From 48b581d45aa0947e81ddf73891435ff7d8147bd1 Mon Sep 17 00:00:00 2001 From: "rtenneti@chromium.org" Date: Sat, 23 Feb 2013 06:47:22 +0000 Subject: Relanding Porting of HKDF changes from server. Added a2b_hex function to move common code in hkdf_unittest.cc and to make it similar to CL - 40300624. Merge internal CL: 40300624 Original approved CL: https://chromiumcodereview.appspot.com/12326029/ R=agl@chromium.org, rsleevi@chromium.org Review URL: https://chromiumcodereview.appspot.com/12335045 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@184306 0039d316-1c4b-4281-b951-d872f2087c98 --- crypto/hkdf.h | 64 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 crypto/hkdf.h (limited to 'crypto/hkdf.h') diff --git a/crypto/hkdf.h b/crypto/hkdf.h new file mode 100644 index 0000000..4306d3f --- /dev/null +++ b/crypto/hkdf.h @@ -0,0 +1,64 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_HKDF_H_ +#define CRYPTO_HKDF_H_ + +#include + +#include "base/basictypes.h" +#include "base/memory/scoped_ptr.h" +#include "base/string_piece.h" +#include "build/build_config.h" +#include "crypto/crypto_export.h" + +namespace crypto { + +// HKDF implements the key derivation function specified in RFC 5869 (using +// SHA-256) and outputs key material, as needed by QUIC. +// See https://tools.ietf.org/html/rfc5869 for details. +class CRYPTO_EXPORT HKDF { + public: + // |secret|: The input shared secret (or, from RFC 5869, the IKM). + // |salt|: an (optional) public salt / non-secret random value. While + // optional, callers are strongly recommended to provide a salt. There is no + // added security value in making this larger than the SHA-256 block size of + // 64 bytes. + // |info|: an (optional) label to distinguish different uses of HKDF. It is + // optional context and application specific information (can be a zero-length + // string). + // |key_bytes_to_generate|: the number of bytes of key material to generate. + // |iv_bytes_to_generate|: the number of bytes of IV to generate. + HKDF(const base::StringPiece& secret, + const base::StringPiece& salt, + const base::StringPiece& info, + size_t key_bytes_to_generate, + size_t iv_bytes_to_generate); + virtual ~HKDF(); + + base::StringPiece client_write_key() const { + return client_write_key_; + } + base::StringPiece client_write_iv() const { + return client_write_iv_; + } + base::StringPiece server_write_key() const { + return server_write_key_; + } + base::StringPiece server_write_iv() const { + return server_write_iv_; + } + + private: + std::vector output_; + + base::StringPiece client_write_key_; + base::StringPiece server_write_key_; + base::StringPiece client_write_iv_; + base::StringPiece server_write_iv_; +}; + +} // namespace crypto + +#endif // CRYPTO_HKDF_H_ -- cgit v1.1