[epiphany/wip/sync: 35/83] sync-crypto: Add function to derive the AES/HMAC keys from kB



commit 470dc66e47564b50b833b249e713951fff34aa73
Author: Gabriel Ivascu <ivascu gabriel59 gmail com>
Date:   Thu Mar 9 15:48:39 2017 +0200

    sync-crypto: Add function to derive the AES/HMAC keys from kB

 src/sync/ephy-sync-crypto.c |   50 +++++++++++++++++++++++++++++++++++++++++++
 src/sync/ephy-sync-crypto.h |    3 ++
 2 files changed, 53 insertions(+), 0 deletions(-)
---
diff --git a/src/sync/ephy-sync-crypto.c b/src/sync/ephy-sync-crypto.c
index 28fbd92..fc16156 100644
--- a/src/sync/ephy-sync-crypto.c
+++ b/src/sync/ephy-sync-crypto.c
@@ -603,6 +603,56 @@ ephy_sync_crypto_compute_sync_keys (const char  *bundle,
   g_free (respMAC2_hex);
 }
 
+void
+ephy_sync_crypto_derive_master_keys (const guint8  *kB,
+                                     guint8       **aes_key,
+                                     guint8       **hmac_key)
+{
+  guint8 *salt;
+  guint8 *prk;
+  guint8 *tmp;
+  char *prk_hex;
+  char *aes_key_hex;
+  char *hmac_key_hex;
+  const char *info = "identity.mozilla.com/picl/v1/oldsync";
+
+  g_return_if_fail (kB);
+  g_return_if_fail (aes_key);
+  g_return_if_fail (hmac_key);
+
+  /* Perform a two step HKDF with an all-zeros salt.
+   * T(1) will represent the AES key, T(2) will represent the HMAC key. */
+
+  salt = g_malloc0 (EPHY_SYNC_TOKEN_LENGTH);
+  prk_hex = g_compute_hmac_for_data (G_CHECKSUM_SHA256,
+                                     salt, EPHY_SYNC_TOKEN_LENGTH,
+                                     kB, EPHY_SYNC_TOKEN_LENGTH);
+  prk = ephy_sync_crypto_decode_hex (prk_hex);
+  tmp = ephy_sync_utils_concatenate_bytes ((guint8 *)info, strlen (info),
+                                           "\x01", 1,
+                                           NULL);
+  aes_key_hex = g_compute_hmac_for_data (G_CHECKSUM_SHA256,
+                                         prk, EPHY_SYNC_TOKEN_LENGTH,
+                                         tmp, strlen (info) + 1);
+  *aes_key = ephy_sync_crypto_decode_hex (aes_key_hex);
+  g_free (tmp);
+  tmp = ephy_sync_utils_concatenate_bytes (*aes_key, EPHY_SYNC_TOKEN_LENGTH,
+                                           (guint8 *)info, strlen (info),
+                                           "\x02", 1,
+                                           NULL);
+  hmac_key_hex = g_compute_hmac_for_data (G_CHECKSUM_SHA256,
+                                          prk, EPHY_SYNC_TOKEN_LENGTH,
+                                          tmp, EPHY_SYNC_TOKEN_LENGTH + strlen (info) + 1);
+  *hmac_key = ephy_sync_crypto_decode_hex (hmac_key_hex);
+
+  g_free (salt);
+  g_free (prk_hex);
+  g_free (prk);
+  g_free (tmp);
+  g_free (aes_key_hex);
+  g_free (hmac_key_hex);
+}
+
 SyncCryptoHawkHeader *
 ephy_sync_crypto_compute_hawk_header (const char            *url,
                                       const char            *method,
diff --git a/src/sync/ephy-sync-crypto.h b/src/sync/ephy-sync-crypto.h
index 8131ccb..4a02178 100644
--- a/src/sync/ephy-sync-crypto.h
+++ b/src/sync/ephy-sync-crypto.h
@@ -94,6 +94,9 @@ void                    ephy_sync_crypto_compute_sync_keys        (const char
                                                                    guint8                 *unwrapBKey,
                                                                    guint8                **kA,
                                                                    guint8                **kB);
+void                    ephy_sync_crypto_derive_master_keys       (const guint8           *kB,
+                                                                   guint8                **aes_key,
+                                                                   guint8                **hmac_key);
 SyncCryptoHawkHeader   *ephy_sync_crypto_compute_hawk_header      (const char             *url,
                                                                    const char             *method,
                                                                    const char             *id,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]