| 414 | const char *hkdfInfoSIVContent = "AES-SIV file content encryption"; |
| 415 | |
| 416 | bool hkdfDerive(const BYTE *masterKey, int masterKeyLen, BYTE *newKey, int newKeyLen, const char *info) |
| 417 | { |
| 418 | EVP_PKEY_CTX *pctx = NULL; |
| 419 | |
| 420 | bool ret = true; |
| 421 | |
| 422 | size_t outLen = newKeyLen; |
| 423 | |
| 424 | try { |
| 425 | |
| 426 | pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); |
| 427 | |
| 428 | if (!pctx) |
| 429 | throw(-1); |
| 430 | |
| 431 | if (EVP_PKEY_derive_init(pctx) <= 0) |
| 432 | throw(-1); |
| 433 | if (EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()) <= 0) |
| 434 | throw(-1); |
| 435 | #if 0 |
| 436 | if (EVP_PKEY_CTX_set1_hkdf_salt(pctx, "salt", 4) <= 0) |
| 437 | throw(-1); |
| 438 | #endif |
| 439 | if (EVP_PKEY_CTX_set1_hkdf_key(pctx, masterKey, masterKeyLen) <= 0) |
| 440 | throw(-1); |
| 441 | if (EVP_PKEY_CTX_add1_hkdf_info(pctx, reinterpret_cast<const unsigned char *>(info), (int)strlen(info)) <= 0) |
| 442 | throw(-1); |
| 443 | if (EVP_PKEY_derive(pctx, newKey, &outLen) <= 0) |
| 444 | throw(-1); |
| 445 | |
| 446 | if (outLen != newKeyLen) |
| 447 | throw(-1); |
| 448 | |
| 449 | } catch (...) { |
| 450 | ret = false; |
| 451 | } |
| 452 | |
| 453 | if (pctx) |
| 454 | EVP_PKEY_CTX_free(pctx); |
| 455 | |
| 456 | return ret; |
| 457 | } |
no outgoing calls
no test coverage detected