2
0

hmac.h 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611
  1. /*!
  2. \ingroup HMAC
  3. \brief This function initializes an Hmac object, setting its
  4. encryption type, key and HMAC length.
  5. \return 0 Returned on successfully initializing the Hmac object
  6. \return BAD_FUNC_ARG Returned if the input type is invalid (see type param)
  7. \return MEMORY_E Returned if there is an error allocating memory for the
  8. structure to use for hashing
  9. \return HMAC_MIN_KEYLEN_E Returned when using a FIPS implementation
  10. and the key length specified is shorter than the minimum acceptable
  11. FIPS standard of 14 bytes
  12. \param hmac pointer to the Hmac object to initialize
  13. \param type type specifying which encryption method the Hmac object
  14. should use. Valid options are: WC_MD5, WC_SHA, WC_SHA256, WC_SHA384,
  15. WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or WC_SHA3_512
  16. \param key pointer to a buffer containing the key with which to
  17. initialize the Hmac object
  18. \param length length of the key
  19. _Example_
  20. \code
  21. Hmac hmac;
  22. byte key[] = { // initialize with key to use for encryption };
  23. if (wc_HmacSetKey(&hmac, WC_MD5, key, sizeof(key)) != 0) {
  24. // error initializing Hmac object
  25. }
  26. \endcode
  27. \sa wc_HmacUpdate
  28. \sa wc_HmacFinal
  29. */
  30. int wc_HmacSetKey(Hmac* hmac, int type, const byte* key, word32 keySz);
  31. /*!
  32. \ingroup HMAC
  33. \brief This function updates the message to authenticate using HMAC.
  34. It should be called after the Hmac object has been initialized with
  35. wc_HmacSetKey. This function may be called multiple times to update
  36. the message to hash. After calling wc_HmacUpdate as desired, one should
  37. call wc_HmacFinal to obtain the final authenticated message tag.
  38. \return 0 Returned on successfully updating the message to authenticate
  39. \return MEMORY_E Returned if there is an error allocating memory for
  40. use with a hashing algorithm
  41. \param hmac pointer to the Hmac object for which to update the message
  42. \param msg pointer to the buffer containing the message to append
  43. \param length length of the message to append
  44. _Example_
  45. \code
  46. Hmac hmac;
  47. byte msg[] = { // initialize with message to authenticate };
  48. byte msg2[] = { // initialize with second half of message };
  49. // initialize hmac
  50. if( wc_HmacUpdate(&hmac, msg, sizeof(msg)) != 0) {
  51. // error updating message
  52. }
  53. if( wc_HmacUpdate(&hmac, msg2, sizeof(msg)) != 0) {
  54. // error updating with second message
  55. }
  56. \endcode
  57. \sa wc_HmacSetKey
  58. \sa wc_HmacFinal
  59. */
  60. int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz);
  61. /*!
  62. \ingroup HMAC
  63. \brief This function computes the final hash of an Hmac object's message.
  64. \return 0 Returned on successfully computing the final hash
  65. \return MEMORY_E Returned if there is an error allocating memory for
  66. use with a hashing algorithm
  67. \param hmac pointer to the Hmac object for which to calculate the
  68. final hash
  69. \param hash pointer to the buffer in which to store the final hash.
  70. Should have room available as required by the hashing algorithm chosen
  71. _Example_
  72. \code
  73. Hmac hmac;
  74. byte hash[MD5_DIGEST_SIZE];
  75. // initialize hmac with MD5 as type
  76. // wc_HmacUpdate() with messages
  77. if (wc_HmacFinal(&hmac, hash) != 0) {
  78. // error computing hash
  79. }
  80. \endcode
  81. \sa wc_HmacSetKey
  82. \sa wc_HmacUpdate
  83. */
  84. int wc_HmacFinal(Hmac* hmac, byte* out);
  85. /*!
  86. \ingroup HMAC
  87. \brief This function returns the largest HMAC digest size available
  88. based on the configured cipher suites.
  89. \return Success Returns the largest HMAC digest size available based
  90. on the configured cipher suites
  91. \param none No parameters.
  92. _Example_
  93. \code
  94. int maxDigestSz = wolfSSL_GetHmacMaxSize();
  95. \endcode
  96. \sa none
  97. */
  98. int wolfSSL_GetHmacMaxSize(void);
  99. /*!
  100. \ingroup HMAC
  101. \brief This function provides access to a HMAC Key Derivation Function
  102. (HKDF). It utilizes HMAC to convert inKey, with an optional salt and
  103. optional info into a derived key, which it stores in out. The hash type
  104. defaults to MD5 if 0 or NULL is given.
  105. The HMAC configure option is --enable-hmac (on by default) or if building
  106. sources directly HAVE_HKDF
  107. \return 0 Returned upon successfully generating a key with the given inputs
  108. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  109. \return MEMORY_E Returned if there is an error allocating memory
  110. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  111. and the key length specified is shorter than the minimum acceptable FIPS
  112. standard
  113. \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
  114. WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
  115. WC_SHA3_512
  116. \param inKey pointer to the buffer containing the key to use for KDF
  117. \param inKeySz length of the input key
  118. \param salt pointer to a buffer containing an optional salt. Use NULL
  119. instead if not using a salt
  120. \param saltSz length of the salt. Use 0 if not using a salt
  121. \param info pointer to a buffer containing optional additional info.
  122. Use NULL if not appending extra info
  123. \param infoSz length of additional info. Use 0 if not using additional info
  124. \param out pointer to the buffer in which to store the derived key
  125. \param outSz space available in the output buffer to store the
  126. generated key
  127. _Example_
  128. \code
  129. byte key[] = { // initialize with key };
  130. byte salt[] = { // initialize with salt };
  131. byte derivedKey[MAX_DIGEST_SIZE];
  132. int ret = wc_HKDF(WC_SHA512, key, sizeof(key), salt, sizeof(salt),
  133. NULL, 0, derivedKey, sizeof(derivedKey));
  134. if ( ret != 0 ) {
  135. // error generating derived key
  136. }
  137. \endcode
  138. \sa wc_HmacSetKey
  139. */
  140. int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
  141. const byte* salt, word32 saltSz,
  142. const byte* info, word32 infoSz,
  143. byte* out, word32 outSz);
  144. /*!
  145. \ingroup HMAC
  146. \brief This function provides access to a HMAC Key Derivation Function
  147. (HKDF). It utilizes HMAC to convert inKey, with an optional salt
  148. into a derived key, which it stores in out. The hash type
  149. defaults to MD5 if 0 or NULL is given.
  150. The HMAC configure option is --enable-hmac (on by default) or if building
  151. sources directly HAVE_HKDF
  152. \return 0 Returned upon successfully generating a key with the given inputs
  153. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  154. \return MEMORY_E Returned if there is an error allocating memory
  155. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  156. and the key length specified is shorter than the minimum acceptable FIPS
  157. standard
  158. \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
  159. WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
  160. WC_SHA3_512
  161. \param salt pointer to a buffer containing an optional salt. Use NULL
  162. instead if not using a salt
  163. \param saltSz length of the salt. Use 0 if not using a salt
  164. \param inKey pointer to the buffer containing the key to use for KDF
  165. \param inKeySz length of the input key
  166. \param out pointer to the buffer in which to store the derived key
  167. _Example_
  168. \code
  169. byte key[] = { // initialize with key };
  170. byte salt[] = { // initialize with salt };
  171. byte derivedKey[MAX_DIGEST_SIZE];
  172. int ret = wc_HKDF_Extract(WC_SHA512, salt, sizeof(salt), key, sizeof(key),
  173. derivedKey);
  174. if ( ret != 0 ) {
  175. // error generating derived key
  176. }
  177. \endcode
  178. \sa wc_HKDF
  179. \sa wc_HKDF_Extract_ex
  180. \sa wc_HKDF_Expand
  181. \sa wc_HKDF_Expand_ex
  182. */
  183. int wc_HKDF_Extract(
  184. int type,
  185. const byte* salt, word32 saltSz,
  186. const byte* inKey, word32 inKeySz,
  187. byte* out);
  188. /*!
  189. \ingroup HMAC
  190. \brief This function provides access to a HMAC Key Derivation Function
  191. (HKDF). It utilizes HMAC to convert inKey, with an optional salt
  192. into a derived key, which it stores in out. The hash type
  193. defaults to MD5 if 0 or NULL is given. This is the _ex version adding
  194. heap hint and device identifier.
  195. The HMAC configure option is --enable-hmac (on by default) or if building
  196. sources directly HAVE_HKDF
  197. \return 0 Returned upon successfully generating a key with the given inputs
  198. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  199. \return MEMORY_E Returned if there is an error allocating memory
  200. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  201. and the key length specified is shorter than the minimum acceptable FIPS
  202. standard
  203. \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
  204. WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
  205. WC_SHA3_512
  206. \param salt pointer to a buffer containing an optional salt. Use NULL
  207. instead if not using a salt
  208. \param saltSz length of the salt. Use 0 if not using a salt
  209. \param inKey pointer to the buffer containing the key to use for KDF
  210. \param inKeySz length of the input key
  211. \param out pointer to the buffer in which to store the derived key
  212. \param heap heap hint to use for memory. Can be NULL
  213. \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
  214. _Example_
  215. \code
  216. byte key[] = { // initialize with key };
  217. byte salt[] = { // initialize with salt };
  218. byte derivedKey[MAX_DIGEST_SIZE];
  219. int ret = wc_HKDF_Extract_ex(WC_SHA512, salt, sizeof(salt), key, sizeof(key),
  220. derivedKey, NULL, INVALID_DEVID);
  221. if ( ret != 0 ) {
  222. // error generating derived key
  223. }
  224. \endcode
  225. \sa wc_HKDF
  226. \sa wc_HKDF_Extract
  227. \sa wc_HKDF_Expand
  228. \sa wc_HKDF_Expand_ex
  229. */
  230. int wc_HKDF_Extract_ex(
  231. int type,
  232. const byte* salt, word32 saltSz,
  233. const byte* inKey, word32 inKeySz,
  234. byte* out,
  235. void* heap, int devId);
  236. /*!
  237. \ingroup HMAC
  238. \brief This function provides access to a HMAC Key Derivation Function
  239. (HKDF). It utilizes HMAC to convert inKey, with optional info into a
  240. derived key, which it stores in out. The hash type
  241. defaults to MD5 if 0 or NULL is given.
  242. The HMAC configure option is --enable-hmac (on by default) or if building
  243. sources directly HAVE_HKDF
  244. \return 0 Returned upon successfully generating a key with the given inputs
  245. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  246. \return MEMORY_E Returned if there is an error allocating memory
  247. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  248. and the key length specified is shorter than the minimum acceptable FIPS
  249. standard
  250. \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
  251. WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
  252. WC_SHA3_512
  253. \param inKey pointer to the buffer containing the key to use for KDF
  254. \param inKeySz length of the input key
  255. \param info pointer to a buffer containing optional additional info.
  256. Use NULL if not appending extra info
  257. \param infoSz length of additional info. Use 0 if not using additional info
  258. \param out pointer to the buffer in which to store the derived key
  259. \param outSz space available in the output buffer to store the
  260. generated key
  261. _Example_
  262. \code
  263. byte key[] = { // initialize with key };
  264. byte salt[] = { // initialize with salt };
  265. byte derivedKey[MAX_DIGEST_SIZE];
  266. int ret = wc_HKDF_Expand(WC_SHA512, key, sizeof(key), NULL, 0,
  267. derivedKey, sizeof(derivedKey));
  268. if ( ret != 0 ) {
  269. // error generating derived key
  270. }
  271. \endcode
  272. \sa wc_HKDF
  273. \sa wc_HKDF_Extract
  274. \sa wc_HKDF_Extract_ex
  275. \sa wc_HKDF_Expand_ex
  276. */
  277. int wc_HKDF_Expand(
  278. int type,
  279. const byte* inKey, word32 inKeySz,
  280. const byte* info, word32 infoSz,
  281. byte* out, word32 outSz);
  282. /*!
  283. \ingroup HMAC
  284. \brief This function provides access to a HMAC Key Derivation Function
  285. (HKDF). It utilizes HMAC to convert inKey, with optional info into a
  286. derived key, which it stores in out. The hash type
  287. defaults to MD5 if 0 or NULL is given. This is the _ex version adding
  288. heap hint and device identifier.
  289. The HMAC configure option is --enable-hmac (on by default) or if building
  290. sources directly HAVE_HKDF
  291. \return 0 Returned upon successfully generating a key with the given inputs
  292. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  293. \return MEMORY_E Returned if there is an error allocating memory
  294. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  295. and the key length specified is shorter than the minimum acceptable FIPS
  296. standard
  297. \param type hash type to use for the HKDF. Valid types are: WC_MD5, WC_SHA,
  298. WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or
  299. WC_SHA3_512
  300. \param inKey pointer to the buffer containing the key to use for KDF
  301. \param inKeySz length of the input key
  302. \param info pointer to a buffer containing optional additional info.
  303. Use NULL if not appending extra info
  304. \param infoSz length of additional info. Use 0 if not using additional info
  305. \param out pointer to the buffer in which to store the derived key
  306. \param outSz space available in the output buffer to store the
  307. generated key
  308. \param heap heap hint to use for memory. Can be NULL
  309. \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
  310. _Example_
  311. \code
  312. byte key[] = { // initialize with key };
  313. byte salt[] = { // initialize with salt };
  314. byte derivedKey[MAX_DIGEST_SIZE];
  315. int ret = wc_HKDF_Expand_ex(WC_SHA512, key, sizeof(key), NULL, 0,
  316. derivedKey, sizeof(derivedKey), NULL, INVALID_DEVID);
  317. if ( ret != 0 ) {
  318. // error generating derived key
  319. }
  320. \endcode
  321. \sa wc_HKDF
  322. \sa wc_HKDF_Extract
  323. \sa wc_HKDF_Extract_ex
  324. \sa wc_HKDF_Expand
  325. */
  326. int wc_HKDF_Expand_ex(
  327. int type,
  328. const byte* inKey, word32 inKeySz,
  329. const byte* info, word32 infoSz,
  330. byte* out, word32 outSz,
  331. void* heap, int devId);
  332. /*!
  333. \ingroup HMAC
  334. \brief This function provides access to RFC 5869
  335. HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for TLS v1.3
  336. key derivation
  337. \return 0 Returned upon successfully generating a key with the given inputs
  338. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  339. \return MEMORY_E Returned if there is an error allocating memory
  340. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  341. and the key length specified is shorter than the minimum acceptable FIPS
  342. standard
  343. \param prk Generated pseudorandom key
  344. \param salt salt.
  345. \param saltLen length of the salt
  346. \param ikm pointer to putput for keying material
  347. \param ikmLen length of the input keying material buffer
  348. \param digest hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
  349. _Example_
  350. \code
  351. byte secret[] = { // initialize with random key };
  352. byte salt[] = { // initialize with optional salt };
  353. byte masterSecret[MAX_DIGEST_SIZE];
  354. int ret = wc_Tls13_HKDF_Extract(secret, salt, sizeof(salt), 0,
  355. masterSecret, sizeof(masterSecret), WC_SHA512);
  356. if ( ret != 0 ) {
  357. // error generating derived key
  358. }
  359. \endcode
  360. \sa wc_HKDF
  361. \sa wc_HKDF_Extract
  362. \sa wc_HKDF_Extract_ex
  363. \sa wc_HKDF_Expand
  364. \sa wc_Tls13_HKDF_Extract_ex
  365. */
  366. int wc_Tls13_HKDF_Extract(
  367. byte* prk,
  368. const byte* salt, word32 saltLen,
  369. byte* ikm, word32 ikmLen, int digest);
  370. /*!
  371. \ingroup HMAC
  372. \brief This function provides access to RFC 5869
  373. HMAC-based Extract-and-Expand Key Derivation Function (HKDF) for TLS v1.3
  374. key derivation. This is the _ex version adding heap hint and device identifier.
  375. \return 0 Returned upon successfully generating a key with the given inputs
  376. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  377. \return MEMORY_E Returned if there is an error allocating memory
  378. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  379. and the key length specified is shorter than the minimum acceptable FIPS
  380. standard
  381. \param prk Generated pseudorandom key
  382. \param salt Salt.
  383. \param saltLen Length of the salt
  384. \param ikm Pointer to output for keying material
  385. \param ikmLen Length of the input keying material buffer
  386. \param digest Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
  387. \param heap Heap hint to use for memory. Can be NULL
  388. \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
  389. _Example_
  390. \code
  391. byte secret[] = { // initialize with random key };
  392. byte salt[] = { // initialize with optional salt };
  393. byte masterSecret[MAX_DIGEST_SIZE];
  394. int ret = wc_Tls13_HKDF_Extract_ex(secret, salt, sizeof(salt), 0,
  395. masterSecret, sizeof(masterSecret), WC_SHA512, NULL, INVALID_DEVID);
  396. if ( ret != 0 ) {
  397. // error generating derived key
  398. }
  399. \endcode
  400. \sa wc_HKDF
  401. \sa wc_HKDF_Extract
  402. \sa wc_HKDF_Extract_ex
  403. \sa wc_HKDF_Expand
  404. \sa wc_Tls13_HKDF_Extract
  405. */
  406. int wc_Tls13_HKDF_Extract_ex(
  407. byte* prk,
  408. const byte* salt, word32 saltLen,
  409. byte* ikm, word32 ikmLen, int digest,
  410. void* heap, int devId);
  411. /*!
  412. \ingroup HMAC
  413. \brief Expand data using HMAC, salt and label and info. TLS v1.3 defines
  414. this function for key derivation. This is the _ex version adding heap hint
  415. and device identifier.
  416. \return 0 Returned upon successfully generating a key with the given inputs
  417. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  418. \return MEMORY_E Returned if there is an error allocating memory
  419. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  420. and the key length specified is shorter than the minimum acceptable FIPS
  421. standard
  422. \param okm Generated pseudorandom key - output key material.
  423. \param okmLen Length of generated pseudorandom key - output key material.
  424. \param prk Salt - pseudo-random key.
  425. \param prkLen Length of the salt - pseudo-random key.
  426. \param protocol TLS protocol label.
  427. \param protocolLen Length of the TLS protocol label.
  428. \param info Information to expand.
  429. \param infoLen Length of the information.
  430. \param digest Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
  431. \param heap Heap hint to use for memory. Can be NULL
  432. \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
  433. \sa wc_HKDF
  434. \sa wc_HKDF_Extract
  435. \sa wc_HKDF_Extract_ex
  436. \sa wc_HKDF_Expand
  437. \sa wc_Tls13_HKDF_Expand_Label
  438. \sa wc_Tls13_HKDF_Expand_Label_Alloc
  439. */
  440. int wc_Tls13_HKDF_Expand_Label_ex(
  441. byte* okm, word32 okmLen,
  442. const byte* prk, word32 prkLen,
  443. const byte* protocol, word32 protocolLen,
  444. const byte* label, word32 labelLen,
  445. const byte* info, word32 infoLen,
  446. int digest,
  447. void* heap, int devId);
  448. /*!
  449. \ingroup HMAC
  450. \brief Expand data using HMAC, salt and label and info. TLS v1.3 defines
  451. this function for key derivation. This is the _ex version adding heap hint
  452. and device identifier.
  453. \return 0 Returned upon successfully generating a key with the given inputs
  454. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  455. \return MEMORY_E Returned if there is an error allocating memory
  456. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  457. and the key length specified is shorter than the minimum acceptable FIPS
  458. standard
  459. \param okm Generated pseudorandom key - output key material.
  460. \param okmLen Length of generated pseudorandom key - output key material.
  461. \param prk Salt - pseudo-random key.
  462. \param prkLen Length of the salt - pseudo-random key.
  463. \param protocol TLS protocol label.
  464. \param protocolLen Length of the TLS protocol label.
  465. \param info Information to expand.
  466. \param infoLen Length of the information.
  467. \param digest Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
  468. \sa wc_HKDF
  469. \sa wc_HKDF_Extract
  470. \sa wc_HKDF_Extract_ex
  471. \sa wc_HKDF_Expand
  472. \sa wc_Tls13_HKDF_Expand_Label_ex
  473. \sa wc_Tls13_HKDF_Expand_Label_Alloc
  474. */
  475. int wc_Tls13_HKDF_Expand_Label(
  476. byte* okm, word32 okmLen,
  477. const byte* prk, word32 prkLen,
  478. const byte* protocol, word32 protocolLen,
  479. const byte* label, word32 labelLen,
  480. const byte* info, word32 infoLen,
  481. int digest);
  482. /*!
  483. \ingroup HMAC
  484. \brief This functions is very similar to wc_Tls13_HKDF_Expand_Label(), but it
  485. allocates memory if the stack space usually used isn't enough. Expand data
  486. using HMAC, salt and label and info. TLS v1.3 defines this function for
  487. key derivation. This is the _ex version adding heap hint and device identifier.
  488. \return 0 Returned upon successfully generating a key with the given inputs
  489. \return BAD_FUNC_ARG Returned if an invalid hash type is given (see type param)
  490. \return MEMORY_E Returned if there is an error allocating memory
  491. \return HMAC_MIN_KEYLEN_E May be returned when using a FIPS implementation
  492. and the key length specified is shorter than the minimum acceptable FIPS
  493. standard
  494. \param okm Generated pseudorandom key - output key material.
  495. \param okmLen Length of generated pseudorandom key - output key material.
  496. \param prk Salt - pseudo-random key.
  497. \param prkLen Length of the salt - pseudo-random key.
  498. \param protocol TLS protocol label.
  499. \param protocolLen Length of the TLS protocol label.
  500. \param info Information to expand.
  501. \param infoLen Length of the information.
  502. \param digest Hash type to use for the HKDF. Valid types are: WC_SHA256, WC_SHA384 or WC_SHA512
  503. \param heap Heap hint to use for memory. Can be NULL
  504. \sa wc_HKDF
  505. \sa wc_HKDF_Extract
  506. \sa wc_HKDF_Extract_ex
  507. \sa wc_HKDF_Expand
  508. \sa wc_Tls13_HKDF_Expand_Label
  509. \sa wc_Tls13_HKDF_Expand_Label_ex
  510. */
  511. int wc_Tls13_HKDF_Expand_Label_Alloc(
  512. byte* okm, word32 okmLen,
  513. const byte* prk, word32 prkLen,
  514. const byte* protocol, word32 protocolLen,
  515. const byte* label, word32 labelLen,
  516. const byte* info, word32 infoLen,
  517. int digest, void* heap);