Merge #176

bors[bot] · kedars · zugzwang · commit 17e5f99975c5 · 2022-11-24T09:07:17.000+01:00
176: Add support for HKDF r=jethrogb a=kedars

Co-authored-by: Kedar Sovani &lt;kedars@gmail.com&gt;
diff --git a/mbedtls/src/hash/mod.rs b/mbedtls/src/hash/mod.rs
@@ -147,6 +147,29 @@ impl Md {
             Ok(olen)
         }
     }
+
+    pub fn hkdf(md: Type, salt: &[u8], ikm: &[u8], info: &[u8], key: &mut [u8]) -> Result<()> {
+        let md: MdInfo = match md.into() {
+            Some(md) => md,
+            None => return Err(Error::MdBadInputData),
+        };
+
+        unsafe {
+            hkdf(
+                md.inner,
+                salt.as_ptr(),
+                salt.len(),
+                ikm.as_ptr(),
+                ikm.len(),
+                info.as_ptr(),
+                info.len(),
+                key.as_mut_ptr(),
+                key.len(),
+            )
+            .into_result()?;
+            Ok(())
+        }
+    }
 }
 
 pub fn pbkdf2_hmac(
diff --git a/mbedtls/src/pk/mod.rs b/mbedtls/src/pk/mod.rs
@@ -111,7 +111,7 @@ extern "C" fn alloc_custom_pk_ctx() -> *mut c_void {
 }
 
 unsafe extern "C" fn free_custom_pk_ctx(p: *mut c_void) {
-    Box::from_raw(p as *mut CustomPkContext);
+    let _ = Box::from_raw(p as *mut CustomPkContext);
 }
 
 extern "C" fn custom_pk_can_do(_t: u32) -> i32 {
diff --git a/mbedtls/src/x509/mod.rs b/mbedtls/src/x509/mod.rs
@@ -28,7 +28,6 @@ pub use self::profile::Profile;
 use mbedtls_sys::*;
 use mbedtls_sys::types::raw_types::c_uint;
 bitflags! {
-    #[doc(inline)]
     pub struct KeyUsage: c_uint {
         const DIGITAL_SIGNATURE  = X509_KU_DIGITAL_SIGNATURE as c_uint;
         const NON_REPUDIATION    = X509_KU_NON_REPUDIATION as c_uint;
@@ -43,7 +42,6 @@ bitflags! {
 }
 
 bitflags! {
-    #[doc(inline)]
     pub struct VerifyError: u32 {
         const CERT_BAD_KEY       = X509_BADCERT_BAD_KEY as u32;
         const CERT_BAD_MD        = X509_BADCERT_BAD_MD as u32;
diff --git a/mbedtls/tests/hkdf.rs b/mbedtls/tests/hkdf.rs
@@ -0,0 +1,34 @@
+/* Copyright (c) Fortanix, Inc.
+ *
+ * Licensed under the GNU General Public License, version 2 <LICENSE-GPL or
+ * https://www.gnu.org/licenses/gpl-2.0.html> or the Apache License, Version
+ * 2.0 <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0>, at your
+ * option. This file may not be copied, modified, or distributed except
+ * according to those terms. */
+
+use mbedtls::hash::Md;
+use mbedtls::hash::Type as MdType;
+
+#[test]
+fn test_hkdf_sha256() {
+    let ikm = [
+        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+    ];
+
+    let salt = [
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+    ];
+    let info = [0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9];
+    let mut output = [0u8; 42];
+    Md::hkdf(MdType::Sha256, &salt, &ikm, &info, &mut output).unwrap();
+
+    assert_eq!(
+        output,
+        [
+            0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36,
+            0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56,
+            0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65
+        ]
+    );
+}

Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ extern "C" fn alloc_custom_pk_ctx() -> *mut c_void {`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`unsafe extern "C" fn free_custom_pk_ctx(p: *mut c_void) {`
`114`		`- Box::from_raw(p as *mut CustomPkContext);`
	`114`	`+ let _ = Box::from_raw(p as *mut CustomPkContext);`
`115`	`115`	`}`
`116`	`116`
`117`	`117`	`extern "C" fn custom_pk_can_do(_t: u32) -> i32 {`