Botan  2.12.1
Crypto and TLS for C++11
hkdf.h
Go to the documentation of this file.
1 /*
2 * HKDF
3 * (C) 2013,2015 Jack Lloyd
4 * (C) 2016 RenĂ© Korthaus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_HKDF_H_
10 #define BOTAN_HKDF_H_
11 
12 #include <botan/mac.h>
13 #include <botan/kdf.h>
14 
15 /*
16 * The definitions of HKDF, HKDF_Extract, HKDF_Expand will be made internal
17 * in the future. However the function hkdf_expand_label will still be defined.
18 */
19 //BOTAN_FUTURE_INTERNAL_HEADER(hkdf.h)
20 
21 namespace Botan {
22 
23 /**
24 * HKDF from RFC 5869.
25 */
26 class BOTAN_PUBLIC_API(2,0) HKDF final : public KDF
27  {
28  public:
29  /**
30  * @param prf MAC algorithm to use
31  */
32  explicit HKDF(MessageAuthenticationCode* prf) : m_prf(prf) {}
33 
34  KDF* clone() const override { return new HKDF(m_prf->clone()); }
35 
36  std::string name() const override { return "HKDF(" + m_prf->name() + ")"; }
37 
38  size_t kdf(uint8_t key[], size_t key_len,
39  const uint8_t secret[], size_t secret_len,
40  const uint8_t salt[], size_t salt_len,
41  const uint8_t label[], size_t label_len) const override;
42 
43  private:
44  std::unique_ptr<MessageAuthenticationCode> m_prf;
45  };
46 
47 /**
48 * HKDF Extraction Step from RFC 5869.
49 */
51  {
52  public:
53  /**
54  * @param prf MAC algorithm to use
55  */
56  explicit HKDF_Extract(MessageAuthenticationCode* prf) : m_prf(prf) {}
57 
58  KDF* clone() const override { return new HKDF_Extract(m_prf->clone()); }
59 
60  std::string name() const override { return "HKDF-Extract(" + m_prf->name() + ")"; }
61 
62  size_t kdf(uint8_t key[], size_t key_len,
63  const uint8_t secret[], size_t secret_len,
64  const uint8_t salt[], size_t salt_len,
65  const uint8_t label[], size_t label_len) const override;
66 
67  private:
68  std::unique_ptr<MessageAuthenticationCode> m_prf;
69  };
70 
71 /**
72 * HKDF Expansion Step from RFC 5869.
73 */
75  {
76  public:
77  /**
78  * @param prf MAC algorithm to use
79  */
80  explicit HKDF_Expand(MessageAuthenticationCode* prf) : m_prf(prf) {}
81 
82  KDF* clone() const override { return new HKDF_Expand(m_prf->clone()); }
83 
84  std::string name() const override { return "HKDF-Expand(" + m_prf->name() + ")"; }
85 
86  size_t kdf(uint8_t key[], size_t key_len,
87  const uint8_t secret[], size_t secret_len,
88  const uint8_t salt[], size_t salt_len,
89  const uint8_t label[], size_t label_len) const override;
90 
91  private:
92  std::unique_ptr<MessageAuthenticationCode> m_prf;
93  };
94 
95 /**
96 * HKDF-Expand-Label from TLS 1.3/QUIC
97 * @param hash_fn the hash to use
98 * @param secret the secret bits
99 * @param secret_len the length of secret
100 * @param label the full label (no "TLS 1.3, " or "tls13 " prefix
101 * is applied)
102 * @param hash_val the previous hash value (used for chaining, may be empty)
103 * @param hash_val_len the length of hash_val
104 * @param length the desired output length
105 */
106 secure_vector<uint8_t>
108  const std::string& hash_fn,
109  const uint8_t secret[], size_t secret_len,
110  const std::string& label,
111  const uint8_t hash_val[], size_t hash_val_len,
112  size_t length);
113 
114 
115 }
116 
117 #endif
KDF * clone() const override
Definition: hkdf.h:58
std::string name() const override
Definition: hkdf.h:36
int(* final)(unsigned char *, CTX *)
std::string name() const override
Definition: hkdf.h:84
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
Definition: bigint.h:1135
KDF * clone() const override
Definition: hkdf.h:34
std::string name() const override
Definition: hkdf.h:60
KDF * clone() const override
Definition: hkdf.h:82
size_t salt_len
Definition: x509_obj.cpp:25
secure_vector< uint8_t > hkdf_expand_label(const std::string &hash_fn, const uint8_t secret[], size_t secret_len, const std::string &label, const uint8_t hash_val[], size_t hash_val_len, size_t length)
Definition: hkdf.cpp:78
Definition: alg_id.cpp:13
Definition: kdf.h:20
HKDF(MessageAuthenticationCode *prf)
Definition: hkdf.h:32
HKDF_Extract(MessageAuthenticationCode *prf)
Definition: hkdf.h:56
HKDF_Expand(MessageAuthenticationCode *prf)
Definition: hkdf.h:80