blob: 09006eef4db6d56cd1e0e018faa9dc8a4580d403 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_QUIC_CORE_CRYPTO_QUIC_HKDF_H_
#define QUICHE_QUIC_CORE_CRYPTO_QUIC_HKDF_H_
#include <vector>
#include "net/third_party/quiche/src/quic/platform/api/quic_export.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_string_piece.h"
namespace quic {
// QuicHKDF implements the key derivation function specified in RFC 5869
// (using SHA-256) and outputs key material, as needed by QUIC.
// See https://tools.ietf.org/html/rfc5869 for details.
class QUIC_EXPORT QuicHKDF {
public:
// |secret|: the input shared secret (or, from RFC 5869, the IKM).
// |salt|: an (optional) public salt / non-secret random value. While
// optional, callers are strongly recommended to provide a salt. There is no
// added security value in making this larger than the SHA-256 block size of
// 64 bytes.
// |info|: an (optional) label to distinguish different uses of HKDF. It is
// optional context and application specific information (can be a zero-length
// string).
// |key_bytes_to_generate|: the number of bytes of key material to generate
// for both client and server.
// |iv_bytes_to_generate|: the number of bytes of IV to generate for both
// client and server.
// |subkey_secret_bytes_to_generate|: the number of bytes of subkey secret to
// generate, shared between client and server.
QuicHKDF(QuicStringPiece secret,
QuicStringPiece salt,
QuicStringPiece info,
size_t key_bytes_to_generate,
size_t iv_bytes_to_generate,
size_t subkey_secret_bytes_to_generate);
// An alternative constructor that allows the client and server key/IV
// lengths to be different.
QuicHKDF(QuicStringPiece secret,
QuicStringPiece salt,
QuicStringPiece info,
size_t client_key_bytes_to_generate,
size_t server_key_bytes_to_generate,
size_t client_iv_bytes_to_generate,
size_t server_iv_bytes_to_generate,
size_t subkey_secret_bytes_to_generate);
~QuicHKDF();
QuicStringPiece client_write_key() const { return client_write_key_; }
QuicStringPiece client_write_iv() const { return client_write_iv_; }
QuicStringPiece server_write_key() const { return server_write_key_; }
QuicStringPiece server_write_iv() const { return server_write_iv_; }
QuicStringPiece subkey_secret() const { return subkey_secret_; }
QuicStringPiece client_hp_key() const { return client_hp_key_; }
QuicStringPiece server_hp_key() const { return server_hp_key_; }
private:
std::vector<uint8_t> output_;
QuicStringPiece client_write_key_;
QuicStringPiece server_write_key_;
QuicStringPiece client_write_iv_;
QuicStringPiece server_write_iv_;
QuicStringPiece subkey_secret_;
QuicStringPiece client_hp_key_;
QuicStringPiece server_hp_key_;
};
} // namespace quic
#endif // QUICHE_QUIC_CORE_CRYPTO_QUIC_HKDF_H_