diff options
author | Alessandro Ghedini <alessandro@ghedini.me> | 2016-03-02 23:58:27 +0000 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-03-03 18:21:20 -0500 |
commit | aacfb134be2a88211b79dc53bb5bd0e422dbb60d (patch) | |
tree | 5b247240da2fcc6e55e00a6296e0cc0ad3eb8fc5 /include | |
parent | b894054e3f7de6c64b505006395aa24b30928e97 (diff) |
GH355: Implement HKDF
This patch implements the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) as defined in RFC 5869.
It is required to implement the QUIC and TLS 1.3 protocols (among others).
Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/evp.h | 1 | ||||
-rw-r--r-- | include/openssl/kdf.h | 20 | ||||
-rw-r--r-- | include/openssl/obj_mac.h | 4 |
3 files changed, 25 insertions, 0 deletions
diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 44ca1f36c4..1b26bb1f9b 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -99,6 +99,7 @@ # define EVP_PKEY_HMAC NID_hmac # define EVP_PKEY_CMAC NID_cmac # define EVP_PKEY_TLS1_PRF NID_tls1_prf +# define EVP_PKEY_HKDF NID_hkdf #ifdef __cplusplus extern "C" { diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h index a1aed8dd77..e61a9a603a 100644 --- a/include/openssl/kdf.h +++ b/include/openssl/kdf.h @@ -61,6 +61,10 @@ extern "C" { # define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) # define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) # define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) # define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ @@ -74,6 +78,22 @@ extern "C" { EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)seed) +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)md) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)salt) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)key) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)info) + /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index b58c44db73..f39d77295d 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4511,6 +4511,10 @@ #define LN_tls1_prf "tls1-prf" #define NID_tls1_prf 1021 +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1036 + #define SN_id_pkinit "id-pkinit" #define NID_id_pkinit 1031 #define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L |