KDF#

EverCrypt’s Key Derivation Functions (KDFs).

Key derivation functions (KDFs) are used to derive cryptographically strong keys from an initial secret value.

HKDF#

HMAC-based Extract-and-Expand Key Derivation Function (HKDF) RFC 5869.

Similar to RFC 5869, the following descriptions uses the term HashLen to denote the output length of the hash function of a concrete instantiation of HKDF.

The following instantiations are supported:

  • BLAKE2b (HashLen = 64)

  • BLAKE2s (HashLen = 32)

  • SHA2-256 (HashLen = 32)

  • SHA2-512 (HashLen = 64)

  • SHA1 (HashLen = 20)

API Reference#

void EverCrypt_HKDF_extract(Spec_Hash_Definitions_hash_alg a, uint8_t *prk, uint8_t *salt, uint32_t saltlen, uint8_t *ikm, uint32_t ikmlen)#

Extract a fixed-length pseudorandom key from input keying material.

Parameters

  • a – Hash function to use. The allowed values are: Spec_Hash_Definitions_Blake2B (HashLen = 64), Spec_Hash_Definitions_Blake2S (HashLen = 32), Spec_Hash_Definitions_SHA2_256 (HashLen = 32), Spec_Hash_Definitions_SHA2_384 (HashLen = 48), Spec_Hash_Definitions_SHA2_512 (HashLen = 64), and Spec_Hash_Definitions_SHA1 (HashLen = 20).

  • prk – Pointer to HashLen bytes of memory where pseudorandom key is written to. HashLen depends on the used algorithm a. See above.

  • salt – Pointer to saltlen bytes of memory where salt value is read from.

  • saltlen – Length of salt value.

  • ikm – Pointer to ikmlen bytes of memory where input keying material is read from.

  • ikmlen – Length of input keying material.

void EverCrypt_HKDF_expand(Spec_Hash_Definitions_hash_alg a, uint8_t *okm, uint8_t *prk, uint32_t prklen, uint8_t *info, uint32_t infolen, uint32_t len)#

Expand pseudorandom key to desired length.

Parameters

  • a – Hash function to use. Usually, the same as used in EverCrypt_HKDF_extract.

  • okm – Pointer to len bytes of memory where output keying material is written to.

  • prk – Pointer to at least HashLen bytes of memory where pseudorandom key is read from. Usually, this points to the output from the extract step.

  • prklen – Length of pseudorandom key.

  • info – Pointer to infolen bytes of memory where context and application specific information is read from.

  • infolen – Length of context and application specific information. Can be 0.

  • len – Length of output keying material.