[epiphany/wip/sync: 35/83] sync-crypto: Add function to derive the AES/HMAC keys from kB
- From: Gabriel Ivașcu <gabrielivascu src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/wip/sync: 35/83] sync-crypto: Add function to derive the AES/HMAC keys from kB
- Date: Mon, 3 Apr 2017 13:10:53 +0000 (UTC)
commit 470dc66e47564b50b833b249e713951fff34aa73
Author: Gabriel Ivascu <ivascu gabriel59 gmail com>
Date: Thu Mar 9 15:48:39 2017 +0200
sync-crypto: Add function to derive the AES/HMAC keys from kB
src/sync/ephy-sync-crypto.c | 50 +++++++++++++++++++++++++++++++++++++++++++
src/sync/ephy-sync-crypto.h | 3 ++
2 files changed, 53 insertions(+), 0 deletions(-)
---
diff --git a/src/sync/ephy-sync-crypto.c b/src/sync/ephy-sync-crypto.c
index 28fbd92..fc16156 100644
--- a/src/sync/ephy-sync-crypto.c
+++ b/src/sync/ephy-sync-crypto.c
@@ -603,6 +603,56 @@ ephy_sync_crypto_compute_sync_keys (const char *bundle,
g_free (respMAC2_hex);
}
+void
+ephy_sync_crypto_derive_master_keys (const guint8 *kB,
+ guint8 **aes_key,
+ guint8 **hmac_key)
+{
+ guint8 *salt;
+ guint8 *prk;
+ guint8 *tmp;
+ char *prk_hex;
+ char *aes_key_hex;
+ char *hmac_key_hex;
+ const char *info = "identity.mozilla.com/picl/v1/oldsync";
+
+ g_return_if_fail (kB);
+ g_return_if_fail (aes_key);
+ g_return_if_fail (hmac_key);
+
+ /* Perform a two step HKDF with an all-zeros salt.
+ * T(1) will represent the AES key, T(2) will represent the HMAC key. */
+
+ salt = g_malloc0 (EPHY_SYNC_TOKEN_LENGTH);
+ prk_hex = g_compute_hmac_for_data (G_CHECKSUM_SHA256,
+ salt, EPHY_SYNC_TOKEN_LENGTH,
+ kB, EPHY_SYNC_TOKEN_LENGTH);
+ prk = ephy_sync_crypto_decode_hex (prk_hex);
+ tmp = ephy_sync_utils_concatenate_bytes ((guint8 *)info, strlen (info),
+ "\x01", 1,
+ NULL);
+ aes_key_hex = g_compute_hmac_for_data (G_CHECKSUM_SHA256,
+ prk, EPHY_SYNC_TOKEN_LENGTH,
+ tmp, strlen (info) + 1);
+ *aes_key = ephy_sync_crypto_decode_hex (aes_key_hex);
+ g_free (tmp);
+ tmp = ephy_sync_utils_concatenate_bytes (*aes_key, EPHY_SYNC_TOKEN_LENGTH,
+ (guint8 *)info, strlen (info),
+ "\x02", 1,
+ NULL);
+ hmac_key_hex = g_compute_hmac_for_data (G_CHECKSUM_SHA256,
+ prk, EPHY_SYNC_TOKEN_LENGTH,
+ tmp, EPHY_SYNC_TOKEN_LENGTH + strlen (info) + 1);
+ *hmac_key = ephy_sync_crypto_decode_hex (hmac_key_hex);
+
+ g_free (salt);
+ g_free (prk_hex);
+ g_free (prk);
+ g_free (tmp);
+ g_free (aes_key_hex);
+ g_free (hmac_key_hex);
+}
+
SyncCryptoHawkHeader *
ephy_sync_crypto_compute_hawk_header (const char *url,
const char *method,
diff --git a/src/sync/ephy-sync-crypto.h b/src/sync/ephy-sync-crypto.h
index 8131ccb..4a02178 100644
--- a/src/sync/ephy-sync-crypto.h
+++ b/src/sync/ephy-sync-crypto.h
@@ -94,6 +94,9 @@ void ephy_sync_crypto_compute_sync_keys (const char
guint8 *unwrapBKey,
guint8 **kA,
guint8 **kB);
+void ephy_sync_crypto_derive_master_keys (const guint8 *kB,
+ guint8 **aes_key,
+ guint8 **hmac_key);
SyncCryptoHawkHeader *ephy_sync_crypto_compute_hawk_header (const char *url,
const char *method,
const char *id,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]