1 /*
2  *  Copyright (c) 2020, The OpenThread Authors.
3  *  All rights reserved.
4  *
5  *  Redistribution and use in source and binary forms, with or without
6  *  modification, are permitted provided that the following conditions are met:
7  *  1. Redistributions of source code must retain the above copyright
8  *     notice, this list of conditions and the following disclaimer.
9  *  2. Redistributions in binary form must reproduce the above copyright
10  *     notice, this list of conditions and the following disclaimer in the
11  *     documentation and/or other materials provided with the distribution.
12  *  3. Neither the name of the copyright holder nor the
13  *     names of its contributors may be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17  *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18  *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20  *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21  *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22  *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25  *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26  *  POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /**
30  * @file
31  *   This file includes definitions for performing HMAC-based Extract-and-Expand Key Derivation Function (HKDF) using
32  *   SHA-256.
33  */
34 
35 #ifndef HKDF_SHA256_HPP_
36 #define HKDF_SHA256_HPP_
37 
38 #include "openthread-core-config.h"
39 
40 #include <openthread/platform/crypto.h>
41 
42 #include "common/code_utils.hpp"
43 #include "crypto/context_size.hpp"
44 #include "crypto/hmac_sha256.hpp"
45 
46 namespace ot {
47 namespace Crypto {
48 
49 /**
50  * @addtogroup core-security
51  *
52  * @{
53  */
54 
55 /**
56  * Implements HMAC-based Extract-and-Expand Key Derivation Function (HKDF) [RFC5869] using SHA-256.
57  */
58 class HkdfSha256
59 {
60 public:
61     /**
62      * Constructor to initialize the context.
63      */
64     HkdfSha256(void);
65 
66     /**
67      * Destructor to free the context.
68      */
69     ~HkdfSha256(void);
70 
71     /**
72      * Performs the HKDF Extract step.
73      *
74      * In the Extract step getting an input key extracts from it a pseudo-random key.
75      *
76      * @param[in] aSalt             A pointer to buffer containing salt.
77      * @param[in] aSaltLength       The salt length (in bytes).
78      * @param[in] aInputKey         The input key.
79      */
80     void Extract(const uint8_t *aSalt, uint16_t aSaltLength, const Key &aInputKey);
81 
82     /**
83      * Performs the HKDF Expand step.
84      *
85      * The method should be used after a previous `Extract` call, otherwise its behavior is undefined. In the Expand
86      * stage an output key of a given length is derived from the pseudo-random key of Extract stage.
87      *
88      * @param[in]  aInfo             A pointer to buffer containing info sequence.
89      * @param[in]  aInfoLength       The info length (in bytes).
90      * @param[out] aOutputKey        Buffer to place the output key (must contain at least @p aOutputKeyLength bytes).
91      * @param[in]  aOutputKeyLength  The output key length.
92      */
93     void Expand(const uint8_t *aInfo, uint16_t aInfoLength, uint8_t *aOutputKey, uint16_t aOutputKeyLength);
94 
95 private:
96     otCryptoContext mContext;
97     OT_DEFINE_ALIGNED_VAR(mContextStorage, kHkdfContextSize, uint64_t);
98 };
99 
100 /**
101  * @}
102  */
103 
104 } // namespace Crypto
105 } // namespace ot
106 
107 #endif // HKDF_SHA256_HPP_
108