blob: 6b7d00dd6e200bd093cb8311d211d8d0f5a05efd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CRYPTO_HKDF_H_
#define CRYPTO_HKDF_H_
#include <stddef.h>
#include <stdint.h>
#include <vector>
#include "base/strings/string_piece.h"
#include "crypto/crypto_export.h"
namespace crypto {
// HKDF implements the key derivation function specified in RFC 5869 (using
// SHA-256) and outputs key material, as needed by QUIC.
// See https://tools.ietf.org/html/rfc5869 for details.
class CRYPTO_EXPORT HKDF {
public:
// |secret|: the input shared secret (or, from RFC 5869, the IKM).
// |salt|: an (optional) public salt / non-secret random value. While
// optional, callers are strongly recommended to provide a salt. There is no
// added security value in making this larger than the SHA-256 block size of
// 64 bytes.
// |info|: an (optional) label to distinguish different uses of HKDF. It is
// optional context and application specific information (can be a zero-length
// string).
// |key_bytes_to_generate|: the number of bytes of key material to generate
// for both client and server.
// |iv_bytes_to_generate|: the number of bytes of IV to generate for both
// client and server.
// |subkey_secret_bytes_to_generate|: the number of bytes of subkey secret to
// generate, shared between client and server.
HKDF(const base::StringPiece& secret,
const base::StringPiece& salt,
const base::StringPiece& info,
size_t key_bytes_to_generate,
size_t iv_bytes_to_generate,
size_t subkey_secret_bytes_to_generate);
~HKDF();
base::StringPiece client_write_key() const {
return client_write_key_;
}
base::StringPiece client_write_iv() const {
return client_write_iv_;
}
base::StringPiece server_write_key() const {
return server_write_key_;
}
base::StringPiece server_write_iv() const {
return server_write_iv_;
}
base::StringPiece subkey_secret() const {
return subkey_secret_;
}
private:
std::vector<uint8_t> output_;
base::StringPiece client_write_key_;
base::StringPiece server_write_key_;
base::StringPiece client_write_iv_;
base::StringPiece server_write_iv_;
base::StringPiece subkey_secret_;
};
} // namespace crypto
#endif // CRYPTO_HKDF_H_
|