keyctl_dh_compute_kdf: expose the KDF support

Author: mathstuf

keyutils-raw/src/functions.rs

@@ -103,6 +103,13 @@ fn ignore(res: libc::c_long) {
     assert_eq!(res, 0);
 }
 
+fn safe_len<T>(len: usize) -> Result<T>
+where
+    usize: TryInto<T>,
+{
+    len.try_into().map_err(|_| errno::Errno(libc::EINVAL))
+}
+
 macro_rules! syscall {
     ( $( $arg:expr, )* ) => {
         check_syscall(libc::syscall($( $arg, )*))
@@ -366,6 +373,14 @@ struct DhComputeParamsKernel {
     base: i32,
 }
 
+#[repr(C)]
+struct DhKdfParamsKernel {
+    hashname: *const libc::c_char,
+    otherinfo: *const libc::c_void,
+    otherinfolen: u32,
+    _spare: [u32; 8],
+}
+
 pub fn keyctl_dh_compute(
     private: KeyringSerial,
     prime: KeyringSerial,
@@ -384,7 +399,40 @@ pub fn keyctl_dh_compute(
             &params as *const DhComputeParamsKernel,
             buffer.as_mut().map_or(ptr::null(), |b| b.as_mut_ptr()),
             capacity,
-            0,
+            ptr::null() as *const DhKdfParamsKernel,
+        )
+    }
+    .map(size)
+}
+
+pub fn keyctl_dh_compute_kdf(
+    private: KeyringSerial,
+    prime: KeyringSerial,
+    base: KeyringSerial,
+    hashname: &str,
+    otherinfo: Option<&[u8]>,
+    mut buffer: Option<Out<[u8]>>,
+) -> Result<usize> {
+    let params = DhComputeParamsKernel {
+        priv_: private.get(),
+        prime: prime.get(),
+        base: base.get(),
+    };
+    let hash_cstr = cstring(hashname);
+    let kdf_params = DhKdfParamsKernel {
+        hashname: hash_cstr.as_ptr(),
+        otherinfo: otherinfo.map_or(ptr::null(), |d| d.as_ptr()) as *const libc::c_void,
+        otherinfolen: safe_len(otherinfo.map_or(0, |d| d.len()))?,
+        _spare: [0; 8],
+    };
+    let capacity = buffer.as_mut().map_or(0, |b| b.len());
+    unsafe {
+        keyctl!(
+            libc::KEYCTL_DH_COMPUTE,
+            &params as *const DhComputeParamsKernel,
+            buffer.as_mut().map_or(ptr::null(), |b| b.as_mut_ptr()),
+            capacity,
+            &kdf_params as *const DhKdfParamsKernel,
         )
     }
     .map(size)

src/api.rs

@@ -24,7 +24,7 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-use std::borrow::Borrow;
+use std::borrow::{Borrow, Cow};
 use std::convert::TryInto;
 use std::mem;
 use std::result;
@@ -511,6 +511,76 @@ pub struct Key {
     id: KeyringSerial,
 }
 
+/// Hashes supported by the kernel.
+#[derive(Debug, Clone)]
+// #[non_exhaustive]
+pub enum KeyctlHash {
+    /// The MD4 hash.
+    Md4,
+    /// The MD5 hash.
+    Md5,
+    /// The SHA1 hash.
+    Sha1,
+    /// The sha224 hash.
+    Sha224,
+    /// The sha256 hash.
+    Sha256,
+    /// The sha384 hash.
+    Sha384,
+    /// The sha512 hash.
+    Sha512,
+    /// The rmd128 hash.
+    RipeMd128,
+    /// The rmd160 hash.
+    RipeMd160,
+    /// The rmd256 hash.
+    RipeMd256,
+    /// The rmd320 hash.
+    RipeMd320,
+    /// The wp256 hash.
+    Wp256,
+    /// The wp384 hash.
+    Wp384,
+    /// The wp512 hash.
+    Wp512,
+    /// The tgr128 hash.
+    Tgr128,
+    /// The tgr160 hash.
+    Tgr160,
+    /// The tgr192 hash.
+    Tgr192,
+    /// The sm3-256 hash.
+    Sm3_256,
+    /// For extensibility.
+    OtherEncoding(Cow<'static, str>),
+}
+
+impl KeyctlHash {
+    fn hash(&self) -> &str {
+        match *self {
+            KeyctlHash::Md4 => "md4",
+            KeyctlHash::Md5 => "md5",
+            KeyctlHash::Sha1 => "sha1",
+            KeyctlHash::Sha224 => "sha224",
+            KeyctlHash::Sha256 => "sha256",
+            KeyctlHash::Sha384 => "sha384",
+            KeyctlHash::Sha512 => "sha512",
+            KeyctlHash::RipeMd128 => "rmd128",
+            KeyctlHash::RipeMd160 => "rmd160",
+            KeyctlHash::RipeMd256 => "rmd256",
+            KeyctlHash::RipeMd320 => "rmd320",
+            KeyctlHash::Wp256 => "wp256",
+            KeyctlHash::Wp384 => "wp384",
+            KeyctlHash::Wp512 => "wp512",
+            KeyctlHash::Tgr128 => "tgr128",
+            KeyctlHash::Tgr160 => "tgr160",
+            KeyctlHash::Tgr192 => "tgr192",
+            KeyctlHash::Sm3_256 => "sm3-256",
+            KeyctlHash::OtherEncoding(ref s) => &s,
+        }
+    }
+}
+
 impl Key {
     /// Instantiate a key from an ID.
     ///
@@ -681,6 +751,69 @@ impl Key {
         buffer.truncate(sz);
         Ok(buffer)
     }
+
+    /// Compute a key from a Diffie-Hellman shared secret.
+    ///
+    /// The `base` key contains the remote public key to create a share secret which is then
+    /// processed using `hash`.
+    ///
+    /// See [SP800-56A][] for details.
+    ///
+    /// [SP800-56A]: https://csrc.nist.gov/publications/detail/sp/800-56a/revised/archive/2007-03-14
+    pub fn compute_dh_kdf<O>(
+        private: &Key,
+        prime: &Key,
+        base: &Key,
+        hash: KeyctlHash,
+        other: Option<O>,
+    ) -> Result<Vec<u8>>
+    where
+        O: AsRef<[u8]>,
+    {
+        Self::compute_dh_kdf_impl(
+            private,
+            prime,
+            base,
+            hash,
+            other.as_ref().map(AsRef::as_ref),
+        )
+    }
+
+    fn compute_dh_kdf_impl(
+        private: &Key,
+        prime: &Key,
+        base: &Key,
+        hash: KeyctlHash,
+        other: Option<&[u8]>,
+    ) -> Result<Vec<u8>> {
+        // Get the size of the description.
+        let mut sz =
+            keyctl_dh_compute_kdf(private.id, prime.id, base.id, hash.hash(), other, None)?;
+        // Allocate this description.
+        let mut buffer = vec![0; sz];
+        loop {
+            let write_buffer = buffer.get_backing_buffer();
+            // Fetch the description.
+            sz = keyctl_dh_compute_kdf(
+                private.id,
+                prime.id,
+                base.id,
+                hash.hash(),
+                other,
+                Some(write_buffer),
+            )?;
+
+            // If we got everything, exit.
+            if sz <= buffer.capacity() {
+                break;
+            }
+
+            // Resize for the additional capacity we need.
+            buffer.resize(sz, 0);
+        }
+        buffer.truncate(sz);
+        Ok(buffer)
+    }
 }
 
 /// Structure representing the metadata about a key or keyring.