Botan  2.8.0
Crypto and TLS for C++11
hkdf.h
Go to the documentation of this file.
1 /*
2 * HKDF
3 * (C) 2013,2015 Jack Lloyd
4 * (C) 2016 RenĂ© Korthaus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_HKDF_H_
10 #define BOTAN_HKDF_H_
11 
12 #include <botan/mac.h>
13 #include <botan/kdf.h>
14 
15 namespace Botan {
16 
17 /**
18 * HKDF from RFC 5869.
19 */
20 class BOTAN_PUBLIC_API(2,0) HKDF final : public KDF
21  {
22  public:
23  /**
24  * @param prf MAC algorithm to use
25  */
26  explicit HKDF(MessageAuthenticationCode* prf) : m_prf(prf) {}
27 
28  KDF* clone() const override { return new HKDF(m_prf->clone()); }
29 
30  std::string name() const override { return "HKDF(" + m_prf->name() + ")"; }
31 
32  size_t kdf(uint8_t key[], size_t key_len,
33  const uint8_t secret[], size_t secret_len,
34  const uint8_t salt[], size_t salt_len,
35  const uint8_t label[], size_t label_len) const override;
36 
37  private:
38  std::unique_ptr<MessageAuthenticationCode> m_prf;
39  };
40 
41 /**
42 * HKDF Extraction Step from RFC 5869.
43 */
45  {
46  public:
47  /**
48  * @param prf MAC algorithm to use
49  */
50  explicit HKDF_Extract(MessageAuthenticationCode* prf) : m_prf(prf) {}
51 
52  KDF* clone() const override { return new HKDF_Extract(m_prf->clone()); }
53 
54  std::string name() const override { return "HKDF-Extract(" + m_prf->name() + ")"; }
55 
56  size_t kdf(uint8_t key[], size_t key_len,
57  const uint8_t secret[], size_t secret_len,
58  const uint8_t salt[], size_t salt_len,
59  const uint8_t label[], size_t label_len) const override;
60 
61  private:
62  std::unique_ptr<MessageAuthenticationCode> m_prf;
63  };
64 
65 /**
66 * HKDF Expansion Step from RFC 5869.
67 */
69  {
70  public:
71  /**
72  * @param prf MAC algorithm to use
73  */
74  explicit HKDF_Expand(MessageAuthenticationCode* prf) : m_prf(prf) {}
75 
76  KDF* clone() const override { return new HKDF_Expand(m_prf->clone()); }
77 
78  std::string name() const override { return "HKDF-Expand(" + m_prf->name() + ")"; }
79 
80  size_t kdf(uint8_t key[], size_t key_len,
81  const uint8_t secret[], size_t secret_len,
82  const uint8_t salt[], size_t salt_len,
83  const uint8_t label[], size_t label_len) const override;
84 
85  private:
86  std::unique_ptr<MessageAuthenticationCode> m_prf;
87  };
88 
89 /**
90 * HKDF-Expand-Label from TLS 1.3/QUIC
91 * @param hash_fn the hash to use
92 * @param secret the secret bits
93 * @param secret_len the length of secret
94 * @param label the full label (no "TLS 1.3, " or "tls13 " prefix
95 * is applied)
96 * @param hash_val the previous hash value (used for chaining, may be empty)
97 * @param hash_val_len the length of hash_val
98 * @param length the desired output length
99 */
100 secure_vector<uint8_t>
102  const std::string& hash_fn,
103  const uint8_t secret[], size_t secret_len,
104  const std::string& label,
105  const uint8_t hash_val[], size_t hash_val_len,
106  size_t length);
107 
108 
109 }
110 
111 #endif
KDF * clone() const override
Definition: hkdf.h:52
std::string name() const override
Definition: hkdf.h:30
int(* final)(unsigned char *, CTX *)
std::string name() const override
Definition: hkdf.h:78
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
Definition: bigint.h:891
KDF * clone() const override
Definition: hkdf.h:28
std::string name() const override
Definition: hkdf.h:54
KDF * clone() const override
Definition: hkdf.h:76
size_t salt_len
Definition: x509_obj.cpp:26
secure_vector< uint8_t > hkdf_expand_label(const std::string &hash_fn, const uint8_t secret[], size_t secret_len, const std::string &label, const uint8_t hash_val[], size_t hash_val_len, size_t length)
Definition: hkdf.cpp:77
Definition: alg_id.cpp:13
Definition: kdf.h:20
HKDF(MessageAuthenticationCode *prf)
Definition: hkdf.h:26
HKDF_Extract(MessageAuthenticationCode *prf)
Definition: hkdf.h:50
HKDF_Expand(MessageAuthenticationCode *prf)
Definition: hkdf.h:74