Software APIs
sw
device
lib
crypto
include
hkdf.h
Go to the documentation of this file.
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
5
#ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HKDF_H_
6
#define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HKDF_H_
7
8
#include "datatypes.h"
9
10
/**
11
* @file
12
* @brief HKDF operations for the OpenTitan cryptography library.
13
*
14
* Implements the HMAC-based extract-and-expand key derivation function
15
* specified in IETF RFC 5869.
16
*/
17
18
#ifdef __cplusplus
19
extern
"C"
{
20
#endif
// __cplusplus
21
22
/**
23
* Performs HKDF (IETF RFC 5869) in one shot, both expand and extract stages.
24
*
25
* The hash mode for the underlying HMAC is determined by the mode of the input
26
* key material, e.g. the key mode `kOtcryptoKeyModeHmacSha256` results in HMAC
27
* with SHA-256.
28
*
29
* The caller should allocate and partially populate the `okm` blinded key
30
* struct, including populating the key configuration and allocating space for
31
* the keyblob. The configuration may not indicate a hardware-backed key and
32
* must indicate a symmetric mode. The allocated keyblob length for the output
33
* key should be twice the unmasked key length indicated in its key
34
* configuration, rounded up to the nearest 32-bit word. This unmasked key
35
* length must not be longer than 255*<length of digest for the chosen hash
36
* mode>, as per the RFC. The value in the `checksum` field of the blinded key
37
* struct will be populated by the key derivation function.
38
*
39
* @param ikm Blinded input key material.
40
* @param salt Salt value (optional, may be empty).
41
* @param info Context-specific string (optional, may be empty).
42
* @param[out] okm Blinded output keying material.
43
* @return Result of the key derivation operation.
44
*/
45
otcrypto_status_t
otcrypto_hkdf
(
const
otcrypto_blinded_key_t
ikm,
46
otcrypto_const_byte_buf_t
salt,
47
otcrypto_const_byte_buf_t
info,
48
otcrypto_blinded_key_t
*okm);
49
50
/**
51
* Performs the "extract" step of HKDF (IETF RFC 5869).
52
*
53
* The hash mode for the underlying HMAC is determined by the mode of the input
54
* key material, e.g. the key mode `kOtcryptoKeyModeHmacSha256` results in HMAC
55
* with SHA-256.
56
*
57
* The caller should allocate and partially populate the `prk` blinded key
58
* struct, including populating the key configuration and allocating space for
59
* the keyblob. The configuration may not indicate a hardware-backed key, and
60
* the mode should be the same HMAC mode as the input keying material. The
61
* allocated keyblob length should be twice the hash function digest length for
62
* the chosen hash mode (e.g. 512 bits for SHA-256).
63
*
64
* @param ikm Blinded input key material.
65
* @param salt Salt value (optional, may be empty).
66
* @param[out] prk Extracted pseudo-random key.
67
* @return Result of the key derivation operation.
68
*/
69
otcrypto_status_t
otcrypto_hkdf_extract
(
const
otcrypto_blinded_key_t
ikm,
70
otcrypto_const_byte_buf_t
salt,
71
otcrypto_blinded_key_t
*prk);
72
73
/**
74
* Performs the "expand" step of HKDF (IETF RFC 5869).
75
*
76
* The hash mode for the underlying HMAC is determined by the mode of the
77
* pseudo-random key, e.g. the key mode `kOtcryptoKeyModeHmacSha256` results in
78
* HMAC with SHA-256.
79
*
80
* See `otcrypto_hkdf` for the requirements on `okm`.
81
*
82
* @param prk Pseudo-random key from HKDF-extract.
83
* @param info Context-specific string (optional).
84
* @param[out] okm Blinded output key material.
85
* @return Result of the key derivation operation.
86
*/
87
otcrypto_status_t
otcrypto_hkdf_expand
(
const
otcrypto_blinded_key_t
prk,
88
otcrypto_const_byte_buf_t
info,
89
otcrypto_blinded_key_t
*okm);
90
91
#ifdef __cplusplus
92
}
// extern "C"
93
#endif
// __cplusplus
94
95
#endif
// OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_HKDF_H_
Return to
OpenTitan Documentation