NAME
|
hkdfExpand, hkdfExtract, hkdfKey – HMAC–based extract–and–expand key
derivation function (HKDF) |
SYNOPSIS
|
#include <u.h> #include <libc.h> #include <libsec.h> #define DS DigestState /* only to abbreviate SYNOPSIS */ int hkdfExpand(uchar *out, DS*(*x)(uchar*, ulong, uchar*, DS*), int xlen, uchar *prk, int nprk, uchar *info, int ninfo, int keylen) void hkdfExtract(uchar *out, DS*(*x)(uchar*, ulong, uchar*, DS*), int xlen, uchar *secret, int nsecret, uchar *salt, int nsalt)
int hkdfKey(uchar *out, DS*(*x)(uchar*, ulong, uchar*, DS*), int
xlen, uchar* secret, int nsecret, uchar* salt, int nsalt, uchar
*info, int ninfo, int keylen) |
DESCRIPTION
|
hkdfExpand derives a key from the given x sechash(2) function,
pseudo random key prk, and optional context info, returning a
byte array in out of length keylen that can be used as cryptographic
key. The extraction step is skipped. The key should have been generated by hkdfExtract, or be a uniformly random or pseudorandom cryptographically strong key. See RFC 5869, Section 3.3. Most common scenarios will want to use hkdfKey instead. hkdfExtract generates a pseudorandom key in out for use with hkfExpand from an input secret and an optional independent salt. Only use this function if you need to reuse the extracted key with multiple Expand invocations and different context values. Most common scenarios, including the generation of multiple keys, should use hkdfKey instead. hkdfKey derives a key from the given x sechash(2) function, secret, salt and context info, returning a byte array in out of length keylen that can be used as cryptographic key.
Salt and info may be nil. |
SOURCE
|
/sys/src/libsec |
SEE ALSO
|
sechash(2) RFC 5869 |
DIAGNOSTICS
|
These functions set errstr. |