Botan  2.1.0
Crypto and TLS for C++11
hkdf.cpp
Go to the documentation of this file.
1 /*
2 * HKDF
3 * (C) 2013,2015 Jack Lloyd
4 * (C) 2016 RenĂ© Korthaus, Rohde & Schwarz Cybersecurity
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #include <botan/hkdf.h>
10 
11 namespace Botan {
12 
13 size_t HKDF::kdf(uint8_t key[], size_t key_len,
14  const uint8_t secret[], size_t secret_len,
15  const uint8_t salt[], size_t salt_len,
16  const uint8_t label[], size_t label_len) const
17  {
18  HKDF_Extract extract(m_prf->clone());
19  HKDF_Expand expand(m_prf->clone());
20  secure_vector<uint8_t> prk(m_prf->output_length());
21 
22  extract.kdf(prk.data(), prk.size(), secret, secret_len, salt, salt_len, nullptr, 0);
23  return expand.kdf(key, key_len, prk.data(), prk.size(), nullptr, 0, label, label_len);
24  }
25 
26 size_t HKDF_Extract::kdf(uint8_t key[], size_t key_len,
27  const uint8_t secret[], size_t secret_len,
28  const uint8_t salt[], size_t salt_len,
29  const uint8_t[], size_t) const
30  {
32  if(salt_len == 0)
33  {
34  m_prf->set_key(std::vector<uint8_t>(m_prf->output_length()));
35  }
36  else
37  {
38  m_prf->set_key(salt, salt_len);
39  }
40 
41  m_prf->update(secret, secret_len);
42  m_prf->final(prk);
43 
44  const size_t written = std::min(prk.size(), key_len);
45  copy_mem(&key[0], prk.data(), written);
46  return written;
47  }
48 
49 size_t HKDF_Expand::kdf(uint8_t key[], size_t key_len,
50  const uint8_t secret[], size_t secret_len,
51  const uint8_t salt[], size_t salt_len,
52  const uint8_t label[], size_t label_len) const
53  {
54  m_prf->set_key(secret, secret_len);
55 
56  uint8_t counter = 1;
58  size_t offset = 0;
59 
60  while(offset != key_len && counter != 0)
61  {
62  m_prf->update(h);
63  m_prf->update(label, label_len);
64  m_prf->update(salt, salt_len);
65  m_prf->update(counter++);
66  m_prf->final(h);
67 
68  const size_t written = std::min(h.size(), key_len - offset);
69  copy_mem(&key[offset], h.data(), written);
70  offset += written;
71  }
72 
73  return offset;
74  }
75 
76 }
size_t kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
Definition: hkdf.cpp:13
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:121
size_t kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
Definition: hkdf.cpp:26
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68
Definition: alg_id.cpp:13
size_t kdf(uint8_t key[], size_t key_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len) const override
Definition: hkdf.cpp:49
T min(T a, T b)
Definition: ct_utils.h:180