[u/mdw/catacomb] / rand / tlsprf.c

/* -*-c-*-
 *
 * The TLS pseudo-random function
 *
 * (c) 2001 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Header files ------------------------------------------------------*/

#include <mLib/alloc.h>
#include <mLib/dstr.h>
#include <mLib/sub.h>

#include "arena.h"
#include "gmac.h"
#include "grand.h"
#include "paranoia.h"
#include "tlsprf.h"

/*----- The data expansion function ---------------------------------------*/

/* --- @tlsdx_init@ --- *
 *
 * Arguments:	@tlsdx_ctx *c@ = pointer to a context
 *		@gmac *m@ = pointer to a generic MAC instance
 *		@const void *sd@ = pointer to the seed block
 *		@size_t sdsz@ = size of the seed block
 *
 * Returns:	---
 *
 * Use:		Initializes a context for the TLS data expansion function.
 *		This doesn't take ownership of the MAC instance or the seed
 *		memory, nor does it allocate copies.
 */

void tlsdx_init(tlsdx_ctx *c, gmac *m, const void *sd, size_t sdsz)
{
  c->k = m;
  c->hashsz = GM_CLASS(c->k)->hashsz;
  c->sd = sd; c->sdsz = sdsz;

  c->i = GM_INIT(c->k);
  GH_HASH(c->i, sd, sdsz);
  c->ai = GH_DONE(c->i, 0);
  c->o = GM_INIT(c->k);
  GH_HASH(c->o, c->ai, c->hashsz);
  GH_HASH(c->o, sd, sdsz);
  c->p = GH_DONE(c->o, 0);
  c->sz = c->hashsz;
}

/* --- @tlsdx_encrypt@ --- *
 *
 * Arguments:	@tlsdx_ctx *c@ = pointer to a context
 *		@const void *src@ = pointer to source data
 *		@void *dest@ = pointer to destination buffer
 *		@size_t sz@ = size of buffer
 *
 * Returns:	---
 *
 * Use:		Encrypts data using the TLS data expansion function.  If the
 *		destination pointer is null, the generator is spun and no
 *		output is produced; if the source pointer is null, raw output
 *		from the generator is written; otherwise, the source data is
 *		XORed with the generator output.
 */

void tlsdx_encrypt(tlsdx_ctx *c, const void *src, void *dest, size_t sz)
{
  const octet *s = src;
  octet *d = dest;
  ghash *h;
  size_t i;
  size_t n;

  while (sz) {
    if (c->sz)
      n = c->sz;
    else {
      h = GM_INIT(c->k);
      GH_HASH(h, c->ai, c->hashsz);
      c->ai = GH_DONE(h, 0);
      GH_DESTROY(c->i);
      c->i = h;
      GH_DESTROY(c->o);
      h = c->o = GM_INIT(c->k);
      GH_HASH(h, c->ai, c->hashsz);
      GH_HASH(h, c->sd, c->sdsz);
      c->p = GH_DONE(h, 0);
      c->sz = n = c->hashsz;
    }
    if (n > sz)
      n = sz;
    if (d) {
      if (!s)
	memcpy(d, c->p, n);
      else {
	for (i = 0; i < n; i++) d[i] = s[i] ^ c->p[i];
	s += n;
      }
      d += n;
    }
    c->p += n;
    c->sz -= n;
    sz -= n;
  }
}

/* --- @tlsdx_free@ --- *
 *
 * Arguments:	@tlsdx_ctx *c@ = pointer to the context block
 *
 * Returns:	---
 *
 * Use:		Frees a context for the TLS data expansion function
 */

void tlsdx_free(tlsdx_ctx *c)
{
  GH_DESTROY(c->i);
  GH_DESTROY(c->o);
}

/* --- Generic random number generator --- */

typedef struct dx_grctx {
  grand r;
  grand_ops ops;
  tlsdx_ctx dx;
} dx_grctx;

static void dx_grdestroy(grand *r)
{
  dx_grctx *g = (dx_grctx *)r;
  xfree((char *)g->ops.name);
  xfree((octet *)g->dx.sd);
  g->dx.k->ops->destroy(g->dx.k);
  tlsdx_free(&g->dx);
  BURN(*g);
  S_DESTROY(g);
}

static void dx_seed(dx_grctx *g, const void *p, size_t sz)
{
  octet *q;
  xfree((octet *)g->dx.sd);
  g->dx.sd = q = xmalloc(sz);
  memcpy(q, p, sz);
  g->dx.sdsz = sz;
}

static int dx_grmisc(grand *r, unsigned op, ...)
{
  dx_grctx *g = (dx_grctx *)r;
  va_list ap;
  int rc = 0;
  uint32 i;
  octet buf[4];
  va_start(ap, op);

  switch (op) {
    case GRAND_CHECK:
      switch (va_arg(ap, unsigned)) {
	case GRAND_CHECK:
	case GRAND_SEEDINT:
	case GRAND_SEEDUINT32:
	case GRAND_SEEDBLOCK:
	case GRAND_SEEDRAND:
	  rc = 1;
	  break;
	default:
	  rc = 0;
	  break;
      }
      break;
    case GRAND_SEEDINT:
      i = va_arg(ap, unsigned);
      STORE32(buf, i);
      dx_seed(g, buf, sizeof(buf));
      break;
    case GRAND_SEEDUINT32:
      i = va_arg(ap, uint32);
      STORE32(buf, i);
      dx_seed(g, buf, sizeof(buf));
      break;
    case GRAND_SEEDBLOCK: {
      const void *p = va_arg(ap, const void *);
      size_t sz = va_arg(ap, size_t);
      dx_seed(g, p, sz);
    } break;
    case GRAND_SEEDRAND: {
      grand *rr = va_arg(ap, grand *);
      octet buf[16];
      rr->ops->fill(rr, buf, sizeof(buf));
      dx_seed(g, buf, sizeof(buf));
    } break;
    default:
      GRAND_BADOP;
      break;
  }

  va_end(ap);
  return (rc);
}

static octet dx_grbyte(grand *r)
{
  dx_grctx *g = (dx_grctx *)r;
  octet o;
  tlsdx_encrypt(&g->dx, 0, &o, 1);
  return (o);
}

static uint32 dx_grword(grand *r)
{
  dx_grctx *g = (dx_grctx *)r;
  octet b[4];
  tlsdx_encrypt(&g->dx, 0, &b, sizeof(b));
  return (LOAD32(b));
}

static void dx_grfill(grand *r, void *p, size_t sz)
{
  dx_grctx *g = (dx_grctx *)r;
  tlsdx_encrypt(&g->dx, 0, p, sz);
}

static const grand_ops dx_grops = {
  "<tlsdx-dummy>",
  GRAND_CRYPTO, 0,
  dx_grmisc, dx_grdestroy,
  dx_grword, dx_grbyte, dx_grword, grand_range, dx_grfill
};

/* ---@tlsdx_rand@ --- *
 *
 * Arguments:	@const gcmac *mc@ = MAC function to use
 *		@const void *k@ = pointer to the key material
 *		@size_t ksz@ = size of the key material
 *		@const void *sd@ = pointer to the seed material
 *		@size_t sdsz@ = size of the seed material
 *
 * Returns:	Pointer to generic random number generator interface.
 *
 * Use:		Creates a generic generator which does TLS data expansion.
 */

grand *tlsdx_rand(const gcmac *mc, const void *k, size_t ksz,
		  const void *sd, size_t sdsz)
{
  dx_grctx *g = S_CREATE(dx_grctx);
  dstr d = DSTR_INIT;
  gmac *m = GM_KEY(mc, k, ksz);
  octet *q = xmalloc(sdsz);
  memcpy(q, sd, sdsz);
  dstr_putf(&d, "tlsdx(%s)", mc->name);
  g->ops = dx_grops;
  g->ops.name = xstrdup(d.buf);
  g->r.ops = &g->ops;
  dstr_destroy(&d);
  tlsdx_init(&g->dx, m, q, sdsz);
  return (&g->r);
}

/* --- The actual very paranoid PRF ---------------------------------------*/

/* --- @tlsprf_init@ --- *
 *
 * Arguments:	@tlsprf_ctx *c@ = pointer to context block
 *		@const gcmac *mcx, *mcy@ = left and right MAC functions
 *		@const void *k@ = pointer to the key material
 *		@size_t ksz@ = size of the key material
 *		@const void *sd@ = pointer to the seed material
 *		@size_t sdsz@ = size of the seed material
 *
 * Returns:	---
 *
 * Use:		Initializes a TLS PRF context.
 */

void tlsprf_init(tlsprf_ctx *c, const gcmac *mcx, const gcmac *mcy,
		 const void *k, size_t ksz, const void *sd, size_t sdsz)
{
  size_t n = (ksz + 1)/2;
  const octet *kk = k;
  tlsdx_init(&c->px, mcx->key(kk, n), sd, sdsz);
  tlsdx_init(&c->py, mcy->key(kk + ksz - n, n), sd, sdsz);
}

/* --- @tlsprf_encrypt@ --- *
 *
 * Arguments:	@tlsprf_ctx *c@ = pointer to a context
 *		@const void *src@ = pointer to source data
 *		@void *dest@ = pointer to destination buffer
 *		@size_t sz@ = size of buffer
 *
 * Returns:	---
 *
 * Use:		Encrypts data using the TLS pseudo-random function.  If the
 *		destination pointer is null, the generator is spun and no
 *		output is produced; if the source pointer is null, raw output
 *		from the generator is written; otherwise, the source data is
 *		XORed with the generator output.
 */

void tlsprf_encrypt(tlsprf_ctx *c, const void *src, void *dest, size_t sz)
{
  tlsdx_encrypt(&c->px, src, dest, sz);
  tlsdx_encrypt(&c->py, dest, dest, sz);
}

/* --- @tlsprf_free@ --- *
 *
 * Arguments:	@tlsprf_ctx *c@ = pointer to a context
 *
 * Returns:	---
 *
 * Use:		Frees a TLS PRF context.
 */

void tlsprf_free(tlsprf_ctx *c)
{
  c->px.k->ops->destroy(c->px.k);
  c->py.k->ops->destroy(c->py.k);
  tlsdx_free(&c->px);
  tlsdx_free(&c->py);
}

/* --- Generic random number generator --- */

typedef struct prf_grctx {
  grand r;
  grand_ops ops;
  tlsprf_ctx prf;
} prf_grctx;

static void prf_grdestroy(grand *r)
{
  prf_grctx *g = (prf_grctx *)r;
  xfree((char *)g->ops.name);
  xfree((octet *)g->prf.px.sd);
  tlsprf_free(&g->prf);
  BURN(*g);
  S_DESTROY(g);
}

static void prf_seed(prf_grctx *g, const void *p, size_t sz)
{
  octet *q;

  xfree((octet *)g->prf.px.sz);
  g->prf.px.sd = g->prf.py.sd = q = xmalloc(sz);
  memcpy(q, p, sz);
  g->prf.px.sdsz = g->prf.py.sdsz = sz;
}

static int prf_grmisc(grand *r, unsigned op, ...)
{
  prf_grctx *g = (prf_grctx *)r;
  va_list ap;
  int rc = 0;
  uint32 i;
  octet buf[4];
  va_start(ap, op);

  switch (op) {
    case GRAND_CHECK:
      switch (va_arg(ap, unsigned)) {
	case GRAND_CHECK:
	case GRAND_SEEDINT:
	case GRAND_SEEDUINT32:
	case GRAND_SEEDBLOCK:
	case GRAND_SEEDRAND:
	  rc = 1;
	  break;
	default:
	  rc = 0;
	  break;
      }
      break;
    case GRAND_SEEDINT:
      i = va_arg(ap, unsigned);
      STORE32(buf, i);
      prf_seed(g, buf, sizeof(buf));
      break;
    case GRAND_SEEDUINT32:
      i = va_arg(ap, uint32);
      STORE32(buf, i);
      prf_seed(g, buf, sizeof(buf));
      break;
    case GRAND_SEEDBLOCK: {
      const void *p = va_arg(ap, const void *);
      size_t sz = va_arg(ap, size_t);
      prf_seed(g, p, sz);
    } break;
    case GRAND_SEEDRAND: {
      grand *rr = va_arg(ap, grand *);
      octet buf[16];
      rr->ops->fill(rr, buf, sizeof(buf));
      prf_seed(g, buf, sizeof(buf));
    } break;
    default:
      GRAND_BADOP;
      break;
  }

  va_end(ap);
  return (rc);
}

static octet prf_grbyte(grand *r)
{
  prf_grctx *g = (prf_grctx *)r;
  octet o;
  tlsprf_encrypt(&g->prf, 0, &o, 1);
  return (o);
}

static uint32 prf_grword(grand *r)
{
  prf_grctx *g = (prf_grctx *)r;
  octet b[4];
  tlsprf_encrypt(&g->prf, 0, &b, sizeof(b));
  return (LOAD32(b));
}

static void prf_grfill(grand *r, void *p, size_t sz)
{
  prf_grctx *g = (prf_grctx *)r;
  tlsprf_encrypt(&g->prf, 0, p, sz);
}

static const grand_ops prf_grops = {
  "<tlsprf-dummy>",
  GRAND_CRYPTO, 0,
  prf_grmisc, prf_grdestroy,
  prf_grword, prf_grbyte, prf_grword, grand_range, prf_grfill
};

/* ---@tlsprf_rand@ --- *
 *
 * Arguments:	@const gcmac *mcx, *mcy@ = MAC function to use
 *		@const void *k@ = pointer to the key material
 *		@size_t ksz@ = size of the key material
 *		@const void *sd@ = pointer to the seed material
 *		@size_t sdsz@ = size of the seed material
 *
 * Returns:	Pointer to generic random number generator interface.
 *
 * Use:		Creates a generic generator which does TLS data expansion.
 */

grand *tlsprf_rand(const gcmac *mcx, const gcmac *mcy,
		   const void *k, size_t ksz, const void *sd, size_t sdsz)
{
  prf_grctx *g = S_CREATE(prf_grctx);
  dstr d = DSTR_INIT;
  octet *q = xmalloc(sdsz);
  memcpy(q, sd, sdsz);
  dstr_putf(&d, "tlsprf(%s,%s)", mcx->name, mcy->name);
  g->ops = prf_grops;
  g->ops.name = xstrdup(d.buf);
  g->r.ops = &g->ops;
  dstr_destroy(&d);
  tlsprf_init(&g->prf, mcx, mcy, k, ksz, q, sdsz);
  return (&g->r);
}

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

#include <stdio.h>
#include <string.h>

#include <mLib/quis.h>
#include <mLib/testrig.h>

#include "sha-hmac.h"
#include "md5-hmac.h"

static int v_generate(dstr *v)
{
  grand *g;
  dstr d = DSTR_INIT;
  int ok = 1;

  g = tlsprf_rand(&md5_hmac, &sha_hmac,
		  v[0].buf, v[0].len, v[1].buf, v[1].len);
  dstr_ensure(&d, v[2].len);
  d.len = v[2].len;
  g->ops->fill(g, d.buf, d.len);
  g->ops->destroy(g);
  if (memcmp(v[2].buf, d.buf, d.len) != 0) {
    ok = 0;
    printf("\nfail tlsprf:"
	   "\n\tkey	   = ");
    type_hex.dump(&v[0], stdout);
    printf("\n\tseed	   = "); type_hex.dump(&v[1], stdout);
    printf("\n\texpected   = "); type_hex.dump(&v[2], stdout);
    printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
    putchar('\n');
  }
  return (ok);
}

static test_chunk defs[] = {
  { "tlsprf", v_generate, { &type_hex, &type_hex, &type_hex, 0 } },
  { 0, 0, { 0 } }
};

int main(int argc, char *argv[])
{
  test_run(argc, argv, defs, SRCDIR"/t/tlsprf");
  return (0);
}

#endif

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
d83a82be	1	/* --c--
d83a82be	2	*
d83a82be	3	* The TLS pseudo-random function
	4	*
	5	* (c) 2001 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
d83a82be	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
d83a82be	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
d83a82be	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
d83a82be	28	/----- Header files ------------------------------------------------------/
	29
	30	#include <mLib/alloc.h>
	31	#include <mLib/dstr.h>
	32	#include <mLib/sub.h>
	33
	34	#include "arena.h"
	35	#include "gmac.h"
	36	#include "grand.h"
	37	#include "paranoia.h"
	38	#include "tlsprf.h"
	39
	40	/----- The data expansion function ---------------------------------------/
	41
	42	/* --- @tlsdx_init@ --- *
	43	*
	44	* Arguments: @tlsdx_ctx *c@ = pointer to a context
	45	* @gmac *m@ = pointer to a generic MAC instance
	46	* @const void *sd@ = pointer to the seed block
	47	* @size_t sdsz@ = size of the seed block
	48	*
	49	* Returns: ---
	50	*
	51	* Use: Initializes a context for the TLS data expansion function.
	52	* This doesn't take ownership of the MAC instance or the seed
	53	* memory, nor does it allocate copies.
	54	*/
	55
	56	void tlsdx_init(tlsdx_ctx c, gmac m, const void *sd, size_t sdsz)
	57	{
	58	c->k = m;
b817bfc6	59	c->hashsz = GM_CLASS(c->k)->hashsz;
d83a82be	60	c->sd = sd; c->sdsz = sdsz;
55fae6a7	61
b817bfc6	62	c->i = GM_INIT(c->k);
	63	GH_HASH(c->i, sd, sdsz);
	64	c->ai = GH_DONE(c->i, 0);
	65	c->o = GM_INIT(c->k);
	66	GH_HASH(c->o, c->ai, c->hashsz);
	67	GH_HASH(c->o, sd, sdsz);
	68	c->p = GH_DONE(c->o, 0);
d83a82be	69	c->sz = c->hashsz;
	70	}
	71
	72	/* --- @tlsdx_encrypt@ --- *
	73	*
	74	* Arguments: @tlsdx_ctx *c@ = pointer to a context
	75	* @const void *src@ = pointer to source data
	76	* @void *dest@ = pointer to destination buffer
	77	* @size_t sz@ = size of buffer
	78	*
	79	* Returns: ---
	80	*
	81	* Use: Encrypts data using the TLS data expansion function. If the
	82	* destination pointer is null, the generator is spun and no
	83	* output is produced; if the source pointer is null, raw output
	84	* from the generator is written; otherwise, the source data is
	85	* XORed with the generator output.
	86	*/
	87
	88	void tlsdx_encrypt(tlsdx_ctx c, const void src, void *dest, size_t sz)
	89	{
	90	const octet *s = src;
	91	octet *d = dest;
	92	ghash *h;
	93	size_t i;
	94	size_t n;
	95
	96	while (sz) {
	97	if (c->sz)
	98	n = c->sz;
	99	else {
b817bfc6	100	h = GM_INIT(c->k);
	101	GH_HASH(h, c->ai, c->hashsz);
	102	c->ai = GH_DONE(h, 0);
	103	GH_DESTROY(c->i);
d83a82be	104	c->i = h;
b817bfc6	105	GH_DESTROY(c->o);
	106	h = c->o = GM_INIT(c->k);
	107	GH_HASH(h, c->ai, c->hashsz);
	108	GH_HASH(h, c->sd, c->sdsz);
	109	c->p = GH_DONE(h, 0);
d83a82be	110	c->sz = n = c->hashsz;
	111	}
	112	if (n > sz)
	113	n = sz;
	114	if (d) {
	115	if (!s)
	116	memcpy(d, c->p, n);
	117	else {
	118	for (i = 0; i < n; i++) d[i] = s[i] ^ c->p[i];
	119	s += n;
	120	}
	121	d += n;
	122	}
	123	c->p += n;
	124	c->sz -= n;
	125	sz -= n;
	126	}
	127	}
	128
	129	/* --- @tlsdx_free@ --- *
	130	*
	131	* Arguments: @tlsdx_ctx *c@ = pointer to the context block
	132	*
	133	* Returns: ---
	134	*
	135	* Use: Frees a context for the TLS data expansion function
	136	*/
	137
	138	void tlsdx_free(tlsdx_ctx *c)
	139	{
b817bfc6	140	GH_DESTROY(c->i);
b817bfc6	141	GH_DESTROY(c->o);
d83a82be	142	}
	143
	144	/* --- Generic random number generator --- */
	145
	146	typedef struct dx_grctx {
	147	grand r;
	148	grand_ops ops;
	149	tlsdx_ctx dx;
	150	} dx_grctx;
	151
	152	static void dx_grdestroy(grand *r)
	153	{
	154	dx_grctx g = (dx_grctx )r;
	155	xfree((char *)g->ops.name);
	156	xfree((octet *)g->dx.sd);
	157	g->dx.k->ops->destroy(g->dx.k);
	158	tlsdx_free(&g->dx);
	159	BURN(*g);
	160	S_DESTROY(g);
	161	}
	162
	163	static void dx_seed(dx_grctx g, const void p, size_t sz)
	164	{
	165	octet *q;
	166	xfree((octet *)g->dx.sd);
	167	g->dx.sd = q = xmalloc(sz);
	168	memcpy(q, p, sz);
	169	g->dx.sdsz = sz;
	170	}
	171
	172	static int dx_grmisc(grand *r, unsigned op, ...)
	173	{
	174	dx_grctx g = (dx_grctx )r;
	175	va_list ap;
	176	int rc = 0;
	177	uint32 i;
	178	octet buf[4];
	179	va_start(ap, op);
	180
	181	switch (op) {
	182	case GRAND_CHECK:
	183	switch (va_arg(ap, unsigned)) {
	184	case GRAND_CHECK:
	185	case GRAND_SEEDINT:
	186	case GRAND_SEEDUINT32:
	187	case GRAND_SEEDBLOCK:
	188	case GRAND_SEEDRAND:
	189	rc = 1;
	190	break;
	191	default:
	192	rc = 0;
	193	break;
	194	}
	195	break;
	196	case GRAND_SEEDINT:
	197	i = va_arg(ap, unsigned);
	198	STORE32(buf, i);
	199	dx_seed(g, buf, sizeof(buf));
	200	break;
	201	case GRAND_SEEDUINT32:
	202	i = va_arg(ap, uint32);
	203	STORE32(buf, i);
	204	dx_seed(g, buf, sizeof(buf));
	205	break;
206	case GRAND_SEEDBLOCK: {
207	const void p = va_arg(ap, const void );
208	size_t sz = va_arg(ap, size_t);
209	dx_seed(g, p, sz);
210	} break;
211	case GRAND_SEEDRAND: {
212	grand rr = va_arg(ap, grand );
213	octet buf[16];
214	rr->ops->fill(rr, buf, sizeof(buf));
215	dx_seed(g, buf, sizeof(buf));
216	} break;
217	default:
218	GRAND_BADOP;
45c0fd36	219	break;
d83a82be	220	}
	221
	222	va_end(ap);
	223	return (rc);
	224	}
	225
	226	static octet dx_grbyte(grand *r)
	227	{
	228	dx_grctx g = (dx_grctx )r;
	229	octet o;
	230	tlsdx_encrypt(&g->dx, 0, &o, 1);
	231	return (o);
	232	}
	233
	234	static uint32 dx_grword(grand *r)
	235	{
	236	dx_grctx g = (dx_grctx )r;
	237	octet b[4];
	238	tlsdx_encrypt(&g->dx, 0, &b, sizeof(b));
	239	return (LOAD32(b));
	240	}
	241
	242	static void dx_grfill(grand r, void p, size_t sz)
	243	{
	244	dx_grctx g = (dx_grctx )r;
	245	tlsdx_encrypt(&g->dx, 0, p, sz);
	246	}
	247
	248	static const grand_ops dx_grops = {
55fae6a7	249	"<tlsdx-dummy>",
d83a82be	250	GRAND_CRYPTO, 0,
	251	dx_grmisc, dx_grdestroy,
	252	dx_grword, dx_grbyte, dx_grword, grand_range, dx_grfill
	253	};
	254
	255	/* ---@tlsdx_rand@ --- *
	256	*
	257	* Arguments: @const gcmac *mc@ = MAC function to use
	258	* @const void *k@ = pointer to the key material
	259	* @size_t ksz@ = size of the key material
	260	* @const void *sd@ = pointer to the seed material
	261	* @size_t sdsz@ = size of the seed material
	262	*
	263	* Returns: Pointer to generic random number generator interface.
	264	*
	265	* Use: Creates a generic generator which does TLS data expansion.
	266	*/
	267
	268	grand tlsdx_rand(const gcmac mc, const void *k, size_t ksz,
	269	const void *sd, size_t sdsz)
	270	{
	271	dx_grctx *g = S_CREATE(dx_grctx);
	272	dstr d = DSTR_INIT;
b817bfc6	273	gmac *m = GM_KEY(mc, k, ksz);
d83a82be	274	octet *q = xmalloc(sdsz);
	275	memcpy(q, sd, sdsz);
	276	dstr_putf(&d, "tlsdx(%s)", mc->name);
	277	g->ops = dx_grops;
	278	g->ops.name = xstrdup(d.buf);
	279	g->r.ops = &g->ops;
	280	dstr_destroy(&d);
	281	tlsdx_init(&g->dx, m, q, sdsz);
	282	return (&g->r);
	283	}
	284
	285	/* --- The actual very paranoid PRF ---------------------------------------*/
	286
	287	/* --- @tlsprf_init@ --- *
	288	*
	289	* Arguments: @tlsprf_ctx *c@ = pointer to context block
	290	* @const gcmac mcx, mcy@ = left and right MAC functions
	291	* @const void *k@ = pointer to the key material
	292	* @size_t ksz@ = size of the key material
	293	* @const void *sd@ = pointer to the seed material
	294	* @size_t sdsz@ = size of the seed material
	295	*
	296	* Returns: ---
	297	*
	298	* Use: Initializes a TLS PRF context.
	299	*/
	300
	301	void tlsprf_init(tlsprf_ctx c, const gcmac mcx, const gcmac *mcy,
	302	const void k, size_t ksz, const void sd, size_t sdsz)
	303	{
	304	size_t n = (ksz + 1)/2;
	305	const octet *kk = k;
	306	tlsdx_init(&c->px, mcx->key(kk, n), sd, sdsz);
	307	tlsdx_init(&c->py, mcy->key(kk + ksz - n, n), sd, sdsz);
	308	}
	309
	310	/* --- @tlsprf_encrypt@ --- *
	311	*
	312	* Arguments: @tlsprf_ctx *c@ = pointer to a context
	313	* @const void *src@ = pointer to source data
	314	* @void *dest@ = pointer to destination buffer
	315	* @size_t sz@ = size of buffer
	316	*
	317	* Returns: ---
	318	*
	319	* Use: Encrypts data using the TLS pseudo-random function. If the
	320	* destination pointer is null, the generator is spun and no
	321	* output is produced; if the source pointer is null, raw output
	322	* from the generator is written; otherwise, the source data is
	323	* XORed with the generator output.
	324	*/
	325
	326	void tlsprf_encrypt(tlsprf_ctx c, const void src, void *dest, size_t sz)
	327	{
	328	tlsdx_encrypt(&c->px, src, dest, sz);
	329	tlsdx_encrypt(&c->py, dest, dest, sz);
	330	}
	331
	332	/* --- @tlsprf_free@ --- *
	333	*
	334	* Arguments: @tlsprf_ctx *c@ = pointer to a context
	335	*
	336	* Returns: ---
	337	*
338	* Use: Frees a TLS PRF context.
339	*/
340
341	void tlsprf_free(tlsprf_ctx *c)
342	{
343	c->px.k->ops->destroy(c->px.k);
344	c->py.k->ops->destroy(c->py.k);
345	tlsdx_free(&c->px);
346	tlsdx_free(&c->py);
347	}
348
349	/* --- Generic random number generator --- */
350
351	typedef struct prf_grctx {
352	grand r;
353	grand_ops ops;
354	tlsprf_ctx prf;
355	} prf_grctx;
356
357	static void prf_grdestroy(grand *r)
358	{
359	prf_grctx g = (prf_grctx )r;
360	xfree((char *)g->ops.name);
361	xfree((octet *)g->prf.px.sd);
362	tlsprf_free(&g->prf);
363	BURN(*g);
364	S_DESTROY(g);
365	}
366
367	static void prf_seed(prf_grctx g, const void p, size_t sz)
368	{
369	octet *q;
370
371	xfree((octet *)g->prf.px.sz);
372	g->prf.px.sd = g->prf.py.sd = q = xmalloc(sz);
373	memcpy(q, p, sz);
374	g->prf.px.sdsz = g->prf.py.sdsz = sz;
375	}
376
377	static int prf_grmisc(grand *r, unsigned op, ...)
378	{
379	prf_grctx g = (prf_grctx )r;
380	va_list ap;
381	int rc = 0;
382	uint32 i;
383	octet buf[4];
384	va_start(ap, op);
385
386	switch (op) {
387	case GRAND_CHECK:
388	switch (va_arg(ap, unsigned)) {
389	case GRAND_CHECK:
390	case GRAND_SEEDINT:
391	case GRAND_SEEDUINT32:
392	case GRAND_SEEDBLOCK:
393	case GRAND_SEEDRAND:
394	rc = 1;
395	break;
396	default:
397	rc = 0;
398	break;
399	}
400	break;
401	case GRAND_SEEDINT:
402	i = va_arg(ap, unsigned);
403	STORE32(buf, i);
404	prf_seed(g, buf, sizeof(buf));
405	break;
406	case GRAND_SEEDUINT32:
407	i = va_arg(ap, uint32);
408	STORE32(buf, i);
409	prf_seed(g, buf, sizeof(buf));
410	break;
411	case GRAND_SEEDBLOCK: {
412	const void p = va_arg(ap, const void );
413	size_t sz = va_arg(ap, size_t);
414	prf_seed(g, p, sz);
415	} break;
416	case GRAND_SEEDRAND: {
417	grand rr = va_arg(ap, grand );
418	octet buf[16];
419	rr->ops->fill(rr, buf, sizeof(buf));
420	prf_seed(g, buf, sizeof(buf));
421	} break;
422	default:
423	GRAND_BADOP;
45c0fd36	424	break;
d83a82be	425	}
	426
	427	va_end(ap);
	428	return (rc);
	429	}
	430
	431	static octet prf_grbyte(grand *r)
	432	{
	433	prf_grctx g = (prf_grctx )r;
	434	octet o;
	435	tlsprf_encrypt(&g->prf, 0, &o, 1);
	436	return (o);
	437	}
	438
	439	static uint32 prf_grword(grand *r)
	440	{
	441	prf_grctx g = (prf_grctx )r;
	442	octet b[4];
	443	tlsprf_encrypt(&g->prf, 0, &b, sizeof(b));
	444	return (LOAD32(b));
	445	}
	446
	447	static void prf_grfill(grand r, void p, size_t sz)
	448	{
	449	prf_grctx g = (prf_grctx )r;
	450	tlsprf_encrypt(&g->prf, 0, p, sz);
	451	}
	452
	453	static const grand_ops prf_grops = {
55fae6a7	454	"<tlsprf-dummy>",
d83a82be	455	GRAND_CRYPTO, 0,
	456	prf_grmisc, prf_grdestroy,
	457	prf_grword, prf_grbyte, prf_grword, grand_range, prf_grfill
	458	};
	459
	460	/* ---@tlsprf_rand@ --- *
	461	*
	462	* Arguments: @const gcmac mcx, mcy@ = MAC function to use
	463	* @const void *k@ = pointer to the key material
	464	* @size_t ksz@ = size of the key material
	465	* @const void *sd@ = pointer to the seed material
	466	* @size_t sdsz@ = size of the seed material
	467	*
	468	* Returns: Pointer to generic random number generator interface.
	469	*
	470	* Use: Creates a generic generator which does TLS data expansion.
	471	*/
	472
	473	grand tlsprf_rand(const gcmac mcx, const gcmac *mcy,
	474	const void k, size_t ksz, const void sd, size_t sdsz)
	475	{
	476	prf_grctx *g = S_CREATE(prf_grctx);
	477	dstr d = DSTR_INIT;
	478	octet *q = xmalloc(sdsz);
	479	memcpy(q, sd, sdsz);
	480	dstr_putf(&d, "tlsprf(%s,%s)", mcx->name, mcy->name);
	481	g->ops = prf_grops;
	482	g->ops.name = xstrdup(d.buf);
	483	g->r.ops = &g->ops;
	484	dstr_destroy(&d);
	485	tlsprf_init(&g->prf, mcx, mcy, k, ksz, q, sdsz);
	486	return (&g->r);
	487	}
	488
	489	/----- Test rig ----------------------------------------------------------/
	490
	491	#ifdef TEST_RIG
	492
	493	#include <stdio.h>
	494	#include <string.h>
	495
	496	#include <mLib/quis.h>
	497	#include <mLib/testrig.h>
	498
	499	#include "sha-hmac.h"
	500	#include "md5-hmac.h"
	501
	502	static int v_generate(dstr *v)
	503	{
	504	grand *g;
	505	dstr d = DSTR_INIT;
	506	int ok = 1;
	507
	508	g = tlsprf_rand(&md5_hmac, &sha_hmac,
	509	v[0].buf, v[0].len, v[1].buf, v[1].len);
	510	dstr_ensure(&d, v[2].len);
	511	d.len = v[2].len;
	512	g->ops->fill(g, d.buf, d.len);
	513	g->ops->destroy(g);
	514	if (memcmp(v[2].buf, d.buf, d.len) != 0) {
	515	ok = 0;
	516	printf("\nfail tlsprf:"
45c0fd36	517	"\n\tkey = ");
d83a82be	518	type_hex.dump(&v[0], stdout);
45c0fd36	519	printf("\n\tseed = "); type_hex.dump(&v[1], stdout);
d83a82be	520	printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
	521	printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
	522	putchar('\n');
	523	}
	524	return (ok);
	525	}
	526
	527	static test_chunk defs[] = {
	528	{ "tlsprf", v_generate, { &type_hex, &type_hex, &type_hex, 0 } },
	529	{ 0, 0, { 0 } }
	530	};
	531
	532	int main(int argc, char *argv[])
	533	{
0f00dc4c	534	test_run(argc, argv, defs, SRCDIR"/t/tlsprf");
d83a82be	535	return (0);
	536	}
	537
	538	#endif
	539
	540	/----- That's all, folks -------------------------------------------------/