Landing Recent QUIC changes until 8/19/2015 17:00 UTC.
[chromium-blink-merge.git] / crypto / hkdf.h
blobe91bccf5b4f38c1f486c8423b28813d09de8662e
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CRYPTO_HKDF_H_
6 #define CRYPTO_HKDF_H_
8 #include <vector>
10 #include "base/basictypes.h"
11 #include "base/strings/string_piece.h"
12 #include "crypto/crypto_export.h"
14 namespace crypto {
16 // HKDF implements the key derivation function specified in RFC 5869 (using
17 // SHA-256) and outputs key material, as needed by QUIC.
18 // See https://tools.ietf.org/html/rfc5869 for details.
19 class CRYPTO_EXPORT HKDF {
20 public:
21 // |secret|: the input shared secret (or, from RFC 5869, the IKM).
22 // |salt|: an (optional) public salt / non-secret random value. While
23 // optional, callers are strongly recommended to provide a salt. There is no
24 // added security value in making this larger than the SHA-256 block size of
25 // 64 bytes.
26 // |info|: an (optional) label to distinguish different uses of HKDF. It is
27 // optional context and application specific information (can be a zero-length
28 // string).
29 // |key_bytes_to_generate|: the number of bytes of key material to generate
30 // for both client and server.
31 // |iv_bytes_to_generate|: the number of bytes of IV to generate for both
32 // client and server.
33 // |subkey_secret_bytes_to_generate|: the number of bytes of subkey secret to
34 // generate, shared between client and server.
35 HKDF(const base::StringPiece& secret,
36 const base::StringPiece& salt,
37 const base::StringPiece& info,
38 size_t key_bytes_to_generate,
39 size_t iv_bytes_to_generate,
40 size_t subkey_secret_bytes_to_generate);
41 ~HKDF();
43 base::StringPiece client_write_key() const {
44 return client_write_key_;
46 base::StringPiece client_write_iv() const {
47 return client_write_iv_;
49 base::StringPiece server_write_key() const {
50 return server_write_key_;
52 base::StringPiece server_write_iv() const {
53 return server_write_iv_;
55 base::StringPiece subkey_secret() const {
56 return subkey_secret_;
59 private:
60 std::vector<uint8> output_;
62 base::StringPiece client_write_key_;
63 base::StringPiece server_write_key_;
64 base::StringPiece client_write_iv_;
65 base::StringPiece server_write_iv_;
66 base::StringPiece subkey_secret_;
69 } // namespace crypto
71 #endif // CRYPTO_HKDF_H_