hkdf.h File Reference
This file contains the HKDF interface. More...
Include dependency graph for hkdf.h:
Go to the source code of this file.
HKDF Error codes | |
| #define | MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 |
| int | mbedtls_hkdf (const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len) |
| This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF). | |
| int | mbedtls_hkdf_extract (const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk) |
Take the input keying material ikm and extract from it a fixed-length pseudorandom key prk. | |
| int | mbedtls_hkdf_expand (const mbedtls_md_info_t *md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len) |
Expand the supplied prk into several additional pseudorandom keys, which is the output of the HKDF. | |
Detailed Description
This file contains the HKDF interface.
The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is
specified by RFC 5869.
Definition in file hkdf.h.
Macro Definition Documentation
◆ MBEDTLS_ERR_HKDF_BAD_INPUT_DATA
| #define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 |
Function Documentation
◆ mbedtls_hkdf()
| int mbedtls_hkdf | ( | const mbedtls_md_info_t * | md, |
| const unsigned char * | salt, | ||
| size_t | salt_len, | ||
| const unsigned char * | ikm, | ||
| size_t | ikm_len, | ||
| const unsigned char * | info, | ||
| size_t | info_len, | ||
| unsigned char * | okm, | ||
| size_t | okm_len | ||
| ) |
This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
- Parameters
-
md A hash function; md.size denotes the length of the hash function output in bytes. salt An optional salt value (a non-secret random value); if the salt is not provided, a string of all zeros of md.size length is used as the salt. salt_len The length in bytes of the optional salt.ikm The input keying material. ikm_len The length in bytes of ikm.info An optional context and application specific information string. This can be a zero-length string. info_len The length of infoin bytes.okm The output keying material of okm_lenbytes.okm_len The length of the output keying material in bytes. This must be less than or equal to 255 * md.size bytes.
- Returns
- 0 on success.
- MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.
◆ mbedtls_hkdf_expand()
| int mbedtls_hkdf_expand | ( | const mbedtls_md_info_t * | md, |
| const unsigned char * | prk, | ||
| size_t | prk_len, | ||
| const unsigned char * | info, | ||
| size_t | info_len, | ||
| unsigned char * | okm, | ||
| size_t | okm_len | ||
| ) |
Expand the supplied prk into several additional pseudorandom keys, which is the output of the HKDF.
- Warning
- This function should only be used if the security of it has been studied and established in that particular context (eg. TLS 1.3 key schedule). For standard HKDF security guarantees use
mbedtls_hkdfinstead.
- Parameters
-
md A hash function; md.size denotes the length of the hash function output in bytes. prk A pseudorandom key of at least md.size bytes. prkis usually the output from the HKDF extract step.prk_len The length in bytes of prk.info An optional context and application specific information string. This can be a zero-length string. info_len The length of infoin bytes.okm The output keying material of okm_lenbytes.okm_len The length of the output keying material in bytes. This must be less than or equal to 255 * md.size bytes.
- Returns
- 0 on success.
- MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.
◆ mbedtls_hkdf_extract()
| int mbedtls_hkdf_extract | ( | const mbedtls_md_info_t * | md, |
| const unsigned char * | salt, | ||
| size_t | salt_len, | ||
| const unsigned char * | ikm, | ||
| size_t | ikm_len, | ||
| unsigned char * | prk | ||
| ) |
Take the input keying material ikm and extract from it a fixed-length pseudorandom key prk.
- Warning
- This function should only be used if the security of it has been studied and established in that particular context (eg. TLS 1.3 key schedule). For standard HKDF security guarantees use
mbedtls_hkdfinstead.
- Parameters
-
md A hash function; md.size denotes the length of the hash function output in bytes. salt An optional salt value (a non-secret random value); if the salt is not provided, a string of all zeros of md.size length is used as the salt. salt_len The length in bytes of the optional salt.ikm The input keying material. ikm_len The length in bytes of ikm.[out] prk A pseudorandom key of at least md.size bytes.
- Returns
- 0 on success.
- MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
- An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.
