• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CRYPTO_HKDF_H_
6 #define CRYPTO_HKDF_H_
7 
8 #include <vector>
9 
10 #include "base/basictypes.h"
11 #include "base/strings/string_piece.h"
12 #include "crypto/crypto_export.h"
13 
14 namespace crypto {
15 
16 // HKDF implements the key derivation function specified in RFC 5869 (using
17 // SHA-256) and outputs key material, as needed by QUIC.
18 // See https://tools.ietf.org/html/rfc5869 for details.
19 class CRYPTO_EXPORT HKDF {
20  public:
21   // |secret|: the input shared secret (or, from RFC 5869, the IKM).
22   // |salt|: an (optional) public salt / non-secret random value. While
23   // optional, callers are strongly recommended to provide a salt. There is no
24   // added security value in making this larger than the SHA-256 block size of
25   // 64 bytes.
26   // |info|: an (optional) label to distinguish different uses of HKDF. It is
27   // optional context and application specific information (can be a zero-length
28   // string).
29   // |key_bytes_to_generate|: the number of bytes of key material to generate
30   // for both client and server.
31   // |iv_bytes_to_generate|: the number of bytes of IV to generate for both
32   // client and server.
33   // |subkey_secret_bytes_to_generate|: the number of bytes of subkey secret to
34   // generate, shared between client and server.
35   HKDF(const base::StringPiece& secret,
36        const base::StringPiece& salt,
37        const base::StringPiece& info,
38        size_t key_bytes_to_generate,
39        size_t iv_bytes_to_generate,
40        size_t subkey_secret_bytes_to_generate);
41   ~HKDF();
42 
client_write_key()43   base::StringPiece client_write_key() const {
44     return client_write_key_;
45   }
client_write_iv()46   base::StringPiece client_write_iv() const {
47     return client_write_iv_;
48   }
server_write_key()49   base::StringPiece server_write_key() const {
50     return server_write_key_;
51   }
server_write_iv()52   base::StringPiece server_write_iv() const {
53     return server_write_iv_;
54   }
subkey_secret()55   base::StringPiece subkey_secret() const {
56     return subkey_secret_;
57   }
58 
59  private:
60   std::vector<uint8> output_;
61 
62   base::StringPiece client_write_key_;
63   base::StringPiece server_write_key_;
64   base::StringPiece client_write_iv_;
65   base::StringPiece server_write_iv_;
66   base::StringPiece subkey_secret_;
67 };
68 
69 }  // namespace crypto
70 
71 #endif  // CRYPTO_HKDF_H_
72