Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CRYPTO_HKDF_H_
      6 #define CRYPTO_HKDF_H_
      7 
      8 #include <vector>
      9 
     10 #include "base/basictypes.h"
     11 #include "base/memory/scoped_ptr.h"
     12 #include "base/strings/string_piece.h"
     13 #include "build/build_config.h"
     14 #include "crypto/crypto_export.h"
     15 
     16 namespace crypto {
     17 
     18 // HKDF implements the key derivation function specified in RFC 5869 (using
     19 // SHA-256) and outputs key material, as needed by QUIC.
     20 // See https://tools.ietf.org/html/rfc5869 for details.
     21 class CRYPTO_EXPORT HKDF {
     22  public:
     23   // |secret|: The input shared secret (or, from RFC 5869, the IKM).
     24   // |salt|: an (optional) public salt / non-secret random value. While
     25   // optional, callers are strongly recommended to provide a salt. There is no
     26   // added security value in making this larger than the SHA-256 block size of
     27   // 64 bytes.
     28   // |info|: an (optional) label to distinguish different uses of HKDF. It is
     29   // optional context and application specific information (can be a zero-length
     30   // string).
     31   // |key_bytes_to_generate|: the number of bytes of key material to generate.
     32   // |iv_bytes_to_generate|: the number of bytes of IV to generate.
     33   HKDF(const base::StringPiece& secret,
     34        const base::StringPiece& salt,
     35        const base::StringPiece& info,
     36        size_t key_bytes_to_generate,
     37        size_t iv_bytes_to_generate);
     38   ~HKDF();
     39 
     40   base::StringPiece client_write_key() const {
     41     return client_write_key_;
     42   }
     43   base::StringPiece client_write_iv() const {
     44     return client_write_iv_;
     45   }
     46   base::StringPiece server_write_key() const {
     47     return server_write_key_;
     48   }
     49   base::StringPiece server_write_iv() const {
     50     return server_write_iv_;
     51   }
     52 
     53  private:
     54   std::vector<uint8> output_;
     55 
     56   base::StringPiece client_write_key_;
     57   base::StringPiece server_write_key_;
     58   base::StringPiece client_write_iv_;
     59   base::StringPiece server_write_iv_;
     60 };
     61 
     62 }  // namespace crypto
     63 
     64 #endif  // CRYPTO_HKDF_H_
     65