[u/mdw/catacomb] / tlsprf.c

/* -*-c-*-
 *
 * $Id: tlsprf.c,v 1.2 2001/04/06 22:05:53 mdw Exp $
 *
 * The TLS pseudo-random function
 *
 * (c) 2001 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 * 
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: tlsprf.c,v $
 * Revision 1.2  2001/04/06 22:05:53  mdw
 * Change dummy names in grand objects so that they say what sort of thing
 * they are.
 *
 * Revision 1.1  2001/04/04 20:10:52  mdw
 * Add support for the TLS pseudo-random function.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include <mLib/alloc.h>
#include <mLib/dstr.h>
#include <mLib/sub.h>

#include "arena.h"
#include "gmac.h"
#include "grand.h"
#include "paranoia.h"
#include "tlsprf.h"

/*----- The data expansion function ---------------------------------------*/

/* --- @tlsdx_init@ --- *
 *
 * Arguments:	@tlsdx_ctx *c@ = pointer to a context
 *		@gmac *m@ = pointer to a generic MAC instance
 *		@const void *sd@ = pointer to the seed block
 *		@size_t sdsz@ = size of the seed block
 *
 * Returns:	---
 *
 * Use:		Initializes a context for the TLS data expansion function.
 *		This doesn't take ownership of the MAC instance or the seed
 *		memory, nor does it allocate copies.
 */

void tlsdx_init(tlsdx_ctx *c, gmac *m, const void *sd, size_t sdsz)
{
  c->k = m;
  c->hashsz = c->k->ops->c->hashsz;
  c->sd = sd; c->sdsz = sdsz;

  c->i = c->k->ops->init(c->k);
  c->i->ops->hash(c->i, sd, sdsz);
  c->ai = c->i->ops->done(c->i, 0);
  c->o = c->k->ops->init(c->k);
  c->o->ops->hash(c->o, c->ai, c->hashsz);
  c->o->ops->hash(c->o, sd, sdsz);
  c->p = c->o->ops->done(c->o, 0);
  c->sz = c->hashsz;
}

/* --- @tlsdx_encrypt@ --- *
 *
 * Arguments:	@tlsdx_ctx *c@ = pointer to a context
 *		@const void *src@ = pointer to source data
 *		@void *dest@ = pointer to destination buffer
 *		@size_t sz@ = size of buffer
 *
 * Returns:	---
 *
 * Use:		Encrypts data using the TLS data expansion function.  If the
 *		destination pointer is null, the generator is spun and no
 *		output is produced; if the source pointer is null, raw output
 *		from the generator is written; otherwise, the source data is
 *		XORed with the generator output.
 */

void tlsdx_encrypt(tlsdx_ctx *c, const void *src, void *dest, size_t sz)
{
  const octet *s = src;
  octet *d = dest;
  ghash *h;
  size_t i;
  size_t n;

  while (sz) {
    if (c->sz)
      n = c->sz;
    else {
      h = c->k->ops->init(c->k);
      h->ops->hash(h, c->ai, c->hashsz);
      c->ai = h->ops->done(h, 0);
      c->i->ops->destroy(c->i);
      c->i = h;
      c->o->ops->destroy(c->o);
      h = c->o = c->k->ops->init(c->k);
      h->ops->hash(h, c->ai, c->hashsz);
      h->ops->hash(h, c->sd, c->sdsz);
      c->p = h->ops->done(h, 0);
      c->sz = n = c->hashsz;
    }
    if (n > sz)
      n = sz;
    if (d) {
      if (!s)
	memcpy(d, c->p, n);
      else {
	for (i = 0; i < n; i++) d[i] = s[i] ^ c->p[i];
	s += n;
      }
      d += n;
    }
    c->p += n;
    c->sz -= n;
    sz -= n;
  }
}

/* --- @tlsdx_free@ --- *
 *
 * Arguments:	@tlsdx_ctx *c@ = pointer to the context block
 *
 * Returns:	---
 *
 * Use:		Frees a context for the TLS data expansion function
 */

void tlsdx_free(tlsdx_ctx *c)
{
  c->i->ops->destroy(c->i);
  c->o->ops->destroy(c->o);
}

/* --- Generic random number generator --- */

typedef struct dx_grctx {
  grand r;
  grand_ops ops;
  tlsdx_ctx dx;
} dx_grctx;

static void dx_grdestroy(grand *r)
{
  dx_grctx *g = (dx_grctx *)r;
  xfree((char *)g->ops.name);
  xfree((octet *)g->dx.sd);
  g->dx.k->ops->destroy(g->dx.k);
  tlsdx_free(&g->dx);
  BURN(*g);
  S_DESTROY(g);
}

static void dx_seed(dx_grctx *g, const void *p, size_t sz)
{
  octet *q;
  xfree((octet *)g->dx.sd);
  g->dx.sd = q = xmalloc(sz);
  memcpy(q, p, sz);
  g->dx.sdsz = sz;
}

static int dx_grmisc(grand *r, unsigned op, ...)
{
  dx_grctx *g = (dx_grctx *)r;
  va_list ap;
  int rc = 0;
  uint32 i;
  octet buf[4];
  va_start(ap, op);

  switch (op) {
    case GRAND_CHECK:
      switch (va_arg(ap, unsigned)) {
	case GRAND_CHECK:
	case GRAND_SEEDINT:
	case GRAND_SEEDUINT32:
	case GRAND_SEEDBLOCK:
	case GRAND_SEEDRAND:
	  rc = 1;
	  break;
	default:
	  rc = 0;
	  break;
      }
      break;
    case GRAND_SEEDINT:
      i = va_arg(ap, unsigned);
      STORE32(buf, i);
      dx_seed(g, buf, sizeof(buf));
      break;
    case GRAND_SEEDUINT32:
      i = va_arg(ap, uint32);
      STORE32(buf, i);
      dx_seed(g, buf, sizeof(buf));
      break;
    case GRAND_SEEDBLOCK: {
      const void *p = va_arg(ap, const void *);
      size_t sz = va_arg(ap, size_t);
      dx_seed(g, p, sz);
    } break;
    case GRAND_SEEDRAND: {
      grand *rr = va_arg(ap, grand *);
      octet buf[16];
      rr->ops->fill(rr, buf, sizeof(buf));
      dx_seed(g, buf, sizeof(buf));
    } break;
    default:
      GRAND_BADOP;
      break;      
  }

  va_end(ap);
  return (rc);
}

static octet dx_grbyte(grand *r)
{
  dx_grctx *g = (dx_grctx *)r;
  octet o;
  tlsdx_encrypt(&g->dx, 0, &o, 1);
  return (o);
}

static uint32 dx_grword(grand *r)
{
  dx_grctx *g = (dx_grctx *)r;
  octet b[4];
  tlsdx_encrypt(&g->dx, 0, &b, sizeof(b));
  return (LOAD32(b));
}

static void dx_grfill(grand *r, void *p, size_t sz)
{
  dx_grctx *g = (dx_grctx *)r;
  tlsdx_encrypt(&g->dx, 0, p, sz);
}

static const grand_ops dx_grops = {
  "<tlsdx-dummy>",
  GRAND_CRYPTO, 0,
  dx_grmisc, dx_grdestroy,
  dx_grword, dx_grbyte, dx_grword, grand_range, dx_grfill
};

/* ---@tlsdx_rand@ --- *
 *
 * Arguments:	@const gcmac *mc@ = MAC function to use
 *		@const void *k@ = pointer to the key material
 *		@size_t ksz@ = size of the key material
 *		@const void *sd@ = pointer to the seed material
 *		@size_t sdsz@ = size of the seed material
 *
 * Returns:	Pointer to generic random number generator interface.
 *
 * Use:		Creates a generic generator which does TLS data expansion.
 */

grand *tlsdx_rand(const gcmac *mc, const void *k, size_t ksz,
		  const void *sd, size_t sdsz)
{
  dx_grctx *g = S_CREATE(dx_grctx);
  dstr d = DSTR_INIT;
  gmac *m = mc->key(k, ksz);
  octet *q = xmalloc(sdsz);
  memcpy(q, sd, sdsz);
  dstr_putf(&d, "tlsdx(%s)", mc->name);
  g->ops = dx_grops;
  g->ops.name = xstrdup(d.buf);
  g->r.ops = &g->ops;
  dstr_destroy(&d);
  tlsdx_init(&g->dx, m, q, sdsz);
  return (&g->r);
}

/* --- The actual very paranoid PRF ---------------------------------------*/

/* --- @tlsprf_init@ --- *
 *
 * Arguments:	@tlsprf_ctx *c@ = pointer to context block
 *		@const gcmac *mcx, *mcy@ = left and right MAC functions
 *		@const void *k@ = pointer to the key material
 *		@size_t ksz@ = size of the key material
 *		@const void *sd@ = pointer to the seed material
 *		@size_t sdsz@ = size of the seed material
 *
 * Returns:	---
 *
 * Use:		Initializes a TLS PRF context.
 */

void tlsprf_init(tlsprf_ctx *c, const gcmac *mcx, const gcmac *mcy,
		 const void *k, size_t ksz, const void *sd, size_t sdsz)
{
  size_t n = (ksz + 1)/2;
  const octet *kk = k;
  tlsdx_init(&c->px, mcx->key(kk, n), sd, sdsz);
  tlsdx_init(&c->py, mcy->key(kk + ksz - n, n), sd, sdsz);
}

/* --- @tlsprf_encrypt@ --- *
 *
 * Arguments:	@tlsprf_ctx *c@ = pointer to a context
 *		@const void *src@ = pointer to source data
 *		@void *dest@ = pointer to destination buffer
 *		@size_t sz@ = size of buffer
 *
 * Returns:	---
 *
 * Use:		Encrypts data using the TLS pseudo-random function.  If the
 *		destination pointer is null, the generator is spun and no
 *		output is produced; if the source pointer is null, raw output
 *		from the generator is written; otherwise, the source data is
 *		XORed with the generator output.
 */

void tlsprf_encrypt(tlsprf_ctx *c, const void *src, void *dest, size_t sz)
{
  tlsdx_encrypt(&c->px, src, dest, sz);
  tlsdx_encrypt(&c->py, dest, dest, sz);
}

/* --- @tlsprf_free@ --- *
 *
 * Arguments:	@tlsprf_ctx *c@ = pointer to a context
 *
 * Returns:	---
 *
 * Use:		Frees a TLS PRF context.
 */

void tlsprf_free(tlsprf_ctx *c)
{
  c->px.k->ops->destroy(c->px.k);
  c->py.k->ops->destroy(c->py.k);
  tlsdx_free(&c->px);
  tlsdx_free(&c->py);
}

/* --- Generic random number generator --- */

typedef struct prf_grctx {
  grand r;
  grand_ops ops;
  tlsprf_ctx prf;
} prf_grctx;

static void prf_grdestroy(grand *r)
{
  prf_grctx *g = (prf_grctx *)r;
  xfree((char *)g->ops.name);
  xfree((octet *)g->prf.px.sd);
  tlsprf_free(&g->prf);
  BURN(*g);
  S_DESTROY(g);
}

static void prf_seed(prf_grctx *g, const void *p, size_t sz)
{
  octet *q;

  xfree((octet *)g->prf.px.sz);
  g->prf.px.sd = g->prf.py.sd = q = xmalloc(sz);
  memcpy(q, p, sz);
  g->prf.px.sdsz = g->prf.py.sdsz = sz;
}

static int prf_grmisc(grand *r, unsigned op, ...)
{
  prf_grctx *g = (prf_grctx *)r;
  va_list ap;
  int rc = 0;
  uint32 i;
  octet buf[4];
  va_start(ap, op);

  switch (op) {
    case GRAND_CHECK:
      switch (va_arg(ap, unsigned)) {
	case GRAND_CHECK:
	case GRAND_SEEDINT:
	case GRAND_SEEDUINT32:
	case GRAND_SEEDBLOCK:
	case GRAND_SEEDRAND:
	  rc = 1;
	  break;
	default:
	  rc = 0;
	  break;
      }
      break;
    case GRAND_SEEDINT:
      i = va_arg(ap, unsigned);
      STORE32(buf, i);
      prf_seed(g, buf, sizeof(buf));
      break;
    case GRAND_SEEDUINT32:
      i = va_arg(ap, uint32);
      STORE32(buf, i);
      prf_seed(g, buf, sizeof(buf));
      break;
    case GRAND_SEEDBLOCK: {
      const void *p = va_arg(ap, const void *);
      size_t sz = va_arg(ap, size_t);
      prf_seed(g, p, sz);
    } break;
    case GRAND_SEEDRAND: {
      grand *rr = va_arg(ap, grand *);
      octet buf[16];
      rr->ops->fill(rr, buf, sizeof(buf));
      prf_seed(g, buf, sizeof(buf));
    } break;
    default:
      GRAND_BADOP;
      break;      
  }

  va_end(ap);
  return (rc);
}

static octet prf_grbyte(grand *r)
{
  prf_grctx *g = (prf_grctx *)r;
  octet o;
  tlsprf_encrypt(&g->prf, 0, &o, 1);
  return (o);
}

static uint32 prf_grword(grand *r)
{
  prf_grctx *g = (prf_grctx *)r;
  octet b[4];
  tlsprf_encrypt(&g->prf, 0, &b, sizeof(b));
  return (LOAD32(b));
}

static void prf_grfill(grand *r, void *p, size_t sz)
{
  prf_grctx *g = (prf_grctx *)r;
  tlsprf_encrypt(&g->prf, 0, p, sz);
}

static const grand_ops prf_grops = {
  "<tlsprf-dummy>",
  GRAND_CRYPTO, 0,
  prf_grmisc, prf_grdestroy,
  prf_grword, prf_grbyte, prf_grword, grand_range, prf_grfill
};

/* ---@tlsprf_rand@ --- *
 *
 * Arguments:	@const gcmac *mcx, *mcy@ = MAC function to use
 *		@const void *k@ = pointer to the key material
 *		@size_t ksz@ = size of the key material
 *		@const void *sd@ = pointer to the seed material
 *		@size_t sdsz@ = size of the seed material
 *
 * Returns:	Pointer to generic random number generator interface.
 *
 * Use:		Creates a generic generator which does TLS data expansion.
 */

grand *tlsprf_rand(const gcmac *mcx, const gcmac *mcy,
		   const void *k, size_t ksz, const void *sd, size_t sdsz)
{
  prf_grctx *g = S_CREATE(prf_grctx);
  dstr d = DSTR_INIT;
  octet *q = xmalloc(sdsz);
  memcpy(q, sd, sdsz);
  dstr_putf(&d, "tlsprf(%s,%s)", mcx->name, mcy->name);
  g->ops = prf_grops;
  g->ops.name = xstrdup(d.buf);
  g->r.ops = &g->ops;
  dstr_destroy(&d);
  tlsprf_init(&g->prf, mcx, mcy, k, ksz, q, sdsz);
  return (&g->r);
}

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

#include <stdio.h>
#include <string.h>

#include <mLib/quis.h>
#include <mLib/testrig.h>

#include "sha-hmac.h"
#include "md5-hmac.h"

static int v_generate(dstr *v)
{
  grand *g;
  dstr d = DSTR_INIT;
  int ok = 1;

  g = tlsprf_rand(&md5_hmac, &sha_hmac,
		  v[0].buf, v[0].len, v[1].buf, v[1].len);
  dstr_ensure(&d, v[2].len);
  d.len = v[2].len;
  g->ops->fill(g, d.buf, d.len);
  g->ops->destroy(g);
  if (memcmp(v[2].buf, d.buf, d.len) != 0) {
    ok = 0;
    printf("\nfail tlsprf:"
	   "\n\tkey        = ");
    type_hex.dump(&v[0], stdout);
    printf("\n\tseed       = "); type_hex.dump(&v[1], stdout);
    printf("\n\texpected   = "); type_hex.dump(&v[2], stdout);
    printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
    putchar('\n');
  }
  return (ok);
}

static test_chunk defs[] = {
  { "tlsprf", v_generate, { &type_hex, &type_hex, &type_hex, 0 } },
  { 0, 0, { 0 } }
};

int main(int argc, char *argv[])
{
  test_run(argc, argv, defs, SRCDIR"/tests/tlsprf");
  return (0);
}

#endif

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
d83a82be	1	/* --c--
d83a82be	2	*
55fae6a7	3	* $Id: tlsprf.c,v 1.2 2001/04/06 22:05:53 mdw Exp $
d83a82be	4	*
	5	* The TLS pseudo-random function
	6	*
	7	* (c) 2001 Straylight/Edgeware
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of Catacomb.
	13	*
	14	* Catacomb is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU Library General Public License as
	16	* published by the Free Software Foundation; either version 2 of the
	17	* License, or (at your option) any later version.
	18	*
	19	* Catacomb is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU Library General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU Library General Public
	25	* License along with Catacomb; if not, write to the Free
	26	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	27	* MA 02111-1307, USA.
	28	*/
	29
	30	/----- Revision history --------------------------------------------------
	31	*
	32	* $Log: tlsprf.c,v $
55fae6a7	33	* Revision 1.2 2001/04/06 22:05:53 mdw
	34	* Change dummy names in grand objects so that they say what sort of thing
	35	* they are.
	36	*
d83a82be	37	* Revision 1.1 2001/04/04 20:10:52 mdw
	38	* Add support for the TLS pseudo-random function.
	39	*
	40	*/
	41
	42	/----- Header files ------------------------------------------------------/
	43
	44	#include <mLib/alloc.h>
	45	#include <mLib/dstr.h>
	46	#include <mLib/sub.h>
	47
	48	#include "arena.h"
	49	#include "gmac.h"
	50	#include "grand.h"
	51	#include "paranoia.h"
	52	#include "tlsprf.h"
	53
	54	/----- The data expansion function ---------------------------------------/
	55
	56	/* --- @tlsdx_init@ --- *
	57	*
	58	* Arguments: @tlsdx_ctx *c@ = pointer to a context
	59	* @gmac *m@ = pointer to a generic MAC instance
	60	* @const void *sd@ = pointer to the seed block
	61	* @size_t sdsz@ = size of the seed block
	62	*
	63	* Returns: ---
	64	*
	65	* Use: Initializes a context for the TLS data expansion function.
	66	* This doesn't take ownership of the MAC instance or the seed
	67	* memory, nor does it allocate copies.
	68	*/
	69
	70	void tlsdx_init(tlsdx_ctx c, gmac m, const void *sd, size_t sdsz)
	71	{
	72	c->k = m;
	73	c->hashsz = c->k->ops->c->hashsz;
	74	c->sd = sd; c->sdsz = sdsz;
55fae6a7	75
d83a82be	76	c->i = c->k->ops->init(c->k);
	77	c->i->ops->hash(c->i, sd, sdsz);
	78	c->ai = c->i->ops->done(c->i, 0);
	79	c->o = c->k->ops->init(c->k);
	80	c->o->ops->hash(c->o, c->ai, c->hashsz);
	81	c->o->ops->hash(c->o, sd, sdsz);
	82	c->p = c->o->ops->done(c->o, 0);
	83	c->sz = c->hashsz;
	84	}
	85
	86	/* --- @tlsdx_encrypt@ --- *
	87	*
	88	* Arguments: @tlsdx_ctx *c@ = pointer to a context
	89	* @const void *src@ = pointer to source data
	90	* @void *dest@ = pointer to destination buffer
	91	* @size_t sz@ = size of buffer
	92	*
	93	* Returns: ---
	94	*
	95	* Use: Encrypts data using the TLS data expansion function. If the
	96	* destination pointer is null, the generator is spun and no
	97	* output is produced; if the source pointer is null, raw output
	98	* from the generator is written; otherwise, the source data is
	99	* XORed with the generator output.
	100	*/
	101
	102	void tlsdx_encrypt(tlsdx_ctx c, const void src, void *dest, size_t sz)
	103	{
	104	const octet *s = src;
	105	octet *d = dest;
	106	ghash *h;
	107	size_t i;
	108	size_t n;
	109
	110	while (sz) {
	111	if (c->sz)
	112	n = c->sz;
	113	else {
	114	h = c->k->ops->init(c->k);
	115	h->ops->hash(h, c->ai, c->hashsz);
	116	c->ai = h->ops->done(h, 0);
	117	c->i->ops->destroy(c->i);
	118	c->i = h;
	119	c->o->ops->destroy(c->o);
	120	h = c->o = c->k->ops->init(c->k);
	121	h->ops->hash(h, c->ai, c->hashsz);
	122	h->ops->hash(h, c->sd, c->sdsz);
	123	c->p = h->ops->done(h, 0);
	124	c->sz = n = c->hashsz;
	125	}
	126	if (n > sz)
	127	n = sz;
	128	if (d) {
	129	if (!s)
	130	memcpy(d, c->p, n);
	131	else {
	132	for (i = 0; i < n; i++) d[i] = s[i] ^ c->p[i];
	133	s += n;
	134	}
	135	d += n;
	136	}
	137	c->p += n;
	138	c->sz -= n;
	139	sz -= n;
140	}
141	}
142
143	/* --- @tlsdx_free@ --- *
144	*
145	* Arguments: @tlsdx_ctx *c@ = pointer to the context block
146	*
147	* Returns: ---
148	*
149	* Use: Frees a context for the TLS data expansion function
150	*/
151
152	void tlsdx_free(tlsdx_ctx *c)
153	{
154	c->i->ops->destroy(c->i);
155	c->o->ops->destroy(c->o);
156	}
157
158	/* --- Generic random number generator --- */
159
160	typedef struct dx_grctx {
161	grand r;
162	grand_ops ops;
163	tlsdx_ctx dx;
164	} dx_grctx;
165
166	static void dx_grdestroy(grand *r)
167	{
168	dx_grctx g = (dx_grctx )r;
169	xfree((char *)g->ops.name);
170	xfree((octet *)g->dx.sd);
171	g->dx.k->ops->destroy(g->dx.k);
172	tlsdx_free(&g->dx);
173	BURN(*g);
174	S_DESTROY(g);
175	}
176
177	static void dx_seed(dx_grctx g, const void p, size_t sz)
178	{
179	octet *q;
180	xfree((octet *)g->dx.sd);
181	g->dx.sd = q = xmalloc(sz);
182	memcpy(q, p, sz);
183	g->dx.sdsz = sz;
184	}
185
186	static int dx_grmisc(grand *r, unsigned op, ...)
187	{
188	dx_grctx g = (dx_grctx )r;
189	va_list ap;
190	int rc = 0;
191	uint32 i;
192	octet buf[4];
193	va_start(ap, op);
194
195	switch (op) {
196	case GRAND_CHECK:
197	switch (va_arg(ap, unsigned)) {
198	case GRAND_CHECK:
199	case GRAND_SEEDINT:
200	case GRAND_SEEDUINT32:
201	case GRAND_SEEDBLOCK:
202	case GRAND_SEEDRAND:
203	rc = 1;
204	break;
205	default:
206	rc = 0;
207	break;
208	}
209	break;
210	case GRAND_SEEDINT:
211	i = va_arg(ap, unsigned);
212	STORE32(buf, i);
213	dx_seed(g, buf, sizeof(buf));
214	break;
215	case GRAND_SEEDUINT32:
216	i = va_arg(ap, uint32);
217	STORE32(buf, i);
218	dx_seed(g, buf, sizeof(buf));
219	break;
220	case GRAND_SEEDBLOCK: {
221	const void p = va_arg(ap, const void );
222	size_t sz = va_arg(ap, size_t);
223	dx_seed(g, p, sz);
224	} break;
225	case GRAND_SEEDRAND: {
226	grand rr = va_arg(ap, grand );
227	octet buf[16];
228	rr->ops->fill(rr, buf, sizeof(buf));
229	dx_seed(g, buf, sizeof(buf));
230	} break;
231	default:
232	GRAND_BADOP;
233	break;
234	}
235
236	va_end(ap);
237	return (rc);
238	}
239
240	static octet dx_grbyte(grand *r)
241	{
242	dx_grctx g = (dx_grctx )r;
243	octet o;
244	tlsdx_encrypt(&g->dx, 0, &o, 1);
245	return (o);
246	}
247
248	static uint32 dx_grword(grand *r)
249	{
250	dx_grctx g = (dx_grctx )r;
251	octet b[4];
252	tlsdx_encrypt(&g->dx, 0, &b, sizeof(b));
253	return (LOAD32(b));
254	}
255
256	static void dx_grfill(grand r, void p, size_t sz)
257	{
258	dx_grctx g = (dx_grctx )r;
259	tlsdx_encrypt(&g->dx, 0, p, sz);
260	}
261
262	static const grand_ops dx_grops = {
55fae6a7	263	"<tlsdx-dummy>",
d83a82be	264	GRAND_CRYPTO, 0,
	265	dx_grmisc, dx_grdestroy,
	266	dx_grword, dx_grbyte, dx_grword, grand_range, dx_grfill
	267	};
	268
	269	/* ---@tlsdx_rand@ --- *
	270	*
	271	* Arguments: @const gcmac *mc@ = MAC function to use
	272	* @const void *k@ = pointer to the key material
	273	* @size_t ksz@ = size of the key material
	274	* @const void *sd@ = pointer to the seed material
	275	* @size_t sdsz@ = size of the seed material
	276	*
	277	* Returns: Pointer to generic random number generator interface.
	278	*
	279	* Use: Creates a generic generator which does TLS data expansion.
	280	*/
	281
	282	grand tlsdx_rand(const gcmac mc, const void *k, size_t ksz,
	283	const void *sd, size_t sdsz)
	284	{
	285	dx_grctx *g = S_CREATE(dx_grctx);
	286	dstr d = DSTR_INIT;
	287	gmac *m = mc->key(k, ksz);
	288	octet *q = xmalloc(sdsz);
	289	memcpy(q, sd, sdsz);
	290	dstr_putf(&d, "tlsdx(%s)", mc->name);
	291	g->ops = dx_grops;
	292	g->ops.name = xstrdup(d.buf);
	293	g->r.ops = &g->ops;
	294	dstr_destroy(&d);
	295	tlsdx_init(&g->dx, m, q, sdsz);
	296	return (&g->r);
	297	}
	298
	299	/* --- The actual very paranoid PRF ---------------------------------------*/
	300
	301	/* --- @tlsprf_init@ --- *
	302	*
	303	* Arguments: @tlsprf_ctx *c@ = pointer to context block
	304	* @const gcmac mcx, mcy@ = left and right MAC functions
	305	* @const void *k@ = pointer to the key material
	306	* @size_t ksz@ = size of the key material
	307	* @const void *sd@ = pointer to the seed material
	308	* @size_t sdsz@ = size of the seed material
	309	*
	310	* Returns: ---
	311	*
	312	* Use: Initializes a TLS PRF context.
	313	*/
	314
	315	void tlsprf_init(tlsprf_ctx c, const gcmac mcx, const gcmac *mcy,
	316	const void k, size_t ksz, const void sd, size_t sdsz)
	317	{
	318	size_t n = (ksz + 1)/2;
	319	const octet *kk = k;
	320	tlsdx_init(&c->px, mcx->key(kk, n), sd, sdsz);
	321	tlsdx_init(&c->py, mcy->key(kk + ksz - n, n), sd, sdsz);
	322	}
	323
	324	/* --- @tlsprf_encrypt@ --- *
	325	*
	326	* Arguments: @tlsprf_ctx *c@ = pointer to a context
	327	* @const void *src@ = pointer to source data
328	* @void *dest@ = pointer to destination buffer
329	* @size_t sz@ = size of buffer
330	*
331	* Returns: ---
332	*
333	* Use: Encrypts data using the TLS pseudo-random function. If the
334	* destination pointer is null, the generator is spun and no
335	* output is produced; if the source pointer is null, raw output
336	* from the generator is written; otherwise, the source data is
337	* XORed with the generator output.
338	*/
339
340	void tlsprf_encrypt(tlsprf_ctx c, const void src, void *dest, size_t sz)
341	{
342	tlsdx_encrypt(&c->px, src, dest, sz);
343	tlsdx_encrypt(&c->py, dest, dest, sz);
344	}
345
346	/* --- @tlsprf_free@ --- *
347	*
348	* Arguments: @tlsprf_ctx *c@ = pointer to a context
349	*
350	* Returns: ---
351	*
352	* Use: Frees a TLS PRF context.
353	*/
354
355	void tlsprf_free(tlsprf_ctx *c)
356	{
357	c->px.k->ops->destroy(c->px.k);
358	c->py.k->ops->destroy(c->py.k);
359	tlsdx_free(&c->px);
360	tlsdx_free(&c->py);
361	}
362
363	/* --- Generic random number generator --- */
364
365	typedef struct prf_grctx {
366	grand r;
367	grand_ops ops;
368	tlsprf_ctx prf;
369	} prf_grctx;
370
371	static void prf_grdestroy(grand *r)
372	{
373	prf_grctx g = (prf_grctx )r;
374	xfree((char *)g->ops.name);
375	xfree((octet *)g->prf.px.sd);
376	tlsprf_free(&g->prf);
377	BURN(*g);
378	S_DESTROY(g);
379	}
380
381	static void prf_seed(prf_grctx g, const void p, size_t sz)
382	{
383	octet *q;
384
385	xfree((octet *)g->prf.px.sz);
386	g->prf.px.sd = g->prf.py.sd = q = xmalloc(sz);
387	memcpy(q, p, sz);
388	g->prf.px.sdsz = g->prf.py.sdsz = sz;
389	}
390
391	static int prf_grmisc(grand *r, unsigned op, ...)
392	{
393	prf_grctx g = (prf_grctx )r;
394	va_list ap;
395	int rc = 0;
396	uint32 i;
397	octet buf[4];
398	va_start(ap, op);
399
400	switch (op) {
401	case GRAND_CHECK:
402	switch (va_arg(ap, unsigned)) {
403	case GRAND_CHECK:
404	case GRAND_SEEDINT:
405	case GRAND_SEEDUINT32:
406	case GRAND_SEEDBLOCK:
407	case GRAND_SEEDRAND:
408	rc = 1;
409	break;
410	default:
411	rc = 0;
412	break;
413	}
414	break;
415	case GRAND_SEEDINT:
416	i = va_arg(ap, unsigned);
417	STORE32(buf, i);
418	prf_seed(g, buf, sizeof(buf));
419	break;
420	case GRAND_SEEDUINT32:
421	i = va_arg(ap, uint32);
422	STORE32(buf, i);
423	prf_seed(g, buf, sizeof(buf));
424	break;
425	case GRAND_SEEDBLOCK: {
426	const void p = va_arg(ap, const void );
427	size_t sz = va_arg(ap, size_t);
428	prf_seed(g, p, sz);
429	} break;
430	case GRAND_SEEDRAND: {
431	grand rr = va_arg(ap, grand );
432	octet buf[16];
433	rr->ops->fill(rr, buf, sizeof(buf));
434	prf_seed(g, buf, sizeof(buf));
435	} break;
436	default:
437	GRAND_BADOP;
438	break;
439	}
440
441	va_end(ap);
442	return (rc);
443	}
444
445	static octet prf_grbyte(grand *r)
446	{
447	prf_grctx g = (prf_grctx )r;
448	octet o;
449	tlsprf_encrypt(&g->prf, 0, &o, 1);
450	return (o);
451	}
452
453	static uint32 prf_grword(grand *r)
454	{
455	prf_grctx g = (prf_grctx )r;
456	octet b[4];
457	tlsprf_encrypt(&g->prf, 0, &b, sizeof(b));
458	return (LOAD32(b));
459	}
460
461	static void prf_grfill(grand r, void p, size_t sz)
462	{
463	prf_grctx g = (prf_grctx )r;
464	tlsprf_encrypt(&g->prf, 0, p, sz);
465	}
466
467	static const grand_ops prf_grops = {
55fae6a7	468	"<tlsprf-dummy>",
d83a82be	469	GRAND_CRYPTO, 0,
	470	prf_grmisc, prf_grdestroy,
	471	prf_grword, prf_grbyte, prf_grword, grand_range, prf_grfill
	472	};
	473
	474	/* ---@tlsprf_rand@ --- *
	475	*
	476	* Arguments: @const gcmac mcx, mcy@ = MAC function to use
	477	* @const void *k@ = pointer to the key material
	478	* @size_t ksz@ = size of the key material
	479	* @const void *sd@ = pointer to the seed material
	480	* @size_t sdsz@ = size of the seed material
	481	*
	482	* Returns: Pointer to generic random number generator interface.
	483	*
	484	* Use: Creates a generic generator which does TLS data expansion.
	485	*/
	486
	487	grand tlsprf_rand(const gcmac mcx, const gcmac *mcy,
	488	const void k, size_t ksz, const void sd, size_t sdsz)
	489	{
	490	prf_grctx *g = S_CREATE(prf_grctx);
	491	dstr d = DSTR_INIT;
	492	octet *q = xmalloc(sdsz);
	493	memcpy(q, sd, sdsz);
	494	dstr_putf(&d, "tlsprf(%s,%s)", mcx->name, mcy->name);
	495	g->ops = prf_grops;
	496	g->ops.name = xstrdup(d.buf);
	497	g->r.ops = &g->ops;
	498	dstr_destroy(&d);
	499	tlsprf_init(&g->prf, mcx, mcy, k, ksz, q, sdsz);
	500	return (&g->r);
	501	}
	502
	503	/----- Test rig ----------------------------------------------------------/
	504
	505	#ifdef TEST_RIG
	506
	507	#include <stdio.h>
	508	#include <string.h>
	509
	510	#include <mLib/quis.h>
	511	#include <mLib/testrig.h>
	512
	513	#include "sha-hmac.h"
	514	#include "md5-hmac.h"
	515
	516	static int v_generate(dstr *v)
	517	{
	518	grand *g;
	519	dstr d = DSTR_INIT;
	520	int ok = 1;
	521
	522	g = tlsprf_rand(&md5_hmac, &sha_hmac,
	523	v[0].buf, v[0].len, v[1].buf, v[1].len);
	524	dstr_ensure(&d, v[2].len);
	525	d.len = v[2].len;
	526	g->ops->fill(g, d.buf, d.len);
	527	g->ops->destroy(g);
	528	if (memcmp(v[2].buf, d.buf, d.len) != 0) {
	529	ok = 0;
	530	printf("\nfail tlsprf:"
	531	"\n\tkey = ");
	532	type_hex.dump(&v[0], stdout);
533	printf("\n\tseed = "); type_hex.dump(&v[1], stdout);
534	printf("\n\texpected = "); type_hex.dump(&v[2], stdout);
535	printf("\n\tcalculated = "); type_hex.dump(&d, stdout);
536	putchar('\n');
537	}
538	return (ok);
539	}
540
541	static test_chunk defs[] = {
542	{ "tlsprf", v_generate, { &type_hex, &type_hex, &type_hex, 0 } },
543	{ 0, 0, { 0 } }
544	};
545
546	int main(int argc, char *argv[])
547	{
548	test_run(argc, argv, defs, SRCDIR"/tests/tlsprf");
549	return (0);
550	}
551
552	#endif
553
554	/----- That's all, folks -------------------------------------------------/