SECStatus
tls13_HkdfExtract(PK11SymKey *ikm1, PK11SymKey *ikm2in, SSLHashType baseHash,
PK11SymKey **prkp)
{
CK_NSS_HKDFParams params;
SECItem paramsi;
SECStatus rv;
SECItem *salt;
PK11SymKey *prk;
static const PRUint8 zeroKeyBuf[HASH_LENGTH_MAX];
PK11SymKey *zeroKey = NULL;
PK11SlotInfo *slot = NULL;
PK11SymKey *ikm2;
params.bExtract = CK_TRUE;
params.bExpand = CK_FALSE;
params.pInfo = NULL;
params.ulInfoLen = 0UL;
if (ikm1) {
/* TODO([email protected]): This violates the PKCS#11 key boundary
* but is imposed on us by the present HKDF interface. */
rv = PK11_ExtractKeyValue(ikm1);
if (rv != SECSuccess)
return rv;
salt = PK11_GetKeyData(ikm1);
if (!salt)
return SECFailure;
params.pSalt = salt->data;
params.ulSaltLen = salt->len;
PORT_Assert(salt->len > 0);
} else {
/* Per documentation for CKM_NSS_HKDF_*:
*
* If the optional salt is given, it is used; otherwise, the salt is
* set to a sequence of zeros equal in length to the HMAC output.
*/
params.pSalt = NULL;
params.ulSaltLen = 0UL;
}
paramsi.data = (unsigned char *)¶ms;
paramsi.len = sizeof(params);
PORT_Assert(kTlsHkdfInfo[baseHash].pkcs11Mech);
PORT_Assert(kTlsHkdfInfo[baseHash].hashSize);
PORT_Assert(kTlsHkdfInfo[baseHash].hash == baseHash);
/* A zero ikm2 is a key of hash-length 0s. */
if (!ikm2in) {
SECItem zeroItem = {
siBuffer,
(unsigned char *)zeroKeyBuf,
kTlsHkdfInfo[baseHash].hashSize
};
slot = PK11_GetInternalSlot();
if (!slot) {
return SECFailure;
}
zeroKey = PK11_ImportSymKey(slot,
kTlsHkdfInfo[baseHash].pkcs11Mech,
PK11_OriginUnwrap,
CKA_DERIVE, &zeroItem, NULL);
if (!zeroKey)
return SECFailure;
ikm2 = zeroKey;
} else {
ikm2 = ikm2in;
}
PORT_Assert(ikm2);
PRINT_BUF(50, (NULL, "HKDF Extract: IKM1/Salt", params.pSalt, params.ulSaltLen));
PRINT_KEY(50, (NULL, "HKDF Extract: IKM2", ikm2));
prk = PK11_Derive(ikm2, kTlsHkdfInfo[baseHash].pkcs11Mech,
¶msi, kTlsHkdfInfo[baseHash].pkcs11Mech,
CKA_DERIVE, kTlsHkdfInfo[baseHash].hashSize);
if (zeroKey)
PK11_FreeSymKey(zeroKey);
if (slot)
PK11_FreeSlot(slot);
if (!prk)
return SECFailure;
PRINT_KEY(50, (NULL, "HKDF Extract", prk));
*prkp = prk;
return SECSuccess;
}
void PrintFindData2(LPCTSTR szFilePath, FILE *stream)
{
FILETIME ft;
SYSTEMTIME st;
DWORD dwVerInfoSize;
DWORD dwVerHnd=0;
BOOL bRetCode;
LPSTR lpBuffer;
UINT* dwBytes = new UINT;
char *fileName;
char fullName[256];
dwVerInfoSize = GetFileVersionInfoSize(szFilePath, &dwVerHnd);
if (dwVerInfoSize)
{
LPTSTR lpstrVffInfo;
HANDLE hMem;
hMem = GlobalAlloc(GMEM_MOVEABLE, dwVerInfoSize);
lpstrVffInfo = (TCHAR *)GlobalLock(hMem);
GetFileVersionInfo(szFilePath, dwVerHnd, dwVerInfoSize, lpstrVffInfo);
// Company Name
#define PRINT_KEY(x) \
bRetCode = VerQueryValue((LPVOID)lpstrVffInfo, TEXT("\\StringFileInfo\\000004E4\\"##x), (LPVOID *)&lpBuffer, dwBytes);\
if(bRetCode)\
{\
_ftprintf(stream, _T("%s:%s, "), ##x, lpBuffer);\
}\
else\
_ftprintf(stream, _T(", "));
PRINT_KEY(_T("CompanyName"));
PRINT_KEY(_T("FileDescription"));
PRINT_KEY(_T("FileVersion"));
PRINT_KEY(_T("InternalName"));
PRINT_KEY(_T("LegalCopyright"));
PRINT_KEY(_T("OriginalFilename"));
PRINT_KEY(_T("ProductName"));
PRINT_KEY(_T("ProductVersion"));
PRINT_KEY(_T("Comments"));
PRINT_KEY(_T("LegalTrademarks"));
PRINT_KEY(_T("PrivateBuild"));
PRINT_KEY(_T("SpecialBuild"));
_ftprintf(stream, _T("\n"));
}
else
_ftprintf(stream, _T(", , , , , , , , , , ,\n"));
}
SECStatus
tls13_HkdfExpandLabel(PK11SymKey *prk, SSLHashType baseHash,
const PRUint8 *handshakeHash, unsigned int handshakeHashLen,
const char *label, unsigned int labelLen,
CK_MECHANISM_TYPE algorithm, unsigned int keySize,
PK11SymKey **keyp)
{
CK_NSS_HKDFParams params;
SECItem paramsi = { siBuffer, NULL, 0 };
/* Size of info array needs to be big enough to hold the maximum Prefix,
* Label, plus HandshakeHash. If it's ever to small, the code will abort.
*/
PRUint8 info[256];
PRUint8 *ptr = info;
unsigned int infoLen;
PK11SymKey *derived;
const char *kLabelPrefix = "TLS 1.3, ";
const unsigned int kLabelPrefixLen = strlen(kLabelPrefix);
if (handshakeHash) {
PORT_Assert(handshakeHashLen == kTlsHkdfInfo[baseHash].hashSize * 2);
} else {
PORT_Assert(!handshakeHashLen);
}
/*
* [draft-ietf-tls-tls13-11] Section 7.1:
*
* HKDF-Expand-Label(Secret, Label, HashValue, Length) =
* HKDF-Expand(Secret, HkdfLabel, Length)
*
* Where HkdfLabel is specified as:
*
* struct HkdfLabel {
* uint16 length;
* opaque label<9..255>;
* opaque hash_value<0..255>;
* };
*
* Where:
* - HkdfLabel.length is Length
* - HkdfLabel.hash_value is HashValue.
* - HkdfLabel.label is "TLS 1.3, " + Label
*
*/
infoLen = 2 + 1 + kLabelPrefixLen + labelLen + 1 + handshakeHashLen;
if (infoLen > sizeof(info)) {
PORT_Assert(0);
goto abort;
}
ptr = tls13_EncodeUintX(keySize, 2, ptr);
ptr = tls13_EncodeUintX(labelLen + kLabelPrefixLen, 1, ptr);
PORT_Memcpy(ptr, kLabelPrefix, kLabelPrefixLen);
ptr += kLabelPrefixLen;
PORT_Memcpy(ptr, label, labelLen);
ptr += labelLen;
ptr = tls13_EncodeUintX(handshakeHashLen, 1, ptr);
if (handshakeHash) {
PORT_Memcpy(ptr, handshakeHash, handshakeHashLen);
ptr += handshakeHashLen;
}
PORT_Assert((ptr - info) == infoLen);
params.bExtract = CK_FALSE;
params.bExpand = CK_TRUE;
params.pInfo = info;
params.ulInfoLen = infoLen;
paramsi.data = (unsigned char *)¶ms;
paramsi.len = sizeof(params);
derived = PK11_DeriveWithFlags(prk, kTlsHkdfInfo[baseHash].pkcs11Mech,
¶msi, algorithm,
CKA_DERIVE, keySize,
CKF_SIGN | CKF_VERIFY);
if (!derived)
return SECFailure;
*keyp = derived;
#ifdef TRACE
if (ssl_trace >= 10) {
/* Make sure the label is null terminated. */
char labelStr[100];
PORT_Memcpy(labelStr, label, labelLen);
labelStr[labelLen] = 0;
SSL_TRC(50, ("HKDF Expand: label=[TLS 1.3, ] + '%s',requested length=%d",
labelStr, keySize));
}
PRINT_KEY(50, (NULL, "PRK", prk));
PRINT_BUF(50, (NULL, "Hash", handshakeHash, handshakeHashLen));
PRINT_BUF(50, (NULL, "Info", info, infoLen));
PRINT_KEY(50, (NULL, "Derived key", derived));
#endif
return SECSuccess;
abort:
PORT_SetError(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE);
return SECFailure;
}
bool ossimPredatorKlvTable::addKeys(const ossim_uint8* buffer, ossim_uint32 length)
{
std::vector<ossim_uint8> bufferToParse;
bufferToParse = theNeedToParseBuffer;
if(buffer)
{
bufferToParse.insert(bufferToParse.end(),
buffer,
buffer + length);
}
theNeedToParseBuffer.clear();
ossim_uint32 currentIdx = 0;
ossim_uint32 totalLen = bufferToParse.size();
const ossim_uint8* bufPtr = &bufferToParse.front();
if(totalLen < 1) return false;
while(std::equal(theKlvKey,
theKlvKey + 4,
&bufPtr[currentIdx])) // while we are looking at klv keys keep parsing
{
if((currentIdx+16) >= totalLen)
{
theNeedToParseBuffer.clear();
theNeedToParseBuffer.insert(theNeedToParseBuffer.end(),
&bufPtr[currentIdx],
&bufPtr[totalLen]);
return true;
}
ossimPredatorKlvTable::Node node;
ossim_uint32 saveIdx = currentIdx;
node.theId = findPredatorKlvIndex(&bufPtr[currentIdx]);
if(node.theId < 0)
{
if(traceDebug())
{
ossim_uint32 tempId = currentIdx + 16;
std::cout << "**************UNDEFINED KEY**************\n";
std::cout << "WITH SIZE === " << klv_decode_length(bufPtr, tempId) << std::endl;
PRINT_KEY(&bufPtr[currentIdx]);
}
//ossim_uint32 tempId = currentIdx + 16;
//std::cout << "**************UNDEFINED KEY**************\n";
//std::cout << "WITH SIZE === " << klv_decode_length(bufPtr, tempId) << std::endl;
// PRINT_KEY(&bufPtr[currentIdx]);
//
//ossim_float32 f = *reinterpret_cast<const ossim_float32*>(&bufPtr[tempId]);
//theEndian.swap(f);
// std::cout << "POSSIBLE VALUE === " << f << std::endl;
}
//PRINT_KEY(&bufPtr[currentIdx]);
currentIdx += 16;
int klvLength = klv_decode_length(bufPtr, currentIdx);
if(klvLength > 0)
{
if((currentIdx + klvLength) <= totalLen)
{
node.theValue.insert(node.theValue.end(),
&bufPtr[currentIdx], &bufPtr[currentIdx + klvLength]);
currentIdx += klvLength;
if(node.theId >=0)
{
if((node.theId == KLV_BASIC_UNIVERSAL_METADATA_SET)||
(node.theId == KLV_KEY_SECURITY_CLASSIFICATION_SET))
{
theNeedToParseBuffer.insert(theNeedToParseBuffer.end(),
node.theValue.begin(),
node.theValue.end());
theNeedToParseBuffer.insert(theNeedToParseBuffer.end(),
&bufPtr[currentIdx],
&bufPtr[totalLen]);
return addKeys(0,0);
}
else if(node.theId == KLV_UAS_DATALINK_LOCAL_DATASET)
{
addUasDatalinkLocalDataSet(node.theValue);
return addKeys(0,0);
}
else
{
theKlvParameters.insert(std::make_pair(static_cast<ossimPredatorKlvIndex>(node.theId),
node));
// std::cout << "VALUE = " << getValueAsString((PredatorKlvIndex)node.theId) << std::endl;
// std::cout << "SIZE = " << klvLength << std::endl;
}
}
}
else
{
theNeedToParseBuffer.insert(theNeedToParseBuffer.end(),
&bufPtr[saveIdx],
&bufPtr[totalLen]);
return true;
}
}
if(currentIdx >= totalLen) return false;
}
return false;
}
