1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CRYPTO_HKDF_H_
6#define CRYPTO_HKDF_H_
7
8#include <vector>
9
10#include "base/basictypes.h"
11#include "base/strings/string_piece.h"
12#include "crypto/crypto_export.h"
13
14namespace crypto {
15
16// HKDF implements the key derivation function specified in RFC 5869 (using
17// SHA-256) and outputs key material, as needed by QUIC.
18// See https://tools.ietf.org/html/rfc5869 for details.
19class CRYPTO_EXPORT HKDF {
20 public:
21  // |secret|: the input shared secret (or, from RFC 5869, the IKM).
22  // |salt|: an (optional) public salt / non-secret random value. While
23  // optional, callers are strongly recommended to provide a salt. There is no
24  // added security value in making this larger than the SHA-256 block size of
25  // 64 bytes.
26  // |info|: an (optional) label to distinguish different uses of HKDF. It is
27  // optional context and application specific information (can be a zero-length
28  // string).
29  // |key_bytes_to_generate|: the number of bytes of key material to generate
30  // for both client and server.
31  // |iv_bytes_to_generate|: the number of bytes of IV to generate for both
32  // client and server.
33  // |subkey_secret_bytes_to_generate|: the number of bytes of subkey secret to
34  // generate, shared between client and server.
35  HKDF(const base::StringPiece& secret,
36       const base::StringPiece& salt,
37       const base::StringPiece& info,
38       size_t key_bytes_to_generate,
39       size_t iv_bytes_to_generate,
40       size_t subkey_secret_bytes_to_generate);
41  ~HKDF();
42
43  base::StringPiece client_write_key() const {
44    return client_write_key_;
45  }
46  base::StringPiece client_write_iv() const {
47    return client_write_iv_;
48  }
49  base::StringPiece server_write_key() const {
50    return server_write_key_;
51  }
52  base::StringPiece server_write_iv() const {
53    return server_write_iv_;
54  }
55  base::StringPiece subkey_secret() const {
56    return subkey_secret_;
57  }
58
59 private:
60  std::vector<uint8> output_;
61
62  base::StringPiece client_write_key_;
63  base::StringPiece server_write_key_;
64  base::StringPiece client_write_iv_;
65  base::StringPiece server_write_iv_;
66  base::StringPiece subkey_secret_;
67};
68
69}  // namespace crypto
70
71#endif  // CRYPTO_HKDF_H_
72