HKDF.h (1922B)
1 /* 2 * HKDF - HMAC-based Key Derivation Function 3 * RFC 5869 4 * 5 * Extract-and-Expand paradigm for deriving keys 6 * Used in TLS 1.3, Signal Protocol, etc. 7 */ 8 9 #ifndef HKDF_H 10 #define HKDF_H 11 12 #include <stdint.h> 13 #include <stddef.h> 14 15 #ifdef __cplusplus 16 extern "C" { 17 #endif 18 19 /** 20 * HKDF-Extract: Extract a pseudorandom key from input keying material 21 * 22 * @param salt Optional salt (can be NULL) 23 * @param salt_len Salt length 24 * @param ikm Input keying material 25 * @param ikm_len IKM length 26 * @param prk Output: Pseudorandom key (32 bytes for SHA-256) 27 */ 28 void hkdf_sha256_extract(const uint8_t *salt, size_t salt_len, 29 const uint8_t *ikm, size_t ikm_len, 30 uint8_t prk[32]); 31 32 /** 33 * HKDF-Expand: Expand a pseudorandom key into multiple output keys 34 * 35 * @param prk Pseudorandom key from extract (32 bytes) 36 * @param info Optional context/application info (can be NULL) 37 * @param info_len Info length 38 * @param okm Output keying material 39 * @param okm_len Desired output length (max 255*32 = 8160 bytes for SHA-256) 40 * @return 0 on success, -1 on error 41 */ 42 int hkdf_sha256_expand(const uint8_t prk[32], 43 const uint8_t *info, size_t info_len, 44 uint8_t *okm, size_t okm_len); 45 46 /** 47 * HKDF (Extract-then-Expand): One-shot key derivation 48 * 49 * @param salt Optional salt (can be NULL) 50 * @param salt_len Salt length 51 * @param ikm Input keying material 52 * @param ikm_len IKM length 53 * @param info Optional context info (can be NULL) 54 * @param info_len Info length 55 * @param okm Output keying material 56 * @param okm_len Desired output length 57 * @return 0 on success, -1 on error 58 */ 59 int hkdf_sha256(const uint8_t *salt, size_t salt_len, 60 const uint8_t *ikm, size_t ikm_len, 61 const uint8_t *info, size_t info_len, 62 uint8_t *okm, size_t okm_len); 63 64 #ifdef __cplusplus 65 } 66 #endif 67 68 #endif /* HKDF_H */