From cac799f6835dac83c52a22ecf632390b7754cc21 Mon Sep 17 00:00:00 2001 From: toddouska Date: Wed, 2 Jul 2014 16:59:45 -0700 Subject: [PATCH] add optional ecc ctx info --- ctaocrypt/src/ecc.c | 26 +++++++++++++++++++++----- ctaocrypt/test/test.c | 11 +++++++++++ cyassl/ctaocrypt/ecc.h | 2 ++ 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/ctaocrypt/src/ecc.c b/ctaocrypt/src/ecc.c index 6d6da7346..8904f7289 100644 --- a/ctaocrypt/src/ecc.c +++ b/ctaocrypt/src/ecc.c @@ -3629,9 +3629,9 @@ enum ecSrvState { struct ecEncCtx { - byte* kdfSalt; /* optional salt for kdf */ - byte* kdfInfo; /* optional info for kdf */ - byte* macSalt; /* optional salt for mac */ + const byte* kdfSalt; /* optional salt for kdf */ + const byte* kdfInfo; /* optional info for kdf */ + const byte* macSalt; /* optional salt for mac */ word32 kdfSaltSz; /* size of kdfSalt */ word32 kdfInfoSz; /* size of kdfInfo */ word32 macSaltSz; /* size of macSalt */ @@ -3676,6 +3676,19 @@ const byte* ecc_ctx_get_own_salt(ecEncCtx* ctx) } +/* optional set info, can be called before or after set_peer_salt */ +int ecc_ctx_set_info(ecEncCtx* ctx, const byte* info, int sz) +{ + if (ctx == NULL || info == 0 || sz < 0) + return BAD_FUNC_ARG; + + ctx->kdfInfo = info; + ctx->kdfInfoSz = sz; + + return 0; +} + + static const char* exchange_info = "Secure Message Exchange"; int ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) @@ -3717,8 +3730,11 @@ int ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt) ctx->macSalt = ctx->serverSalt; ctx->macSaltSz = EXCHANGE_SALT_SZ; - ctx->kdfInfo = (byte*)exchange_info; - ctx->kdfInfoSz = EXCHANGE_INFO_SZ; + if (ctx->kdfInfo == NULL) { + /* default info */ + ctx->kdfInfo = (const byte*)exchange_info; + ctx->kdfInfoSz = EXCHANGE_INFO_SZ; + } return 0; } diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index e6684d011..7f7191cb0 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -4149,6 +4149,8 @@ int hkdf_test(void) (void)res2; (void)res3; (void)res4; + (void)salt1; + (void)info1; #ifndef NO_SHA ret = HKDF(SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L); @@ -4158,12 +4160,15 @@ int hkdf_test(void) if (memcmp(okm1, res1, L) != 0) return -2002; +#ifndef HAVE_FIPS + /* fips can't have key size under 14 bytes, salt is key too */ ret = HKDF(SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L); if (ret != 0) return -2003; if (memcmp(okm1, res2, L) != 0) return -2004; +#endif /* HAVE_FIPS */ #endif /* NO_SHA */ #ifndef NO_SHA256 @@ -4174,12 +4179,15 @@ int hkdf_test(void) if (memcmp(okm1, res3, L) != 0) return -2006; +#ifndef HAVE_FIPS + /* fips can't have key size under 14 bytes, salt is key too */ ret = HKDF(SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L); if (ret != 0) return -2007; if (memcmp(okm1, res4, L) != 0) return -2007; +#endif /* HAVE_FIPS */ #endif /* NO_SHA256 */ return 0; @@ -4358,6 +4366,9 @@ int ecc_encrypt_test(void) ret = ecc_ctx_set_peer_salt(cliCtx, srvSalt); ret += ecc_ctx_set_peer_salt(srvCtx, cliSalt); + ret += ecc_ctx_set_info(cliCtx, (byte*)"CyaSSL MSGE", 11); + ret += ecc_ctx_set_info(srvCtx, (byte*)"CyaSSL MSGE", 11); + if (ret != 0) return -3008; diff --git a/cyassl/ctaocrypt/ecc.h b/cyassl/ctaocrypt/ecc.h index 0c44a4f0a..a885abf63 100644 --- a/cyassl/ctaocrypt/ecc.h +++ b/cyassl/ctaocrypt/ecc.h @@ -164,6 +164,8 @@ CYASSL_API const byte* ecc_ctx_get_own_salt(ecEncCtx*); CYASSL_API int ecc_ctx_set_peer_salt(ecEncCtx*, const byte* salt); +CYASSL_API +int ecc_ctx_set_info(ecEncCtx*, const byte* info, int sz); CYASSL_API int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,