ++-- src/hkdf.c | 49 +++++++++++++++----------------------------- 2 files changed, 18 insertions(+), 35 deletions(-) diff --git a/include/gmssl/hkdf.h b/include/gmssl/hkdf.h index bbefded3..6fc03bb9 100644 --- a/include/gmssl/hkdf.h +++ b/include/gmssl/hkdf.h @@ -32,9 +32,9 @@ int hkdf_expand(const DIGEST *digest, const uint8_t *prk, size_t prklen, int sm3_hkdf_extract(const uint8_t *salt, size_t saltlen, const uint8_t *ikm, size_t ikmlen, - uint8_t *prk, size_t *prklen); + uint8_t prk[32]); -int sm3_hkdf_expand(const uint8_t *prk, size_t prklen, +int sm3_hkdf_expand(const uint8_t prk[32], const uint8_t *opt_info, size_t opt_infolen, size_t L, uint8_t *okm); diff --git a/src/hkdf.c b/src/hkdf.c index b5514e5f..d09b8d0c 100644 --- a/src/hkdf.c +++ b/src/hkdf.c @@ -123,36 +123,26 @@ int hkdf_expand(const DIGEST *digest, const uint8_t *prk, size_t prklen, return 1; } -/* int sm3_hkdf_extract(const uint8_t *salt, size_t saltlen, const uint8_t *ikm, size_t ikmlen, - uint8_t *prk, size_t *prklen) + uint8_t prk[32]) { SM3_HMAC_CTX hmac_ctx; if (!salt || saltlen == 0) { uint8_t zeros[SM3_HMAC_SIZE] = {0}; - if (sm3_hmac_init(&hmac_ctx, zeros, SM3_HMAC_SIZE) != 1) { - error_print(); - return -1; - } + sm3_hmac_init(&hmac_ctx, zeros, SM3_HMAC_SIZE); } else { - if (sm3_hmac_init(&hmac_ctx, salt, saltlen) != 1) { - error_print(); - return -1; - } + sm3_hmac_init(&hmac_ctx, salt, saltlen); } - if (sm3_hmac_update(&hmac_ctx, ikm, ikmlen) != 1 - || sm3_hmac_finish(&hmac_ctx, prk) != 1) { - error_print(); - return -1; - } - *prklen = SM3_HMAC_SIZE; + sm3_hmac_update(&hmac_ctx, ikm, ikmlen); + sm3_hmac_finish(&hmac_ctx, prk); return 1; } -int sm3_hkdf_expand(const uint8_t *prk, size_t prklen, +// the expand can only be called once, if we want to expand multi times, the API should be changed +int sm3_hkdf_expand(const uint8_t prk[32], const uint8_t *opt_info, size_t opt_infolen, size_t L, uint8_t *okm) { @@ -162,13 +152,10 @@ int sm3_hkdf_expand(const uint8_t *prk, size_t prklen, size_t len; if (L > 0) { - if (sm3_hmac_init(&hmac_ctx, prk, prklen) != 1 - || sm3_hmac_update(&hmac_ctx, opt_info, opt_infolen) < 0 - || sm3_hmac_update(&hmac_ctx, &counter, 1) != 1 - || sm3_hmac_finish(&hmac_ctx, T) != 1) { - error_print(); - return -1; - } + sm3_hmac_init(&hmac_ctx, prk, 32); + sm3_hmac_update(&hmac_ctx, opt_info, opt_infolen); + sm3_hmac_update(&hmac_ctx, &counter, 1); + sm3_hmac_finish(&hmac_ctx, T); counter++; len = SM3_HMAC_SIZE; if (len > L) { @@ -183,14 +170,11 @@ int sm3_hkdf_expand(const uint8_t *prk, size_t prklen, error_print(); return -1; } - if (sm3_hmac_init(&hmac_ctx, digest, prk, prklen) != 1 - || sm3_hmac_update(&hmac_ctx, T, len) != 1 - || sm3_hmac_update(&hmac_ctx, opt_info, opt_infolen) < 0 - || sm3_hmac_update(&hmac_ctx, &counter, 1) != 1 - || sm3_hmac_finish(&hmac_ctx, T) != 1) { - error_print(); - return -1; - } + sm3_hmac_init(&hmac_ctx, prk, 32); + sm3_hmac_update(&hmac_ctx, T, len); + sm3_hmac_update(&hmac_ctx, opt_info, opt_infolen); + sm3_hmac_update(&hmac_ctx, &counter, 1); + sm3_hmac_finish(&hmac_ctx, T); counter++; len = SM3_HMAC_SIZE; if (len > L) { @@ -202,4 +186,3 @@ int sm3_hkdf_expand(const uint8_t *prk, size_t prklen, } return 1; } -*/