cryptohome/crypto/hkdf.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2021 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CRYPTOHOME_CRYPTO_HKDF_H_
 #define CRYPTOHOME_CRYPTO_HKDF_H_

 #include <brillo/secure_blob.h>

 namespace cryptohome {

 // The list of possible hashes for HKDF operations. For now we only need
 // SHA-256, but the list can be easily extended if required.
 enum class HkdfHash { kSha256 };

 // Derives HKDF from `key`, `info` and `salt` and stores as
 // `result` of a desired `result_len`. If `result_len` is zero, the resulting
 // key length will be equal to hash size. This is equivalent to calling
 // HkdfExtract and HkdfExpand, where the result of HkdfExtract is passed to
 // HkdfExpand. Returns false if operation failed.
 bool Hkdf(HkdfHash hash,
           const brillo::SecureBlob& key,
           const brillo::SecureBlob& info,
           const brillo::SecureBlob& salt,
           size_t result_len,
           brillo::SecureBlob* result);

 // Performs HKDF expand operation from `key` and `info` and stores
 // as `result` of a desired `result_len`. If `result_len` is zero, the resulting
 // key length will be equal to hash size. See RFC 5869 for detailed description.
 // Returns false if operation failed.
 bool HkdfExpand(HkdfHash hash,
                 const brillo::SecureBlob& key,
                 const brillo::SecureBlob& info,
                 size_t result_len,
                 brillo::SecureBlob* result);

 // Performs HKDF extract operation from `key` and `salt` and stores
 // `result`. The length of the result is determined by `hash` function used,
 // e.g. for SHA-256 the length is equal to SHA256_DIGEST_LENGTH. See RFC 5869
 // for detailed description. Returns false if operation failed.
 bool HkdfExtract(HkdfHash hash,
                  const brillo::SecureBlob& key,
                  const brillo::SecureBlob& salt,
                  brillo::SecureBlob* result);

 }  // namespace cryptohome

 #endif  // CRYPTOHOME_CRYPTO_HKDF_H_
	// Copyright 2021 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CRYPTOHOME_CRYPTO_HKDF_H_
	#define CRYPTOHOME_CRYPTO_HKDF_H_

	#include <brillo/secure_blob.h>

	namespace cryptohome {

	// The list of possible hashes for HKDF operations. For now we only need
	// SHA-256, but the list can be easily extended if required.
	enum class HkdfHash { kSha256 };

	// Derives HKDF from `key`, `info` and `salt` and stores as
	// `result` of a desired `result_len`. If `result_len` is zero, the resulting
	// key length will be equal to hash size. This is equivalent to calling
	// HkdfExtract and HkdfExpand, where the result of HkdfExtract is passed to
	// HkdfExpand. Returns false if operation failed.
	bool Hkdf(HkdfHash hash,
	const brillo::SecureBlob& key,
	const brillo::SecureBlob& info,
	const brillo::SecureBlob& salt,
	size_t result_len,
	brillo::SecureBlob* result);

	// Performs HKDF expand operation from `key` and `info` and stores
	// as `result` of a desired `result_len`. If `result_len` is zero, the resulting
	// key length will be equal to hash size. See RFC 5869 for detailed description.
	// Returns false if operation failed.
	bool HkdfExpand(HkdfHash hash,
	const brillo::SecureBlob& key,
	const brillo::SecureBlob& info,
	size_t result_len,
	brillo::SecureBlob* result);

	// Performs HKDF extract operation from `key` and `salt` and stores
	// `result`. The length of the result is determined by `hash` function used,
	// e.g. for SHA-256 the length is equal to SHA256_DIGEST_LENGTH. See RFC 5869
	// for detailed description. Returns false if operation failed.
	bool HkdfExtract(HkdfHash hash,
	const brillo::SecureBlob& key,
	const brillo::SecureBlob& salt,
	brillo::SecureBlob* result);

	} // namespace cryptohome

	#endif // CRYPTOHOME_CRYPTO_HKDF_H_