/src/botan/build/include/internal/botan/internal/hkdf.h

Source
/*
* HKDF
* (C) 2013,2015 Jack Lloyd
* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#ifndef BOTAN_HKDF_H_
#define BOTAN_HKDF_H_

#include <botan/kdf.h>
#include <botan/mac.h>

namespace Botan {

/**
* HKDF from RFC 5869.
*/
class HKDF final : public KDF {
   public:
      /**
      * @param prf MAC algorithm to use
      */
      explicit HKDF(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}

      std::unique_ptr<KDF> new_object() const override;

      std::string name() const override;

   private:
      void perform_kdf(std::span<uint8_t> key,
                       std::span<const uint8_t> secret,
                       std::span<const uint8_t> salt,
                       std::span<const uint8_t> label) const override;

   private:
      std::unique_ptr<MessageAuthenticationCode> m_prf;
};

/**
* HKDF Extraction Step from RFC 5869.
*/
class HKDF_Extract final : public KDF {
   public:
      /**
      * @param prf MAC algorithm to use
      */
      explicit HKDF_Extract(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}

      std::unique_ptr<KDF> new_object() const override;

      std::string name() const override;

   private:
      void perform_kdf(std::span<uint8_t> key,
                       std::span<const uint8_t> secret,
                       std::span<const uint8_t> salt,
                       std::span<const uint8_t> label) const override;

   private:
      std::unique_ptr<MessageAuthenticationCode> m_prf;
};

/**
* HKDF Expansion Step from RFC 5869.
*/
class HKDF_Expand final : public KDF {
   public:
      /**
      * @param prf MAC algorithm to use
      */
      explicit HKDF_Expand(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}

      std::unique_ptr<KDF> new_object() const override;

      std::string name() const override;

   private:
      void perform_kdf(std::span<uint8_t> key,
                       std::span<const uint8_t> secret,
                       std::span<const uint8_t> salt,
                       std::span<const uint8_t> label) const override;

   private:
      std::unique_ptr<MessageAuthenticationCode> m_prf;
};

/**
* HKDF-Expand-Label from TLS 1.3/QUIC
* @param hash_fn the hash to use
* @param secret the secret bits
* @param label the full label (no "TLS 1.3, " or "tls13 " prefix
*  is applied)
* @param hash_val the previous hash value (used for chaining, may be empty)
* @param length the desired output length
*/
secure_vector<uint8_t> BOTAN_TEST_API hkdf_expand_label(std::string_view hash_fn,
                                                        std::span<const uint8_t> secret,
                                                        std::string_view label,
                                                        std::span<const uint8_t> hash_val,
                                                        size_t length);

}  // namespace Botan

#endif

Coverage Report

Created: 2026-02-14 06:48

Line	Count	Source
1		/*
2		* HKDF
3		* (C) 2013,2015 Jack Lloyd
4		* (C) 2016 René Korthaus, Rohde & Schwarz Cybersecurity
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		*/
8
9		#ifndef BOTAN_HKDF_H_
10		#define BOTAN_HKDF_H_
11
12		#include <botan/kdf.h>
13		#include <botan/mac.h>
14
15		namespace Botan {
16
17		/**
18		* HKDF from RFC 5869.
19		*/
20		class HKDF final : public KDF {
21		public:
22		/**
23		* @param prf MAC algorithm to use
24		*/
25	0	explicit HKDF(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}
26
27		std::unique_ptr<KDF> new_object() const override;
28
29		std::string name() const override;
30
31		private:
32		void perform_kdf(std::span<uint8_t> key,
33		std::span<const uint8_t> secret,
34		std::span<const uint8_t> salt,
35		std::span<const uint8_t> label) const override;
36
37		private:
38		std::unique_ptr<MessageAuthenticationCode> m_prf;
39		};
40
41		/**
42		* HKDF Extraction Step from RFC 5869.
43		*/
44		class HKDF_Extract final : public KDF {
45		public:
46		/**
47		* @param prf MAC algorithm to use
48		*/
49	0	explicit HKDF_Extract(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}
50
51		std::unique_ptr<KDF> new_object() const override;
52
53		std::string name() const override;
54
55		private:
56		void perform_kdf(std::span<uint8_t> key,
57		std::span<const uint8_t> secret,
58		std::span<const uint8_t> salt,
59		std::span<const uint8_t> label) const override;
60
61		private:
62		std::unique_ptr<MessageAuthenticationCode> m_prf;
63		};
64
65		/**
66		* HKDF Expansion Step from RFC 5869.
67		*/
68		class HKDF_Expand final : public KDF {
69		public:
70		/**
71		* @param prf MAC algorithm to use
72		*/
73	0	explicit HKDF_Expand(std::unique_ptr<MessageAuthenticationCode> prf) : m_prf(std::move(prf)) {}
74
75		std::unique_ptr<KDF> new_object() const override;
76
77		std::string name() const override;
78
79		private:
80		void perform_kdf(std::span<uint8_t> key,
81		std::span<const uint8_t> secret,
82		std::span<const uint8_t> salt,
83		std::span<const uint8_t> label) const override;
84
85		private:
86		std::unique_ptr<MessageAuthenticationCode> m_prf;
87		};
88
89		/**
90		* HKDF-Expand-Label from TLS 1.3/QUIC
91		* @param hash_fn the hash to use
92		* @param secret the secret bits
93		* @param label the full label (no "TLS 1.3, " or "tls13 " prefix
94		* is applied)
95		* @param hash_val the previous hash value (used for chaining, may be empty)
96		* @param length the desired output length
97		*/
98		secure_vector<uint8_t> BOTAN_TEST_API hkdf_expand_label(std::string_view hash_fn,
99		std::span<const uint8_t> secret,
100		std::string_view label,
101		std::span<const uint8_t> hash_val,
102		size_t length);
103
104		} // namespace Botan
105
106		#endif