hotplace rev.356 HMAC/CMAC-based Extract-and-Expand Key Derivation Fu…

…nction (hkdf_extract, hkdf_expand, ckdf_extract, ckdf_expand)

README.md

@@ -43,6 +43,7 @@
  * RFC 3394 Advanced Encryption Standard (AES) Key Wrap Algorithm (September 2002)
  * RFC 5649 Advanced Encryption Starndard (AES) Key Wrap with Padding Algorithm (September 2009)
  * RFC 5794 A Description of the ARIA Encryption Algorithm (March 2010)
+ * RFC 5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF)
  * RFC 7539 ChaCha20 and Poly1305 for IETF Protocols
  * RFC 7914 The scrypt Password-Based Key Derivation Function
  * RFC 8017 PKCS #1: RSA Cryptography Specifications Version 2.2

sdk/base/basic/base16.cpp

@@ -116,6 +116,44 @@ std::string base16_encode(binary_t const& source) {
 
 return_t base16_encode(binary_t const& source, stream_t* stream) { return base16_encode(&source[0], source.size(), stream); }
 
+std::string base16_encode(const char* source) {
+    std::string outpart;
+    if (source) {
+        base16_encode((const byte_t*)source, strlen(source), outpart);
+    }
+    return outpart;
+}
+
+return_t base16_encode(const char* source, std::string& outpart) {
+    return_t ret = errorcode_t::success;
+    __try2 {
+        if (nullptr == source) {
+            ret = errorcode_t::invalid_parameter;
+            __leave2;
+        }
+
+        base16_encode((const byte_t*)source, strlen(source), outpart);
+    }
+    __finally2 {
+        // do nothing
+    }
+    return ret;
+}
+
+return_t base16_encode(const char* source, binary_t& outpart) {
+    return_t ret = errorcode_t::success;
+    if (source) {
+        size_t slen = strlen(source);
+        size_t dlen = 0;
+        ret = base16_encode((const byte_t*)source, slen, (char*)&outpart[0], &dlen);
+        outpart.resize(dlen);
+        ret = base16_encode((const byte_t*)source, slen, (char*)&outpart[0], &dlen);
+    }
+    return ret;
+}
+
+return_t base16_encode(std::string const& source, binary_t& outpart) { return base16_encode(source.c_str(), outpart); }
+
 static byte_t conv(char c) {
     byte_t ret = 0;
 

sdk/base/basic/base16.hpp

@@ -113,6 +113,11 @@ return_t base16_encode(binary_t const& source, stream_t* stream);
  */
 std::string base16_encode(binary_t const& source);
 
+std::string base16_encode(const char* source);
+return_t base16_encode(const char* source, std::string& outpart);
+return_t base16_encode(const char* source, binary_t& outpart);
+return_t base16_encode(std::string const& source, binary_t& outpart);
+
 /**
  * @brief   decode
  * @param   const char* source [in]

sdk/crypto/basic/crypto_advisor.cpp

@@ -20,7 +20,7 @@ namespace crypto {
 #if (OPENSSL_VERSION_NUMBER < 0x30000000L)
 typedef struct _openssl_evp_cipher_method_older_t {
     const EVP_CIPHER* _cipher;
-    openssl_evp_cipher_method_t method;
+    hint_cipher_t method;
 } openssl_evp_cipher_method_older_t;
 
 const openssl_evp_cipher_method_older_t aes_wrap_methods[] = {
@@ -77,12 +77,10 @@ return_t crypto_advisor::build_if_necessary() {
         //     [PASS] const EVP_CIPHER* cipher = crypto_advisor::get_instance()->find_evp_cipher("aes-128-wrap");
 
         for (i = 0; i < sizeof_evp_cipher_methods; i++) {
-            const openssl_evp_cipher_method_t* item = evp_cipher_methods + i;
+            const hint_cipher_t* item = evp_cipher_methods + i;
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
             EVP_CIPHER* evp_cipher = EVP_CIPHER_fetch(nullptr, item->_fetchname, nullptr);
-            if (nullptr == evp_cipher) {
-                __trace(errorcode_t::debug, "%s", item->_fetchname);
-            } else {
+            if (evp_cipher) {
                 _cipher_map.insert(std::make_pair(CRYPT_CIPHER_VALUE(item->_algorithm, item->_mode), evp_cipher));
                 _evp_cipher_map.insert(std::make_pair(evp_cipher, item));
             }
@@ -93,6 +91,10 @@ return_t crypto_advisor::build_if_necessary() {
                 _evp_cipher_map.insert(std::make_pair(evp_cipher, item));
             }
 #endif
+            if (nullptr == evp_cipher) {
+                __trace(errorcode_t::debug, "%s", item->_fetchname);
+            }
+
             _cipher_fetch_map.insert(std::make_pair(CRYPT_CIPHER_VALUE(item->_algorithm, item->_mode), item));
             _cipher_byname_map.insert(std::make_pair(item->_fetchname, item));
         }
@@ -105,12 +107,10 @@ return_t crypto_advisor::build_if_necessary() {
 #endif
 
         for (i = 0; i < sizeof_evp_md_methods; i++) {
-            const openssl_evp_md_method_t* item = evp_md_methods + i;
+            const hint_digest_t* item = evp_md_methods + i;
 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
             EVP_MD* evp_md = EVP_MD_fetch(nullptr, item->_fetchname, nullptr);
-            if (nullptr == evp_md) {
-                __trace(errorcode_t::debug, "%s", item->_fetchname);
-            } else {
+            if (evp_md) {
                 _md_map.insert(std::make_pair(item->_algorithm, evp_md));
             }
 #else
@@ -119,6 +119,9 @@ return_t crypto_advisor::build_if_necessary() {
                 _md_map.insert(std::make_pair(item->_algorithm, (EVP_MD*)evp_md));
             }
 #endif
+            if (nullptr == evp_md) {
+                __trace(errorcode_t::debug, "%s", item->_fetchname);
+            }
             _md_fetch_map.insert(std::make_pair(item->_algorithm, item));
             _md_byname_map.insert(std::make_pair(item->_fetchname, item));
         }
@@ -245,8 +248,8 @@ const hint_blockcipher_t* crypto_advisor::hintof_blockcipher(crypt_algorithm_t a
 const hint_blockcipher_t* crypto_advisor::hintof_blockcipher(const char* alg) {
     const hint_blockcipher_t* ret_value = nullptr;
     if (alg) {
-        maphint<std::string, const openssl_evp_cipher_method_t*> hint(_cipher_byname_map);
-        const openssl_evp_cipher_method_t* item = nullptr;
+        maphint<std::string, const hint_cipher_t*> hint(_cipher_byname_map);
+        const hint_cipher_t* item = nullptr;
         hint.find(alg, &item);
         if (item) {
             ret_value = hintof_blockcipher(item->_algorithm);
@@ -260,14 +263,15 @@ const hint_blockcipher_t* crypto_advisor::find_evp_cipher(const EVP_CIPHER* ciph
     return_t ret = errorcode_t::success;
 
     __try2 {
-        crypt_algorithm_t alg = crypt_algorithm_t::crypt_alg_unknown;
-        crypt_mode_t mode = crypt_mode_t::crypt_mode_unknown;
-        ret = find_evp_cipher(cipher, alg, mode);
+        const hint_cipher_t* hint = nullptr;
+        maphint<const EVP_CIPHER*, const hint_cipher_t*> hint_cipher(_evp_cipher_map);
+        ret = hint_cipher.find(cipher, &hint);
         if (errorcode_t::success != ret) {
             __leave2;
         }
 
-        blockcipher = hintof_blockcipher(alg);
+        maphint<uint32, const hint_blockcipher_t*> hint_blockcipher(_blockcipher_map);
+        hint_blockcipher.find(hint->_algorithm, &blockcipher);
     }
     __finally2 {
         // do nothing
@@ -288,8 +292,8 @@ const EVP_CIPHER* crypto_advisor::find_evp_cipher(const char* name) {
     const EVP_CIPHER* ret_value = nullptr;
 
     if (name) {
-        maphint<std::string, const openssl_evp_cipher_method_t*> hint(_cipher_byname_map);
-        const openssl_evp_cipher_method_t* item = nullptr;
+        maphint<std::string, const hint_cipher_t*> hint(_cipher_byname_map);
+        const hint_cipher_t* item = nullptr;
         hint.find(name, &item);
         if (item) {
             ret_value = _cipher_map[CRYPT_CIPHER_VALUE(item->_algorithm, item->_mode)];
@@ -298,53 +302,37 @@ const EVP_CIPHER* crypto_advisor::find_evp_cipher(const char* name) {
     return ret_value;
 }
 
-return_t crypto_advisor::find_evp_cipher(const char* name, crypt_algorithm_t& algorithm, crypt_mode_t& mode) {
-    return_t ret = errorcode_t::success;
-
+const hint_cipher_t* crypto_advisor::hintof_cipher(const char* name) {
+    const hint_cipher_t* ret_value = nullptr;
     __try2 {
         if (nullptr == name) {
-            ret = errorcode_t::invalid_parameter;
             __leave2;
         }
 
-        maphint<std::string, const openssl_evp_cipher_method_t*> hint(_cipher_byname_map);
-        const openssl_evp_cipher_method_t* item = nullptr;
-        ret = hint.find(name, &item);
-        if (errorcode_t::success != ret) {
-            __leave2;
-        }
-
-        algorithm = item->_algorithm;
-        mode = item->_mode;
+        maphint<std::string, const hint_cipher_t*> hint(_cipher_byname_map);
+        hint.find(name, &ret_value);
     }
     __finally2 {
         // do nothing
     }
-    return ret;
+    return ret_value;
 }
 
-return_t crypto_advisor::find_evp_cipher(const EVP_CIPHER* cipher, crypt_algorithm_t& algorithm, crypt_mode_t& mode) {
-    return_t ret = errorcode_t::success;
+const hint_cipher_t* crypto_advisor::hintof_cipher(const EVP_CIPHER* cipher) {
+    const hint_cipher_t* ret_value = nullptr;
 
     __try2 {
         if (nullptr == cipher) {
-            ret = errorcode_t::invalid_parameter;
             __leave2;
         }
 
-        const openssl_evp_cipher_method_t* method = nullptr;
-        maphint<const EVP_CIPHER*, const openssl_evp_cipher_method_t*> hint(_evp_cipher_map);
-
-        ret = hint.find(cipher, &method);
-        if (errorcode_t::success == ret) {
-            algorithm = method->_algorithm;
-            mode = method->_mode;
-        }
+        maphint<const EVP_CIPHER*, const hint_cipher_t*> hint(_evp_cipher_map);
+        hint.find(cipher, &ret_value);
     }
     __finally2 {
         // do nothing
     }
-    return ret;
+    return ret_value;
 }
 
 const char* crypto_advisor::nameof_cipher(crypt_algorithm_t algorithm, crypt_mode_t mode) {
@@ -353,8 +341,8 @@ const char* crypto_advisor::nameof_cipher(crypt_algorithm_t algorithm, crypt_mod
 
     __try2 {
         uint32 key = CRYPT_CIPHER_VALUE(algorithm, mode);
-        const openssl_evp_cipher_method_t* item = nullptr;
-        maphint<uint32, const openssl_evp_cipher_method_t*> hint(_cipher_fetch_map);
+        const hint_cipher_t* item = nullptr;
+        maphint<uint32, const hint_cipher_t*> hint(_cipher_fetch_map);
 
         ret = hint.find(key, &item);
         if (errorcode_t::success == ret) {
@@ -403,8 +391,8 @@ const EVP_MD* crypto_advisor::find_evp_md(const char* name) {
     const EVP_MD* ret_value = nullptr;
 
     if (name) {
-        maphint<std::string, const openssl_evp_md_method_t*> hint(_md_byname_map);
-        const openssl_evp_md_method_t* item = nullptr;
+        maphint<std::string, const hint_digest_t*> hint(_md_byname_map);
+        const hint_digest_t* item = nullptr;
         hint.find(name, &item);
         if (item) {
             ret_value = _md_map[item->_algorithm];
@@ -413,28 +401,21 @@ const EVP_MD* crypto_advisor::find_evp_md(const char* name) {
     return ret_value;
 }
 
-return_t crypto_advisor::find_evp_md(const char* name, hash_algorithm_t& algorithm) {
-    return_t ret = errorcode_t::success;
+const hint_digest_t* crypto_advisor::hintof_digest(const char* name) {
+    const hint_digest_t* ret_value = nullptr;
 
     __try2 {
         if (nullptr == name) {
-            ret = errorcode_t::invalid_parameter;
             __leave2;
         }
 
-        maphint<std::string, const openssl_evp_md_method_t*> hint(_md_byname_map);
-        const openssl_evp_md_method_t* item = nullptr;
-        ret = hint.find(name, &item);
-        if (errorcode_t::success != ret) {
-            __leave2;
-        }
-
-        algorithm = item->_algorithm;
+        maphint<std::string, const hint_digest_t*> hint(_md_byname_map);
+        hint.find(name, &ret_value);
     }
     __finally2 {
         // do nothing
     }
-    return ret;
+    return ret_value;
 }
 
 hash_algorithm_t crypto_advisor::get_algorithm(crypt_sig_t sig) {
@@ -463,8 +444,8 @@ hash_algorithm_t crypto_advisor::get_algorithm(jws_t sig) {
 
 const char* crypto_advisor::nameof_md(hash_algorithm_t algorithm) {
     const char* ret_value = nullptr;
-    const openssl_evp_md_method_t* item = nullptr;
-    maphint<uint32, const openssl_evp_md_method_t*> hint(_md_fetch_map);
+    const hint_digest_t* item = nullptr;
+    maphint<uint32, const hint_digest_t*> hint(_md_fetch_map);
 
     hint.find(algorithm, &item);
     if (item) {

sdk/crypto/basic/crypto_advisor.hpp

@@ -55,14 +55,16 @@ class crypto_advisor {
      */
     const EVP_CIPHER* find_evp_cipher(crypt_algorithm_t algorithm, crypt_mode_t mode);
     const EVP_CIPHER* find_evp_cipher(const char* name);
-    return_t find_evp_cipher(const char* name, crypt_algorithm_t& algorithm, crypt_mode_t& mode);
     /**
-     * @brief find alg and mode
+     * @brief hint
+     * @param const char* name [in] ex. "aes-128-cbc"
+     */
+    const hint_cipher_t* hintof_cipher(const char* name);
+    /**
+     * @brief hint
      * @param const EVP_CIPHER* cipher [in]
-     * @param int& algorithm [out]
-     * @param int& mode [out]
      */
-    return_t find_evp_cipher(const EVP_CIPHER* cipher, crypt_algorithm_t& algorithm, crypt_mode_t& mode);
+    const hint_cipher_t* hintof_cipher(const EVP_CIPHER* cipher);
     /**
      * @brief find cipher string
      * @param crypt_algorithm_t algorithm [in] crypt_algorithm_t
@@ -86,7 +88,7 @@ class crypto_advisor {
     const EVP_MD* find_evp_md(crypt_sig_t sig);
     const EVP_MD* find_evp_md(jws_t sig);
     const EVP_MD* find_evp_md(const char* name);
-    return_t find_evp_md(const char* name, hash_algorithm_t& algorithm);
+    const hint_digest_t* hintof_digest(const char* name);
     hash_algorithm_t get_algorithm(crypt_sig_t sig);
     hash_algorithm_t get_algorithm(jws_t sig);
     /**
@@ -433,12 +435,12 @@ class crypto_advisor {
 
     /* data structures for a binary search */
 
-    typedef std::map<uint32, const hint_blockcipher_t*> blockcipher_map_t;           /* pair (alg, hint_blockcipher_t*) */
-    typedef std::map<uint32, EVP_CIPHER*> cipher_map_t;                              /* pair (alg+mode, EVP_CIPHER*) */
-    typedef std::map<uint32, const openssl_evp_cipher_method_t*> cipher_fetch_map_t; /* pair (alg+mode, openssl_evp_cipher_method_t*) */
-    typedef std::map<const EVP_CIPHER*, const openssl_evp_cipher_method_t*> evp_cipher_map_t;
+    typedef std::map<uint32, const hint_blockcipher_t*> blockcipher_map_t; /* pair (alg, hint_blockcipher_t*) */
+    typedef std::map<uint32, EVP_CIPHER*> cipher_map_t;                    /* pair (alg+mode, EVP_CIPHER*) */
+    typedef std::map<uint32, const hint_cipher_t*> cipher_fetch_map_t;     /* pair (alg+mode, hint_cipher_t*) */
+    typedef std::map<const EVP_CIPHER*, const hint_cipher_t*> evp_cipher_map_t;
     typedef std::map<uint32, EVP_MD*> md_map_t; /* pair (alg+mode, EVP_MD*) */
-    typedef std::map<uint32, const openssl_evp_md_method_t*> md_fetch_map_t;
+    typedef std::map<uint32, const hint_digest_t*> md_fetch_map_t;
     typedef std::map<uint32, const hint_jose_encryption_t*> jose_encryption_map_t;
     typedef std::map<uint32, const hint_signature_t*> signature_map_t;
     typedef std::map<uint32, const hint_cose_algorithm_t*> cose_algorithm_map_t;
@@ -456,8 +458,8 @@ class crypto_advisor {
     typedef std::map<uint32, cose_ec_curve_t> nid2curve_map_t;
     typedef std::map<cose_ec_curve_t, uint32> curve2nid_map_t;
 
-    typedef std::map<std::string, const openssl_evp_cipher_method_t*> cipher_byname_map_t; /* "aes-256-cbc" to openssl_evp_cipher_method_t* */
-    typedef std::map<std::string, const openssl_evp_md_method_t*> md_byname_map_t;         /* "sha256" to openssl_evp_md_method_t* */
+    typedef std::map<std::string, const hint_cipher_t*> cipher_byname_map_t; /* "aes-256-cbc" to hint_cipher_t* */
+    typedef std::map<std::string, const hint_digest_t*> md_byname_map_t;     /* "sha256" to hint_digest_t* */
 
     int _flag;
 
@@ -539,8 +541,8 @@ bool kindof_ecc(EVP_PKEY* pkey);
  */
 crypto_kty_t typeof_crypto_key(EVP_PKEY* key);
 
-extern const openssl_evp_cipher_method_t evp_cipher_methods[];
-extern const openssl_evp_md_method_t evp_md_methods[];
+extern const hint_cipher_t evp_cipher_methods[];
+extern const hint_digest_t evp_md_methods[];
 extern const hint_blockcipher_t hint_blockciphers[];
 extern const hint_curve_t hint_curves[];
 extern const hint_cose_algorithm_t hint_cose_algorithms[];