kcapi 0.1.7

Official high-level rust bindings for libkcapi
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530

/*
 * $Id$
 *
 * Copyright (c) 2021, Purushottam A. Kulkarni.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation and
 * or other materials provided with the distribution.
 *
 * 3. Neither the name of the copyright holder nor the names of its contributors
 * may be used to endorse or promote products derived from this software without
 * specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE
 *
 */

//!
//! # Key Derivation Functions (kdf) using the Kernel Crypto API (KCAPI)
//!
//! This module provides the capability to perform Key Derivation Functions using
//! the KCAPI. The APIs provided by this module allow the initialization of
//! KDF handles, setting the key for HMAC based KDFs, as well as KDFs in
//! Counter Mode, Feedback Mode, and Double Pipeline Mode. Additionally,
//! convenience functions to perform Password-based and the Extract-and-Expand
//! HKDF (RFC5869) are also provided.
//!
//! # Layout
//!
//! This module provides the one-shot convenience APIs for performing
//! Password-based KDF as well as Extract-and-Expand HKDF (RFC5869).
//! Along with these, the `KcapiKDF` type is provided which allows
//! the initialization, and setkey functions for Counter Mode, Feedback Mode,
//! and Double Pipeline Mode KDFs.
//!
use std::{convert::TryInto, ffi::CString};

use crate::{KcapiError, KcapiResult, INIT_AIO};

///
/// # The `KcapiKDF` Type
///
/// This type denotes a generic context for KDF operations performed using the
/// KCAPI. A new instance of this struct must be initialized prior to accessing
/// any of it's APIs. A hash algorithm from `/proc/crypto` must be provided as
/// in order to create an instance of this struct using the `new()` method.
///
/// ## Panics
///
/// If the string provided to the `new()` method of this type cannot be converted
/// into a valid `std::ffi::CString`, the initialization will panic with the message
/// `Failed to allocate CString`.
///
/// ## Examples
///
/// ```
/// use kcapi::kdf::KcapiKDF;
///
/// let mut kdf = match KcapiKDF::new("hmac(sha1)") {
///     Ok(kdf) => kdf,
///     Err(e) => panic!("{}", e),
/// };
/// ```
///
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct KcapiKDF {
    digestsize: usize,
    handle: *mut kcapi_sys::kcapi_handle,
    iteration_count: u32,
    key: Vec<u8>,
    pub algorithm: String,
}

impl KcapiKDF {
    ///
    /// ## Initialize a the `KcapiKDF` type.
    ///
    /// This function initializes the `KcapiKDF` type for a hash algorithm from
    /// `/proc/crypto`. The name of the hash provided as the `algorithm` argument
    /// to this function MUST be present in `/proc/crypto` on the target platform.
    ///
    /// On success, an initialized instance of the `KcapiKDF` type is returned.
    /// On failure, a `KcapiError` is returned.
    ///
    /// ## Examples
    ///
    /// ```
    /// use kcapi::kdf::KcapiKDF;
    ///
    /// let kdf = KcapiKDF::new("hmac(sha512)")
    ///     .expect("Failed to initialize KcapiKDF");
    /// ```
    pub fn new(algorithm: &str) -> KcapiResult<Self> {
        let mut handle = Box::into_raw(Box::new(crate::kcapi_handle { _unused: [0u8; 0] }))
            as *mut kcapi_sys::kcapi_handle;

        let alg = CString::new(algorithm).expect("Failed to allocate Cstring");
        let iteration_count: u32;
        let digestsize: usize;
        unsafe {
            iteration_count = kcapi_sys::kcapi_pbkdf_iteration_count(alg.as_ptr(), 0);

            let ret = kcapi_sys::kcapi_md_init(&mut handle as *mut _, alg.as_ptr(), !INIT_AIO);
            if ret < 0 {
                return Err(KcapiError {
                    code: ret,
                    message: format!(
                        "Failed to Initialize hash handle for algorithm '{}'",
                        algorithm,
                    ),
                });
            }

            digestsize = kcapi_sys::kcapi_md_digestsize(handle) as usize;
            if digestsize == 0 {
                return Err(KcapiError {
                    code: -libc::EINVAL,
                    message: format!("Failed to obtain digestsize for algorithm '{}'", algorithm,),
                });
            }
        }

        let key: Vec<u8> = Vec::new();
        Ok(KcapiKDF {
            digestsize,
            handle,
            iteration_count,
            key,
            algorithm: algorithm.to_string(),
        })
    }

    ///
    /// ## Set the key for the `KcapiKDF` instance.
    ///
    /// This function sets the key used in a keyed message digest algorithm for
    /// the KDF operation. A call to this function is only required if the
    /// algorithm with which the `KcapiKDF` is initialized is a keyed message
    /// digest.
    ///
    /// This function takes a key as a `Vec<u8>`
    ///
    /// On failure, a `KcapiError` is returned.
    ///
    /// ## Examples
    ///
    /// ```
    /// use kcapi::kdf::KcapiKDF;
    ///
    /// let mut kdf = KcapiKDF::new("hmac(sha1)")
    ///     .expect("Failed to initialize KcapiKDF");
    ///
    /// let key = vec![0x00u8; 16];
    /// kdf.setkey(key)
    ///     .expect("Failed to set key for KcapiKDF");
    /// ```
    ///
    pub fn setkey(&mut self, key: Vec<u8>) -> KcapiResult<()> {
        unsafe {
            let ret = kcapi_sys::kcapi_md_setkey(self.handle, key.as_ptr(), key.len() as u32);
            if ret < 0 {
                return Err(KcapiError {
                    code: ret,
                    message: format!("Failed to set key for KDF algorithm '{}'", self.algorithm,),
                });
            }
        }
        self.key = key;
        Ok(())
    }

    ///
    /// ## Counter Mode Key Derivation Function
    ///
    /// This function is an implementation of the KDF in counter mode according
    /// to SP800-108 section 5.1 as well as SP800-56A section 5.8.1
    /// (Single-step KDF).
    ///
    /// SP800-108: The caller must provide Label || 0x00 || Context in src.
    /// SP800-56A: If a keyed MAC is used, the key shall NOT be the shared secret
    /// from the DH operation, but an independently generated key. The src pointer
    /// is defined as Z || other info where Z is the shared secret from DH and
    /// other info is an arbitrary string (see SP800-56A section 5.8.1.2).
    ///
    /// This function takes input data of type `Vec<u8>`, and the size of the
    /// key to be output as `usize`.
    ///
    /// On success, a `Vec<u8>` of size `outsize` is returned.
    /// On failure, a `KcapiError` is returned.
    ///
    /// ## Examples
    ///
    /// ```
    /// use kcapi::kdf::KcapiKDF;
    ///
    /// let mut kdf = KcapiKDF::new("hmac(sha1)")
    ///     .expect("Failed to initialize CTR KDF");
    ///
    /// let key = vec![0x00u8; 16];
    /// kdf.setkey(key)
    ///     .expect("Failed to set key for CTR KDF");
    ///
    /// let inp = vec![0x01u8; 16];
    /// let out = kdf.ctr_kdf(inp, 16)
    ///     .expect("Failed to perform CTR KDF");
    ///
    /// assert_eq!(out.len(), 16);
    /// ```
    ///
    pub fn ctr_kdf(&self, input: Vec<u8>, outsize: usize) -> KcapiResult<Vec<u8>> {
        let mut out = vec![0u8; outsize];
        unsafe {
            let ret = kcapi_sys::kcapi_kdf_ctr(
                self.handle,
                input.as_ptr(),
                input.len() as kcapi_sys::size_t,
                out.as_mut_ptr(),
                outsize as kcapi_sys::size_t,
            );
            if ret < 0 {
                return Err(KcapiError {
                    code: ret.try_into().expect("failed to convert i64 into i32"),
                    message: format!(
                        "Failed to generate key for KDF algorithm '{}'",
                        self.algorithm,
                    ),
                });
            }
        }
        Ok(out)
    }

    ///
    /// ## Double Pipeline Mode Key Derivation Function
    ///
    /// This function is an implementation of the KDF in double pipeline
    /// iteration mode according with counter to SP800-108 section 5.3.
    /// The caller must provide Label || 0x00 || Context in src.
    ///
    /// This function takes input data of type `Vec<u8>`, and the size of the
    /// key to be output as `usize`.
    ///
    /// On success, a `Vec<u8>` of size `outsize` is returned.
    /// On failure, a `KcapiError` is returned.
    ///
    /// ## Examples
    ///
    /// ```
    /// use kcapi::kdf::KcapiKDF;
    ///
    /// let mut kdf = KcapiKDF::new("hmac(sha1)")
    ///     .expect("Failed to initialize DPI KDF");
    ///
    /// let key = vec![0x00u8; 16];
    /// kdf.setkey(key)
    ///     .expect("Failed to set key for DPI KDF");
    ///
    /// let inp = vec![0x01u8; 16];
    /// let out = kdf.dpi_kdf(inp, 16)
    ///     .expect("Failed to perform DPI KDF");
    ///
    /// assert_eq!(out.len(), 16);
    /// ```
    ///
    pub fn dpi_kdf(&self, input: Vec<u8>, outsize: usize) -> KcapiResult<Vec<u8>> {
        let mut out = vec![0u8; outsize];
        unsafe {
            let ret = kcapi_sys::kcapi_kdf_dpi(
                self.handle,
                input.as_ptr(),
                input.len() as kcapi_sys::size_t,
                out.as_mut_ptr(),
                outsize as kcapi_sys::size_t,
            );
            if ret < 0 {
                return Err(KcapiError {
                    code: ret.try_into().expect("failed to convert i64 into i32"),
                    message: format!(
                        "Failed to generate key for KDF algorithm '{}'",
                        self.algorithm,
                    ),
                });
            }
        }
        Ok(out)
    }

    ///
    /// ## Feedback Mode Key Derivation Function
    ///
    /// This function is an implementation of the KDF in feedback mode with a
    /// non-NULL IV and with counter according to SP800-108 section 5.2. The IV
    /// is supplied with src and must be equal to the digestsize of the used
    /// cipher.
    ///
    /// In addition, the caller must provide Label || 0x00 || Context in src.
    /// This src pointer must not be NULL as the IV is required. The ultimate
    /// format of the src pointer is IV || Label || 0x00 || Context where the
    /// length of the IV is equal to the block size (i.e. the digest size of
    /// the underlying hash) of the PRF.
    ///
    /// This function takes input data of type `Vec<u8>`, and the size of the
    /// key to be output as `usize`.
    ///
    /// On success, a `Vec<u8>` of size `outsize` is returned.
    /// On failure, a `KcapiError` is returned.
    ///
    /// ## Examples
    ///
    /// ```
    /// use kcapi::kdf::KcapiKDF;
    ///
    /// let mut kdf = KcapiKDF::new("hmac(sha1)")
    ///     .expect("Failed to initialize FB KDF");
    ///
    /// let key = vec![0x00u8; 32];
    /// kdf.setkey(key)
    ///     .expect("Failed to set key for FB KDF");
    ///
    /// let inp = vec![0x00u8; 20];
    /// let out = kdf.fb_kdf(inp, 16)
    ///     .expect("Failed to perform FB KDF");
    ///
    /// assert_eq!(out.len(), 16);
    /// ```
    ///
    pub fn fb_kdf(&self, input: Vec<u8>, outsize: usize) -> KcapiResult<Vec<u8>> {
        if input.len() < self.digestsize {
            return Err(KcapiError {
                code: -libc::EINVAL,
                message: format!(
                    "Invalid input of length {} < {} for FB-KDF algorithm '{}'",
                    input.len(),
                    self.digestsize,
                    self.algorithm,
                ),
            });
        }
        let mut out = vec![0u8; outsize];
        unsafe {
            let ret = kcapi_sys::kcapi_kdf_fb(
                self.handle,
                input.as_ptr(),
                input.len() as kcapi_sys::size_t,
                out.as_mut_ptr(),
                outsize as kcapi_sys::size_t,
            );
            if ret < 0 {
                return Err(KcapiError {
                    code: ret.try_into().expect("failed to convert i64 into i32"),
                    message: format!(
                        "Failed to generate key for KDF algorithm '{}'",
                        self.algorithm,
                    ),
                });
            }
        }
        Ok(out)
    }
}

impl Drop for KcapiKDF {
    fn drop(&mut self) {
        unsafe {
            kcapi_sys::kcapi_md_destroy(self.handle);
        }
    }
}

///
/// ## Extract-and-Expand HKDF (RFC5869)
///
/// Perform the key-derivation function according to RFC5869. The input data is
/// defined in sections 2.2 und 2.3 of RFC5869.
///
/// This function takes:
/// * `hashname` - a `&str` representation of a hash algorithm from `/proc/crypto`.
/// * `ikm` - Input Key Material of type `Vec<u8>`.
/// * `salt` - Salt of type `Vec<u8>`
/// * `info` - Information buffer of type `Vec<u8>`.
/// * `outsize` - The size of the key to be generated of type `usize`.
///
/// On success, a `Vec<u8>` of length `outsize` is returned with the generated key.
/// On failure, a `KcapiError` is returned.
///
/// ## Examples
///
/// ```
/// let ikm = vec![0u8; 16];
/// let salt = vec![0u8; 16];
/// let info = vec![0u8; 16];
/// let outsize: usize = 32;
///
/// let key = kcapi::kdf::hkdf("hmac(sha1)", ikm, salt, info, outsize)
///     .expect("Failed to perform HKDF");
///
/// assert_eq!(key.len(), 32);
/// ```
pub fn hkdf(
    hashname: &str,
    ikm: Vec<u8>,
    salt: Vec<u8>,
    info: Vec<u8>,
    outsize: usize,
) -> KcapiResult<Vec<u8>> {
    let mut out = vec![0u8; outsize];
    if ikm.is_empty() {
        return Err(KcapiError {
            code: -libc::EINVAL,
            message: format!(
                "Input key material is a required arguement for algorithm '{}'",
                hashname,
            ),
        });
    }

    let hash = CString::new(hashname).expect("Failed to allocate Cstring");
    unsafe {
        let ret = kcapi_sys::kcapi_hkdf(
            hash.as_ptr(),
            ikm.as_ptr(),
            ikm.len() as kcapi_sys::size_t,
            salt.as_ptr(),
            salt.len() as u32,
            info.as_ptr(),
            info.len() as kcapi_sys::size_t,
            out.as_mut_ptr(),
            outsize as kcapi_sys::size_t,
        );
        if ret < 0 {
            return Err(KcapiError {
                code: ret.try_into().expect("failed to convert i64 into i32"),
                message: format!("Failed HKDF operation for algorithm '{}'", hashname,),
            });
        }
    }
    Ok(out)
}

///
/// ## Password-based Key Derivation Function
///
/// This function is an implementation of the PBKDF as defined in SP800-132.
///
/// This function takes:
/// * `hashname` - A `&str` representation of a hash algorithm from `/proc/crypto`.
/// * `password` - A password of type `Vec<u8>` from which the key shall be derived.
/// * `salt` - A salt of type `Vec<u8>`.
/// * `iterations` - Number of iterations (`u32`) to be performed by the PBKDF.
/// * `outsize` - The size of the key (`usize`) to be generated.
///
/// On success, a `Vec<u8>` of length `outsize` containing the key is returned.
/// On failure, a `KcapiError` is returned.
///
/// ## Examples
///
/// ```
/// let password = "Password123!".as_bytes().to_vec();
/// let salt = vec![0xffu8; 16];
/// let iterations = 32;
/// let outsize = 32;
///
/// let key = kcapi::kdf::pbkdf("hmac(sha256)", password, salt, iterations, outsize)
///     .expect("Failed to perform PBKDF");
/// ```
///
pub fn pbkdf(
    hashname: &str,
    password: Vec<u8>,
    salt: Vec<u8>,
    iterations: u32,
    outsize: usize,
) -> KcapiResult<Vec<u8>> {
    let mut out = vec![0u8; outsize];
    if password.is_empty() || salt.is_empty() {
        return Err(KcapiError {
            code: -libc::EINVAL,
            message: format!("Invalid input to PBKDF algorithm '{}'", hashname),
        });
    }

    let hash = CString::new(hashname).expect("Failed to allocate CString");
    unsafe {
        let iter = kcapi_sys::kcapi_pbkdf_iteration_count(hash.as_ptr(), 0);
        if iterations == 0 {
            return Err(KcapiError {
                code: -libc::EINVAL,
                message: format!(
                    "Insufficient iteration count {}. Recommended count is {} for '{}'",
                    iterations, iter, hashname,
                ),
            });
        }

        let ret = kcapi_sys::kcapi_pbkdf(
            hash.as_ptr(),
            password.as_ptr(),
            password.len() as u32,
            salt.as_ptr(),
            salt.len() as kcapi_sys::size_t,
            iterations,
            out.as_mut_ptr(),
            outsize as kcapi_sys::size_t,
        );
        if ret < 0 {
            return Err(KcapiError {
                code: ret.try_into().expect("failed to convert i64 into i32"),
                message: format!("Failed PBKDF operation for algorithm '{}'", hashname,),
            });
        }
    }
    Ok(out)
}