tls-hkdf: Add helper method to allocate data from the internal PRF
authorTobias Brunner <tobias@strongswan.org>
Tue, 25 Aug 2020 14:44:17 +0000 (16:44 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Feb 2021 10:45:44 +0000 (11:45 +0100)
src/libtls/tls_hkdf.c
src/libtls/tls_hkdf.h

index 4da511b..566916a 100644 (file)
@@ -485,6 +485,14 @@ METHOD(tls_hkdf_t, derive_finished, bool,
                                                                 finished);
 }
 
+METHOD(tls_hkdf_t, allocate_bytes, bool,
+       private_tls_hkdf_t *this, chunk_t key, chunk_t seed,
+       chunk_t *out)
+{
+       return this->prf->set_key(this->prf, key) &&
+                  this->prf->allocate_bytes(this->prf, seed, out);
+}
+
 METHOD(tls_hkdf_t, destroy, void,
        private_tls_hkdf_t *this)
 {
@@ -525,6 +533,7 @@ tls_hkdf_t *tls_hkdf_create(hash_algorithm_t hash_algorithm, chunk_t psk)
                        .derive_key = _derive_key,
                        .derive_iv = _derive_iv,
                        .derive_finished = _derive_finished,
+                       .allocate_bytes = _allocate_bytes,
                        .destroy = _destroy,
                },
                .phase = HKDF_PHASE_0,
index 7debf06..5a8a77f 100644 (file)
@@ -112,6 +112,19 @@ struct tls_hkdf_t {
                                                        chunk_t *finished);
 
        /**
+        * Use the internal PRF to allocate data (mainly for the finished message
+        * where the key is from derive_finished() and the seed is the transcript
+        * hash).
+        *
+        * @param key                           key to use with the PRF
+        * @param seed                          seed to use with the PRF
+        * @param out                           output from the PRF (allocated)
+        * @return                                      TRUE if output was generated
+        */
+       bool (*allocate_bytes)(tls_hkdf_t *this, chunk_t key, chunk_t seed,
+                                                  chunk_t *out);
+
+       /**
         * Destroy a tls_hkdf_t
         */
        void (*destroy)(tls_hkdf_t *this);