This file contains the HKDF interface. More...

Functions
int	mbedtls_hkdf (const mbedtls_md_info_t md, const unsigned char salt, size_t salt_len, const unsigned char ikm, size_t ikm_len, const unsigned char info, size_t info_len, unsigned char *okm, size_t okm_len)
	This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF).
int	mbedtls_hkdf_extract (const mbedtls_md_info_t md, const unsigned char salt, size_t salt_len, const unsigned char ikm, size_t ikm_len, unsigned char prk)
	Take the input keying material `ikm` and extract from it a fixed-length pseudorandom key `prk`.
int	mbedtls_hkdf_expand (const mbedtls_md_info_t md, const unsigned char prk, size_t prk_len, const unsigned char info, size_t info_len, unsigned char okm, size_t okm_len)
	Expand the supplied `prk` into several additional pseudorandom keys, which is the output of the HKDF.

Detailed Description

This file contains the HKDF interface.

The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is specified by RFC 5869.

Definition in file hkdf.h.

Function Documentation

This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF).

Parameters:

md	A hash function; md.size denotes the length of the hash function output in bytes.
salt	An optional salt value (a non-secret random value); if the salt is not provided, a string of all zeros of md.size length is used as the salt.
salt_len	The length in bytes of the optional `salt`.
ikm	The input keying material.
ikm_len	The length in bytes of `ikm`.
info	An optional context and application specific information string. This can be a zero-length string.
info_len	The length of `info` in bytes.
okm	The output keying material of `okm_len` bytes.
okm_len	The length of the output keying material in bytes. This must be less than or equal to 255 * md.size bytes.

Returns:: 0 on success.; MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.; An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.

Definition at line 33 of file hkdf.c.

Expand the supplied prk into several additional pseudorandom keys, which is the output of the HKDF.

Warning:: This function should only be used if the security of it has been studied and established in that particular context (eg. TLS 1.3 key schedule). For standard HKDF security guarantees use mbedtls_hkdf instead.

Parameters:

md	A hash function; md.size denotes the length of the hash function output in bytes.
prk	A pseudorandom key of at least md.size bytes. `prk` is usually the output from the HKDF extract step.
prk_len	The length in bytes of `prk`.
info	An optional context and application specific information string. This can be a zero-length string.
info_len	The length of `info` in bytes.
okm	The output keying material of `okm_len` bytes.
okm_len	The length of the output keying material in bytes. This must be less than or equal to 255 * md.size bytes.

Returns:: 0 on success.; MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.; An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.

Definition at line 84 of file hkdf.c.

Take the input keying material ikm and extract from it a fixed-length pseudorandom key prk.

Warning:: This function should only be used if the security of it has been studied and established in that particular context (eg. TLS 1.3 key schedule). For standard HKDF security guarantees use mbedtls_hkdf instead.

Parameters:

	md	A hash function; md.size denotes the length of the hash function output in bytes.
	salt	An optional salt value (a non-secret random value); if the salt is not provided, a string of all zeros of md.size length is used as the salt.
	salt_len	The length in bytes of the optional `salt`.
	ikm	The input keying material.
	ikm_len	The length in bytes of `ikm`.
[out]	prk	A pseudorandom key of at least md.size bytes.

Returns:: 0 on success.; MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.; An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.

Definition at line 54 of file hkdf.c.