Botan 2.19.3
Crypto and TLS for C&
hkdf.h
Go to the documentation of this file.
1/*
2* HKDF
3* (C) 2013,2015 Jack Lloyd
4* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_HKDF_H_
10#define BOTAN_HKDF_H_
11
12#include <botan/mac.h>
13#include <botan/kdf.h>
14
15/*
16* The definitions of HKDF, HKDF_Extract, HKDF_Expand will be made internal
17* in the future. However the function hkdf_expand_label will still be defined.
18*/
19//BOTAN_FUTURE_INTERNAL_HEADER(hkdf.h)
20
21namespace Botan {
22
23/**
24* HKDF from RFC 5869.
25*/
26class BOTAN_PUBLIC_API(2,0) HKDF final : public KDF
27 {
28 public:
29 /**
30 * @param prf MAC algorithm to use
31 */
32 explicit HKDF(MessageAuthenticationCode* prf) : m_prf(prf) {}
33
34 KDF* clone() const override { return new HKDF(m_prf->clone()); }
35
36 std::string name() const override { return "HKDF(" + m_prf->name() + ")"; }
37
38 size_t kdf(uint8_t key[], size_t key_len,
39 const uint8_t secret[], size_t secret_len,
40 const uint8_t salt[], size_t salt_len,
41 const uint8_t label[], size_t label_len) const override;
42
43 private:
44 std::unique_ptr<MessageAuthenticationCode> m_prf;
45 };
46
47/**
48* HKDF Extraction Step from RFC 5869.
49*/
51 {
52 public:
53 /**
54 * @param prf MAC algorithm to use
55 */
56 explicit HKDF_Extract(MessageAuthenticationCode* prf) : m_prf(prf) {}
57
58 KDF* clone() const override { return new HKDF_Extract(m_prf->clone()); }
59
60 std::string name() const override { return "HKDF-Extract(" + m_prf->name() + ")"; }
61
62 size_t kdf(uint8_t key[], size_t key_len,
63 const uint8_t secret[], size_t secret_len,
64 const uint8_t salt[], size_t salt_len,
65 const uint8_t label[], size_t label_len) const override;
66
67 private:
68 std::unique_ptr<MessageAuthenticationCode> m_prf;
69 };
70
71/**
72* HKDF Expansion Step from RFC 5869.
73*/
75 {
76 public:
77 /**
78 * @param prf MAC algorithm to use
79 */
80 explicit HKDF_Expand(MessageAuthenticationCode* prf) : m_prf(prf) {}
81
82 KDF* clone() const override { return new HKDF_Expand(m_prf->clone()); }
83
84 std::string name() const override { return "HKDF-Expand(" + m_prf->name() + ")"; }
85
86 size_t kdf(uint8_t key[], size_t key_len,
87 const uint8_t secret[], size_t secret_len,
88 const uint8_t salt[], size_t salt_len,
89 const uint8_t label[], size_t label_len) const override;
90
91 private:
92 std::unique_ptr<MessageAuthenticationCode> m_prf;
93 };
94
95/**
96* HKDF-Expand-Label from TLS 1.3/QUIC
97* @param hash_fn the hash to use
98* @param secret the secret bits
99* @param secret_len the length of secret
100* @param label the full label (no "TLS 1.3, " or "tls13 " prefix
101* is applied)
102* @param hash_val the previous hash value (used for chaining, may be empty)
103* @param hash_val_len the length of hash_val
104* @param length the desired output length
105*/
106secure_vector<uint8_t>
108 const std::string& hash_fn,
109 const uint8_t secret[], size_t secret_len,
110 const std::string& label,
111 const uint8_t hash_val[], size_t hash_val_len,
112 size_t length);
113
114
115}
116
117#endif
std::string name() const override
Definition hkdf.h:84
HKDF_Expand(MessageAuthenticationCode *prf)
Definition hkdf.h:80
KDF * clone() const override
Definition hkdf.h:82
KDF * clone() const override
Definition hkdf.h:58
HKDF_Extract(MessageAuthenticationCode *prf)
Definition hkdf.h:56
std::string name() const override
Definition hkdf.h:60
std::string name() const override
Definition hkdf.h:36
KDF * clone() const override
Definition hkdf.h:34
HKDF(MessageAuthenticationCode *prf)
Definition hkdf.h:32
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
secure_vector< uint8_t > hkdf_expand_label(const std::string &hash_fn, const uint8_t secret[], size_t secret_len, const std::string &label, const uint8_t hash_val[], size_t hash_val_len, size_t length)
Definition hkdf.cpp:80
Definition bigint.h:1143
size_t salt_len
Definition x509_obj.cpp:25