Add full HKDF implementation

Adds the full HKDF as class HKDF, renames the existing HKDF, which only implemented the expansion step, to HKDF_Expand and adds the extraction step as HKDF_Extract. The latter two are usually only used seperately in protocols such as TLS. A normal user would go for the full HKDF.
author: René Korthaus <[email protected]> 2016-11-12 20:30:40 +0100
committer: René Korthaus <[email protected]> 2016-11-12 20:30:40 +0100
commit: da497797cc7de2b64b63006a0108f785e4a360c1 (patch)
tree: 4e4f09e862d3a1ce14217694ff77c5e90ccc1885 /src/lib/kdf/hkdf/hkdf.h
parent: 37c1a62525c74461693789f983a41c80697ff4a3 (diff)
1 files changed, 51 insertions, 4 deletions
diff --git a/src/lib/kdf/hkdf/hkdf.h b/src/lib/kdf/hkdf/hkdf.h
index 54ecc5283..5ab253420 100644
--- a/src/lib/kdf/hkdf/hkdf.h
+++ b/src/lib/kdf/hkdf/hkdf.h
@@ -1,6 +1,7 @@
 /*
 * HKDF
 * (C) 2013,2015 Jack Lloyd
+* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -15,9 +16,7 @@
 namespace Botan {
 
 /**
-* HKDF, see RFC 5869 for details.
-* This is only the expansion portion of HKDF.
-* An appropriate extraction function should be used before.
+* HKDF from RFC 5869.
 */
 class BOTAN_DLL HKDF final : public KDF
    {
@@ -31,7 +30,55 @@ class BOTAN_DLL HKDF final : public KDF
 
       std::string name() const override { return "HKDF(" + m_prf->name() + ")"; }
 
-      size_t kdf(byte out[], size_t out_len,
+      size_t kdf(byte key[], size_t key_len,
+                 const byte secret[], size_t secret_len,
+                 const byte salt[], size_t salt_len,
+                 const byte label[], size_t label_len) const override;
+
+   private:
+      MessageAuthenticationCode* m_prf;
+   };
+
+/**
+* HKDF Extraction Step from RFC 5869.
+*/
+class BOTAN_DLL HKDF_Extract final : public KDF
+   {
+   public:
+      /**
+      * @param prf MAC algorithm to use
+      */
+      explicit HKDF_Extract(MessageAuthenticationCode* prf) : m_prf(prf) {}
+
+      KDF* clone() const override { return new HKDF_Extract(m_prf->clone()); }
+
+      std::string name() const override { return "HKDF-Extract(" + m_prf->name() + ")"; }
+
+      size_t kdf(byte key[], size_t key_len,
+                 const byte secret[], size_t secret_len,
+                 const byte salt[], size_t salt_len,
+                 const byte label[], size_t label_len) const override;
+
+   private:
+      std::unique_ptr<MessageAuthenticationCode> m_prf;
+   };
+
+/**
+* HKDF Expansion Step from RFC 5869.
+*/
+class BOTAN_DLL HKDF_Expand final : public KDF
+   {
+   public:
+      /**
+      * @param prf MAC algorithm to use
+      */
+      explicit HKDF_Expand(MessageAuthenticationCode* prf) : m_prf(prf) {}
+
+      KDF* clone() const override { return new HKDF_Expand(m_prf->clone()); }
+
+      std::string name() const override { return "HKDF-Expand(" + m_prf->name() + ")"; }
+
+      size_t kdf(byte key[], size_t key_len,
                  const byte secret[], size_t secret_len,
                  const byte salt[], size_t salt_len,
                  const byte label[], size_t label_len) const override;
author	René Korthaus <[email protected]>	2016-11-12 20:30:40 +0100
committer	René Korthaus <[email protected]>	2016-11-12 20:30:40 +0100
commit	da497797cc7de2b64b63006a0108f785e4a360c1 (patch)
tree	4e4f09e862d3a1ce14217694ff77c5e90ccc1885 /src/lib/kdf/hkdf/hkdf.h
parent	37c1a62525c74461693789f983a41c80697ff4a3 (diff)