Botan 3.7.1
Crypto and TLS for C&
hkdf.h
Go to the documentation of this file.
1/*
2* HKDF
3* (C) 2013,2015 Jack Lloyd
4* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_HKDF_H_
10#define BOTAN_HKDF_H_
11
12#include <botan/kdf.h>
13#include <botan/mac.h>
14
15namespace Botan {
16
17/**
18* HKDF from RFC 5869.
19*/
20class HKDF final : public KDF {
21 public:
22 /**
23 * @param prf MAC algorithm to use
24 */
25 explicit HKDF(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}
26
27 std::unique_ptr<KDF> new_object() const override;
28
29 std::string name() const override;
30
31 private:
32 void perform_kdf(std::span<uint8_t> key,
33 std::span<const uint8_t> secret,
34 std::span<const uint8_t> salt,
35 std::span<const uint8_t> label) const override;
36
37 private:
38 std::unique_ptr<MessageAuthenticationCode> m_prf;
39};
40
41/**
42* HKDF Extraction Step from RFC 5869.
43*/
44class HKDF_Extract final : public KDF {
45 public:
46 /**
47 * @param prf MAC algorithm to use
48 */
49 explicit HKDF_Extract(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}
50
51 std::unique_ptr<KDF> new_object() const override;
52
53 std::string name() const override;
54
55 private:
56 void perform_kdf(std::span<uint8_t> key,
57 std::span<const uint8_t> secret,
58 std::span<const uint8_t> salt,
59 std::span<const uint8_t> label) const override;
60
61 private:
62 std::unique_ptr<MessageAuthenticationCode> m_prf;
63};
64
65/**
66* HKDF Expansion Step from RFC 5869.
67*/
68class HKDF_Expand final : public KDF {
69 public:
70 /**
71 * @param prf MAC algorithm to use
72 */
73 explicit HKDF_Expand(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}
74
75 std::unique_ptr<KDF> new_object() const override;
76
77 std::string name() const override;
78
79 private:
80 void perform_kdf(std::span<uint8_t> key,
81 std::span<const uint8_t> secret,
82 std::span<const uint8_t> salt,
83 std::span<const uint8_t> label) const override;
84
85 private:
86 std::unique_ptr<MessageAuthenticationCode> m_prf;
87};
88
89/**
90* HKDF-Expand-Label from TLS 1.3/QUIC
91* @param hash_fn the hash to use
92* @param secret the secret bits
93* @param label the full label (no "TLS 1.3, " or "tls13 " prefix
94* is applied)
95* @param hash_val the previous hash value (used for chaining, may be empty)
96* @param length the desired output length
97*/
99 std::span<const uint8_t> secret,
100 std::string_view label,
101 std::span<const uint8_t> hash_val,
102 size_t length);
103
104} // namespace Botan
105
106#endif
#define BOTAN_TEST_API
Definition api.h:39
std::string name() const override
Definition hkdf.cpp:79
std::unique_ptr< KDF > new_object() const override
Definition hkdf.cpp:75
HKDF_Expand(std::unique_ptr< MessageAuthenticationCode > prf)
Definition hkdf.h:73
std::unique_ptr< KDF > new_object() const override
Definition hkdf.cpp:39
HKDF_Extract(std::unique_ptr< MessageAuthenticationCode > prf)
Definition hkdf.h:49
std::string name() const override
Definition hkdf.cpp:43
std::string name() const override
Definition hkdf.cpp:23
std::unique_ptr< KDF > new_object() const override
Definition hkdf.cpp:19
HKDF(std::unique_ptr< MessageAuthenticationCode > prf)
Definition hkdf.h:25
int(* final)(unsigned char *, CTX *)
secure_vector< uint8_t > hkdf_expand_label(std::string_view hash_fn, std::span< const uint8_t > secret, std::string_view label, std::span< const uint8_t > hash_val, size_t length)
Definition hkdf.cpp:118
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61