KDF#

Key derivation functions (KDFs) are used to derive cryptographically strong keys from an initial secret value.

HKDF#

HMAC-based Extract-and-Expand Key Derivation Function (HKDF) RFC 5869.

Similar to RFC 5869, the following descriptions uses the term HashLen to denote the output length of the hash function of a concrete instantiation of HKDF.

The following instantiations are supported:

BLAKE2b (HashLen = 64)
BLAKE2s (HashLen = 32)
SHA2-256 (HashLen = 32)
SHA2-512 (HashLen = 64)

API Reference#

BLAKE2b#

#include "Hacl_HKDF.h"

void Hacl_HKDF_extract_blake2b_32(uint8_t *prk, uint8_t *salt, uint32_t saltlen, uint8_t *ikm, uint32_t ikmlen)#

Extract a fixed-length pseudorandom key from input keying material.

Parameters

prk – Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt – Pointer to saltlen bytes of memory where salt value is read from.
saltlen – Length of salt value.
ikm – Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen – Length of input keying material.

#include "Hacl_HKDF_Blake2b_256.h"

void Hacl_HKDF_Blake2b_256_extract_blake2b_256(uint8_t *prk, uint8_t *salt, uint32_t saltlen, uint8_t *ikm, uint32_t ikmlen)#

Extract a fixed-length pseudorandom key from input keying material.

Parameters

prk – Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt – Pointer to saltlen bytes of memory where salt value is read from.
saltlen – Length of salt value.
ikm – Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen – Length of input keying material.

Extract a fixed-length pseudorandom key from input keying material.

prk Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt Pointer to saltlen bytes of memory where salt value is read from.
saltlen Length of salt value.
ikm Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen Length of input keying material.

#include "Hacl_HKDF.h"

void Hacl_HKDF_expand_blake2b_32(uint8_t *okm, uint8_t *prk, uint32_t prklen, uint8_t *info, uint32_t infolen, uint32_t len)#

Expand pseudorandom key to desired length.

Parameters

okm – Pointer to len bytes of memory where output keying material is written to.
prk – Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen – Length of pseudorandom key.
info – Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen – Length of context and application specific information.
len – Length of output keying material.

#include "Hacl_HKDF_Blake2b_256.h"

void Hacl_HKDF_Blake2b_256_expand_blake2b_256(uint8_t *okm, uint8_t *prk, uint32_t prklen, uint8_t *info, uint32_t infolen, uint32_t len)#

Expand pseudorandom key to desired length.

Parameters

okm – Pointer to len bytes of memory where output keying material is written to.
prk – Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen – Length of pseudorandom key.
info – Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen – Length of context and application specific information.
len – Length of output keying material.

Expand pseudorandom key to desired length.

okm Pointer to len bytes of memory where output keying material is written to.
prk Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen Length of pseudorandom key.
info Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen Length of context and application specific information.
len Length of output keying material.

BLAKE2s#

#include "Hacl_HKDF.h"

void Hacl_HKDF_extract_blake2s_32(uint8_t *prk, uint8_t *salt, uint32_t saltlen, uint8_t *ikm, uint32_t ikmlen)#

Extract a fixed-length pseudorandom key from input keying material.

Parameters

prk – Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt – Pointer to saltlen bytes of memory where salt value is read from.
saltlen – Length of salt value.
ikm – Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen – Length of input keying material.

#include "Hacl_HKDF_Blake2s_128.h"

void Hacl_HKDF_Blake2s_128_extract_blake2s_128(uint8_t *prk, uint8_t *salt, uint32_t saltlen, uint8_t *ikm, uint32_t ikmlen)#

Extract a fixed-length pseudorandom key from input keying material.

Parameters

prk – Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt – Pointer to saltlen bytes of memory where salt value is read from.
saltlen – Length of salt value.
ikm – Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen – Length of input keying material.

Extract a fixed-length pseudorandom key from input keying material.

prk Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt Pointer to saltlen bytes of memory where salt value is read from.
saltlen Length of salt value.
ikm Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen Length of input keying material.

#include "Hacl_HKDF.h"

void Hacl_HKDF_expand_blake2s_32(uint8_t *okm, uint8_t *prk, uint32_t prklen, uint8_t *info, uint32_t infolen, uint32_t len)#

Expand pseudorandom key to desired length.

Parameters

okm – Pointer to len bytes of memory where output keying material is written to.
prk – Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen – Length of pseudorandom key.
info – Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen – Length of context and application specific information.
len – Length of output keying material.

#include "Hacl_HKDF_Blake2s_128.h"

void Hacl_HKDF_Blake2s_128_expand_blake2s_128(uint8_t *okm, uint8_t *prk, uint32_t prklen, uint8_t *info, uint32_t infolen, uint32_t len)#

Expand pseudorandom key to desired length.

Parameters

okm – Pointer to len bytes of memory where output keying material is written to.
prk – Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen – Length of pseudorandom key.
info – Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen – Length of context and application specific information.
len – Length of output keying material.

Expand pseudorandom key to desired length.

okm Pointer to len bytes of memory where output keying material is written to.
prk Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen Length of pseudorandom key.
info Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen Length of context and application specific information.
len Length of output keying material.

SHA2-256#

#include "Hacl_HKDF.h"

void Hacl_HKDF_extract_sha2_256(uint8_t *prk, uint8_t *salt, uint32_t saltlen, uint8_t *ikm, uint32_t ikmlen)#

Extract a fixed-length pseudorandom key from input keying material.

Parameters

prk – Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt – Pointer to saltlen bytes of memory where salt value is read from.
saltlen – Length of salt value.
ikm – Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen – Length of input keying material.

Extract a fixed-length pseudorandom key from input keying material.

prk Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt Pointer to saltlen bytes of memory where salt value is read from.
saltlen Length of salt value.
ikm Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen Length of input keying material.

void Hacl_HKDF_expand_sha2_256(uint8_t *okm, uint8_t *prk, uint32_t prklen, uint8_t *info, uint32_t infolen, uint32_t len)#

Expand pseudorandom key to desired length.

Parameters

okm – Pointer to len bytes of memory where output keying material is written to.
prk – Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen – Length of pseudorandom key.
info – Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen – Length of context and application specific information.
len – Length of output keying material.

Expand pseudorandom key to desired length.

okm Pointer to len bytes of memory where output keying material is written to.
prk Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen Length of pseudorandom key.
info Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen Length of context and application specific information.
len Length of output keying material.

SHA2-512#

#include "Hacl_HKDF.h"

void Hacl_HKDF_extract_sha2_512(uint8_t *prk, uint8_t *salt, uint32_t saltlen, uint8_t *ikm, uint32_t ikmlen)#

Extract a fixed-length pseudorandom key from input keying material.

Parameters

prk – Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt – Pointer to saltlen bytes of memory where salt value is read from.
saltlen – Length of salt value.
ikm – Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen – Length of input keying material.

Extract a fixed-length pseudorandom key from input keying material.

prk Pointer to HashLen bytes of memory where pseudorandom key is written to.
salt Pointer to saltlen bytes of memory where salt value is read from.
saltlen Length of salt value.
ikm Pointer to ikmlen bytes of memory where input keying material is read from.
ikmlen Length of input keying material.

void Hacl_HKDF_expand_sha2_512(uint8_t *okm, uint8_t *prk, uint32_t prklen, uint8_t *info, uint32_t infolen, uint32_t len)#

Expand pseudorandom key to desired length.

Parameters

okm – Pointer to len bytes of memory where output keying material is written to.
prk – Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen – Length of pseudorandom key.
info – Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen – Length of context and application specific information.
len – Length of output keying material.

Expand pseudorandom key to desired length.

okm Pointer to len bytes of memory where output keying material is written to.
prk Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.
prklen Length of pseudorandom key.
info Pointer to infolen bytes of memory where context and application specific information is read from. Can be a zero-length string.
infolen Length of context and application specific information.
len Length of output keying material.

Versions

KDF

Contents

KDF#

HKDF#

API Reference#

BLAKE2b#

BLAKE2s#

SHA2-256#

SHA2-512#