Merge branch 'derived_tls_fix'

chiranjeb-wdc · chiranjeb-wdc · commit 0b686f5fe049 · 2025-02-20T23:17:19.000-08:00
diff --git a/src/nvme/linux.c b/src/nvme/linux.c
@@ -564,7 +564,7 @@ static int derive_psk_digest(const char *hostnqn, const char *subsysnqn,
 	return -1;
 }
 
-static int derive_tls_key(int version, int cipher, const char *context,
+static int derive_tls_key(int version, int cipher, const char *digest, int digest_length_in_bytes,
 			  unsigned char *retained,
 			  unsigned char *psk, size_t key_len)
 {
@@ -714,6 +714,137 @@ static int derive_retained_key(int hmac, const char *hostnqn,
 	return key_len;
 }
 
+/*
+*
+* HKDF_Extract_Expand_Label(): This function performs the following operations
+*   PRK=HKDF-Extract(0, Secret) followed by 
+*   HKDF-Expand-Label(PRK, Label, Ctx, HashLengh) to generate a new secret
+*     
+* HKDF-Expand-Label: Reference: https://datatracker.ietf.org/doc/html/rfc8446#page-102
+* HKDF-Extract & HKDF-Expand : Reference: https://www.rfc-editor.org/rfc/rfc5869.txt 
+*
+* HKDF-Expand-Label(Secret, Label, Context, Length) =
+*            HKDF-Expand(Secret, HkdfLabel, Length)
+*
+*       Where HkdfLabel is specified as:
+*
+*       struct {
+*           uint16 length = Length;
+*           opaque label<7..255> = "tls13 " + Label;
+*           opaque context<0..255> = Context;
+*       } HkdfLabel;
+*
+*       Derive-Secret(Secret, Label, Messages) =
+*            HKDF-Expand-Label(Secret, Label,
+*                              Transcript-Hash(Messages), Hash.length)
+*
+*
+*  [cipher]                :  HMAC algorithm type [256/384]                            
+*  [Secret]                :  Input to HKDF-Extract(0, Secret) 
+*  [label]                 :  Label to be added to base label ("tls13 ") to produce the HkdfLabel:'opaque label'
+*  [label_length]          :  Length of the Label  
+*  [context]               :  Context to produce to produce the HkdfLabel:'opaque context'
+*  [context_length]        :  Context length to produce to produce the HkdfLabel:'opaque context'
+*  [new_seret]             :  Pointer to the NewSecret generated by HKDF-Expand-Label(...) 
+*  [derived_secret_length] :  Length parameter for HKDF-Expand(Secret, HkdfLabel, Length) 
+*
+*/
+int HKDF_Extract_Expand_Label(unsigned char  cipher,
+                              const unsigned char  *secret,
+                              const char           *label,          uint8_t  label_length,
+                              const char           *context,        uint8_t  context_length,
+                              unsigned char        *derived_secret, uint8_t  derived_secret_length)
+{
+	_cleanup_evp_pkey_ctx_ EVP_PKEY_CTX *ctx = NULL;
+        size_t key_len = derived_secret_length;
+
+        const EVP_MD *md;
+        size_t hmac_len;
+
+        md = select_hmac(cipher, &hmac_len);
+        if (!md || !hmac_len || ((uint16_t)hmac_len != derived_secret_length)) {
+                
+		
+		errno = EINVAL;
+                return -1;
+        }
+
+        ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+        if (!ctx) {
+                errno = ENOMEM;
+                return -1;
+        }
+
+        if (EVP_PKEY_derive_init(ctx) <= 0) {
+                errno = ENOMEM;
+                return -1;
+        }
+        if (EVP_PKEY_CTX_set_hkdf_md(ctx, md) <= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+        if (EVP_PKEY_CTX_set1_hkdf_key(ctx, secret, key_len) <= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+        ////////////////////////////////////////////////////////////////////////////////////////
+        // HkdfLabel: Part 1/3 
+        //            uint16 length = Length;
+        // The 'Length' needs to be represented based on the network byte-order based on
+        // the TLS specification
+        ////////////////////////////////////////////////////////////////////////////////////////
+        uint16_t hkdf_expand_label_length = (((uint16_t)hmac_len & 0xFF) << 8) | ((uint16_t)hmac_len >> 8);
+        if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
+                        (const unsigned char *)&hkdf_expand_label_length, 2) <= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+
+        ////////////////////////////////////////////////////////////////////////////////////////
+        // HkdfLabel: Part 2/3 
+        //            opaque label<7..255> = "tls13 " + Label; 
+        ////////////////////////////////////////////////////////////////////////////////////////
+        const char *tls_13_label = "tls13 ";
+        uint8_t f_label_length = strlen(tls_13_label) + label_length;
+        // add label length: since label is opaque
+        if (EVP_PKEY_CTX_add1_hkdf_info(ctx,(const unsigned char *)&f_label_length, 1) <= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+
+        if (EVP_PKEY_CTX_add1_hkdf_info(ctx, (const unsigned char *)"tls13 ", 6) <= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+
+        if (EVP_PKEY_CTX_add1_hkdf_info(ctx, (const unsigned char *)label, label_length) <= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+
+        ////////////////////////////////////////////////////////////////////////////////////////
+        // HkdfLabel: Part 3/3 
+        //            opaque context<0..255> = Context
+        ////////////////////////////////////////////////////////////////////////////////////////
+        if (EVP_PKEY_CTX_add1_hkdf_info(ctx,(const unsigned char *)&context_length, 1) <= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+
+        if (EVP_PKEY_CTX_add1_hkdf_info(ctx, (const unsigned char *)context, context_length)<= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+
+        // Generate Key now
+        if (EVP_PKEY_derive(ctx, derived_secret, &key_len) <= 0) {
+                errno = ENOKEY;
+                return -1;
+        }
+
+        return key_len;
+}
+
 /*
  * derive_tls_key()
  *
@@ -737,77 +868,29 @@ static int derive_retained_key(int hmac, const char *hostnqn,
  * and the value '0' is invalid here.
  */
 static int derive_tls_key(int version, unsigned char cipher,
-			  const char *context, unsigned char *retained,
+			  const char *psk_digest, uint8_t psk_digest_buffer_length, unsigned char *retained,
 			  unsigned char *psk, size_t key_len)
 {
-	_cleanup_evp_pkey_ctx_ EVP_PKEY_CTX *ctx = NULL;
-	uint16_t length = key_len & 0xFFFF;
-	const EVP_MD *md;
-	size_t hmac_len;
-
-	md = select_hmac(cipher, &hmac_len);
-	if (!md || !hmac_len) {
-		errno = EINVAL;
-		return -1;
-	}
-
-	ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
-	if (!ctx) {
-		errno = ENOMEM;
-		return -1;
-	}
-
-	if (EVP_PKEY_derive_init(ctx) <= 0) {
-		errno = ENOMEM;
-		return -1;
-	}
-	if (EVP_PKEY_CTX_set_hkdf_md(ctx, md) <= 0) {
-		errno = ENOKEY;
-		return -1;
-	}
-	if (EVP_PKEY_CTX_set1_hkdf_key(ctx, retained, key_len) <= 0) {
-		errno = ENOKEY;
-		return -1;
-	}
-	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
-			(const unsigned char *)&length, 2) <= 0) {
-		errno = ENOKEY;
-		return -1;
-	}
-	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
-			(const unsigned char *)"tls13 ", 6) <= 0) {
-		errno = ENOKEY;
-		return -1;
-	}
-	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
-			(const unsigned char *)"nvme-tls-psk", 12) <= 0) {
-		errno = ENOKEY;
-		return -1;
-	}
-	if (version == 1) {
-		char hash_str[5];
-
-		sprintf(hash_str, "%02d ", cipher);
-		if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
-				(const unsigned char *)hash_str,
-				strlen(hash_str)) <= 0) {
-			errno = ENOKEY;
-			return -1;
-		}
-	}
-	if (EVP_PKEY_CTX_add1_hkdf_info(ctx,
-			(const unsigned char *)context,
-			strlen(context)) <= 0) {
-		errno = ENOKEY;
-		return -1;
-	}
-
-	if (EVP_PKEY_derive(ctx, psk, &key_len) <= 0) {
-		errno = ENOKEY;
-		return -1;
-	}
-
-	return key_len;
+      // Reference: https://nvmexpress.org/wp-content/uploads/NVM-Express-TCP-Transport-Specification-Revision-1.1-2024.08.05-Ratified.pdf
+      //
+      // 1. PRK = HKDF-Extract(0, Input PSK); and
+      // 2. TLS PSK = HKDF-Expand-Label(PRK, “nvme-tls-psk”, Context, L),
+      //
+      //       Context = “<hash> <PSK digest>” : 	
+      char context[64+3]; // Max hash size length (64) + 3
+      uint8_t context_length = psk_digest_buffer_length;
+      if (version == 1) {
+           sprintf(&context[0], "%02d ", cipher);
+           memcpy(&context[3], psk_digest, psk_digest_buffer_length);
+           context_length += 3;
+      }
+      else
+      {
+           memcpy(&context[0], psk_digest, psk_digest_buffer_length);
+      }
+
+      return HKDF_Extract_Expand_Label(cipher, &retained[0], "nvme-tls-psk", strlen("nvme-tls-psk"),
+                                       context, context_length, psk, key_len);
 }
 
 static DEFINE_CLEANUP_FUNC(
@@ -1073,7 +1156,7 @@ static int derive_nvme_keys(const char *hostnqn, const char *subsysnqn,
 			       digest, identity);
 	if (ret < 0)
 		return ret;
-	return derive_tls_key(version, cipher, context, retained,
+	return derive_tls_key(version, cipher, context, strlen(context), retained,
 			      psk, key_len);
 }
 
