1 /* kdf.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /*! 23 \file wolfssl/wolfcrypt/kdf.h 24 */ 25 26 #ifndef NO_KDF 27 28 #ifndef WOLF_CRYPT_KDF_H 29 #define WOLF_CRYPT_KDF_H 30 31 #if defined(HAVE_FIPS) && \ 32 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) 33 #include <wolfssl/wolfcrypt/fips.h> 34 #endif 35 36 #include <wolfssl/wolfcrypt/hmac.h> 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 enum max_prf { 43 #ifdef HAVE_FFDHE_8192 44 MAX_PRF_HALF = 516, /* Maximum half secret len */ 45 #elif defined(HAVE_FFDHE_6144) 46 MAX_PRF_HALF = 388, /* Maximum half secret len */ 47 #else 48 MAX_PRF_HALF = 260, /* Maximum half secret len */ 49 #endif 50 MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ 51 MAX_PRF_DIG = 224 /* Maximum digest len */ 52 }; 53 54 55 #ifdef WOLFSSL_HAVE_PRF 56 WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret, 57 word32 secLen, const byte* seed, word32 seedLen, int hash, 58 void* heap, int devId); 59 WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret, 60 word32 secLen, const byte* label, word32 labLen, 61 const byte* seed, word32 seedLen, void* heap, int devId); 62 WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, 63 word32 secLen, const byte* label, word32 labLen, 64 const byte* seed, word32 seedLen, int useAtLeastSha256, 65 int hash_type, void* heap, int devId); 66 #endif /* WOLFSSL_HAVE_PRF */ 67 68 #ifdef HAVE_HKDF 69 70 enum { 71 /* 72 MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + 73 OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ + 74 OPAQUE8_LEN + WC_MAX_DIGEST_SIZE 75 */ 76 MAX_TLS13_HKDF_LABEL_SZ = 47 + WC_MAX_DIGEST_SIZE 77 }; 78 79 WOLFSSL_API int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen, 80 byte* ikm, int ikmLen, int digest); 81 82 WOLFSSL_API int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen, 83 const byte* prk, word32 prkLen, 84 const byte* protocol, word32 protocolLen, 85 const byte* label, word32 labelLen, 86 const byte* info, word32 infoLen, 87 int digest); 88 89 #endif /* HAVE_HKDF */ 90 91 #ifdef WOLFSSL_WOLFSSH 92 93 WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId, 94 byte* key, word32 keySz, 95 const byte* k, word32 kSz, 96 const byte* h, word32 hSz, 97 const byte* sessionId, word32 sessionIdSz); 98 99 #endif /* WOLFSSL_WOLFSSH */ 100 101 #ifdef __cplusplus 102 } /* extern "C" */ 103 #endif 104 105 #endif /* WOLF_CRYPT_KDF_H */ 106 107 #endif /* NO_KDF */ 108 109