--- /dev/null
+/**\r
+ * \file hkdf.h\r
+ *\r
+ * \brief This file contains the HKDF interface.\r
+ *\r
+ * The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is\r
+ * specified by RFC 5869.\r
+ */\r
+/*\r
+ * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved\r
+ * SPDX-License-Identifier: Apache-2.0\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may\r
+ * not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\r
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ * This file is part of mbed TLS (https://tls.mbed.org)\r
+ */\r
+#ifndef MBEDTLS_HKDF_H\r
+#define MBEDTLS_HKDF_H\r
+\r
+#if !defined(MBEDTLS_CONFIG_FILE)\r
+#include "config.h"\r
+#else\r
+#include MBEDTLS_CONFIG_FILE\r
+#endif\r
+\r
+#include "md.h"\r
+\r
+/**\r
+ * \name HKDF Error codes\r
+ * \{\r
+ */\r
+#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 /**< Bad input parameters to function. */\r
+/* \} name */\r
+\r
+#ifdef __cplusplus\r
+extern "C" {\r
+#endif\r
+\r
+/**\r
+ * \brief This is the HMAC-based Extract-and-Expand Key Derivation Function\r
+ * (HKDF).\r
+ *\r
+ * \param md A hash function; md.size denotes the length of the hash\r
+ * function output in bytes.\r
+ * \param salt An optional salt value (a non-secret random value);\r
+ * if the salt is not provided, a string of all zeros of\r
+ * md.size length is used as the salt.\r
+ * \param salt_len The length in bytes of the optional \p salt.\r
+ * \param ikm The input keying material.\r
+ * \param ikm_len The length in bytes of \p ikm.\r
+ * \param info An optional context and application specific information\r
+ * string. This can be a zero-length string.\r
+ * \param info_len The length of \p info in bytes.\r
+ * \param okm The output keying material of \p okm_len bytes.\r
+ * \param okm_len The length of the output keying material in bytes. This\r
+ * must be less than or equal to 255 * md.size bytes.\r
+ *\r
+ * \return 0 on success.\r
+ * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.\r
+ * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying\r
+ * MD layer.\r
+ */\r
+int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,\r
+ size_t salt_len, const unsigned char *ikm, size_t ikm_len,\r
+ const unsigned char *info, size_t info_len,\r
+ unsigned char *okm, size_t okm_len );\r
+\r
+/**\r
+ * \brief Take the input keying material \p ikm and extract from it a\r
+ * fixed-length pseudorandom key \p prk.\r
+ *\r
+ * \warning This function should only be used if the security of it has been\r
+ * studied and established in that particular context (eg. TLS 1.3\r
+ * key schedule). For standard HKDF security guarantees use\r
+ * \c mbedtls_hkdf instead.\r
+ *\r
+ * \param md A hash function; md.size denotes the length of the\r
+ * hash function output in bytes.\r
+ * \param salt An optional salt value (a non-secret random value);\r
+ * if the salt is not provided, a string of all zeros\r
+ * of md.size length is used as the salt.\r
+ * \param salt_len The length in bytes of the optional \p salt.\r
+ * \param ikm The input keying material.\r
+ * \param ikm_len The length in bytes of \p ikm.\r
+ * \param[out] prk A pseudorandom key of at least md.size bytes.\r
+ *\r
+ * \return 0 on success.\r
+ * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.\r
+ * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying\r
+ * MD layer.\r
+ */\r
+int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,\r
+ const unsigned char *salt, size_t salt_len,\r
+ const unsigned char *ikm, size_t ikm_len,\r
+ unsigned char *prk );\r
+\r
+/**\r
+ * \brief Expand the supplied \p prk into several additional pseudorandom\r
+ * keys, which is the output of the HKDF.\r
+ *\r
+ * \warning This function should only be used if the security of it has been\r
+ * studied and established in that particular context (eg. TLS 1.3\r
+ * key schedule). For standard HKDF security guarantees use\r
+ * \c mbedtls_hkdf instead.\r
+ *\r
+ * \param md A hash function; md.size denotes the length of the hash\r
+ * function output in bytes.\r
+ * \param prk A pseudorandom key of at least md.size bytes. \p prk is\r
+ * usually the output from the HKDF extract step.\r
+ * \param prk_len The length in bytes of \p prk.\r
+ * \param info An optional context and application specific information\r
+ * string. This can be a zero-length string.\r
+ * \param info_len The length of \p info in bytes.\r
+ * \param okm The output keying material of \p okm_len bytes.\r
+ * \param okm_len The length of the output keying material in bytes. This\r
+ * must be less than or equal to 255 * md.size bytes.\r
+ *\r
+ * \return 0 on success.\r
+ * \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.\r
+ * \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying\r
+ * MD layer.\r
+ */\r
+int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,\r
+ size_t prk_len, const unsigned char *info,\r
+ size_t info_len, unsigned char *okm, size_t okm_len );\r
+\r
+#ifdef __cplusplus\r
+}\r
+#endif\r
+\r
+#endif /* hkdf.h */\r
projects / freertos / blobdiff