mbed TLS v3.1.0
Functions
hkdf.h File Reference

This file contains the HKDF interface. More...

#include "mbedtls/build_info.h"
#include "mbedtls/md.h"
Include dependency graph for hkdf.h:

Go to the source code of this file.

Macros

HKDF Error codes
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA   -0x5F80
 

Functions

int mbedtls_hkdf (const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len)
 This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF). More...
 
int mbedtls_hkdf_extract (const mbedtls_md_info_t *md, const unsigned char *salt, size_t salt_len, const unsigned char *ikm, size_t ikm_len, unsigned char *prk)
 Take the input keying material ikm and extract from it a fixed-length pseudorandom key prk. More...
 
int mbedtls_hkdf_expand (const mbedtls_md_info_t *md, const unsigned char *prk, size_t prk_len, const unsigned char *info, size_t info_len, unsigned char *okm, size_t okm_len)
 Expand the supplied prk into several additional pseudorandom keys, which is the output of the HKDF. More...
 

Detailed Description

This file contains the HKDF interface.

The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is specified by RFC 5869.

Definition in file hkdf.h.

Macro Definition Documentation

#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA   -0x5F80

Bad input parameters to function.

Definition at line 37 of file hkdf.h.

Function Documentation

int mbedtls_hkdf ( const mbedtls_md_info_t md,
const unsigned char *  salt,
size_t  salt_len,
const unsigned char *  ikm,
size_t  ikm_len,
const unsigned char *  info,
size_t  info_len,
unsigned char *  okm,
size_t  okm_len 
)

This is the HMAC-based Extract-and-Expand Key Derivation Function (HKDF).

Parameters
mdA hash function; md.size denotes the length of the hash function output in bytes.
saltAn optional salt value (a non-secret random value); if the salt is not provided, a string of all zeros of md.size length is used as the salt.
salt_lenThe length in bytes of the optional salt.
ikmThe input keying material.
ikm_lenThe length in bytes of ikm.
infoAn optional context and application specific information string. This can be a zero-length string.
info_lenThe length of info in bytes.
okmThe output keying material of okm_len bytes.
okm_lenThe length of the output keying material in bytes. This must be less than or equal to 255 * md.size bytes.
Returns
0 on success.
MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.
int mbedtls_hkdf_expand ( const mbedtls_md_info_t md,
const unsigned char *  prk,
size_t  prk_len,
const unsigned char *  info,
size_t  info_len,
unsigned char *  okm,
size_t  okm_len 
)

Expand the supplied prk into several additional pseudorandom keys, which is the output of the HKDF.

Warning
This function should only be used if the security of it has been studied and established in that particular context (eg. TLS 1.3 key schedule). For standard HKDF security guarantees use mbedtls_hkdf instead.
Parameters
mdA hash function; md.size denotes the length of the hash function output in bytes.
prkA pseudorandom key of at least md.size bytes. prk is usually the output from the HKDF extract step.
prk_lenThe length in bytes of prk.
infoAn optional context and application specific information string. This can be a zero-length string.
info_lenThe length of info in bytes.
okmThe output keying material of okm_len bytes.
okm_lenThe length of the output keying material in bytes. This must be less than or equal to 255 * md.size bytes.
Returns
0 on success.
MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.
int mbedtls_hkdf_extract ( const mbedtls_md_info_t md,
const unsigned char *  salt,
size_t  salt_len,
const unsigned char *  ikm,
size_t  ikm_len,
unsigned char *  prk 
)

Take the input keying material ikm and extract from it a fixed-length pseudorandom key prk.

Warning
This function should only be used if the security of it has been studied and established in that particular context (eg. TLS 1.3 key schedule). For standard HKDF security guarantees use mbedtls_hkdf instead.
Parameters
mdA hash function; md.size denotes the length of the hash function output in bytes.
saltAn optional salt value (a non-secret random value); if the salt is not provided, a string of all zeros of md.size length is used as the salt.
salt_lenThe length in bytes of the optional salt.
ikmThe input keying material.
ikm_lenThe length in bytes of ikm.
[out]prkA pseudorandom key of at least md.size bytes.
Returns
0 on success.
MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
An MBEDTLS_ERR_MD_* error for errors returned from the underlying MD layer.