1
0

kdf.h 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261
  1. /*!
  2. \ingroup SrtpKdf
  3. \brief This function derives keys using SRTP KDF algorithm.
  4. \return 0 Returned upon successful key derivation.
  5. \return BAD_FUNC_ARG Returned when key or salt is NULL
  6. \return BAD_FUNC_ARG Returned when key length is not 16, 24 or 32.
  7. \return BAD_FUNC_ARG Returned when saltSz is larger than 14.
  8. \return BAD_FUNC_ARG Returned when kdrIdx is less than -1 or larger than 24.
  9. \return MEMORY_E on dynamic memory allocation failure.
  10. \param [in] key Key to use with encryption.
  11. \param [in] keySz Size of key in bytes.
  12. \param [in] salt Random non-secret value.
  13. \param [in] saltSz Size of random in bytes.
  14. \param [in] kdrIdx Key derivation rate. kdr = 0 when -1, otherwise kdr = 2^kdrIdx.
  15. \param [in] index Index value to XOR in.
  16. \param [out] key1 First key. Label value of 0x00.
  17. \param [in] key1Sz Size of first key in bytes.
  18. \param [out] key2 Second key. Label value of 0x01.
  19. \param [in] key2Sz Size of second key in bytes.
  20. \param [out] key3 Third key. Label value of 0x02.
  21. \param [in] key3Sz Size of third key in bytes.
  22. _Example_
  23. \code
  24. unsigned char key[16] = { ... };
  25. unsigned char salt[14] = { ... };
  26. unsigned char index[6] = { ... };
  27. unsigned char keyE[16];
  28. unsigned char keyA[20];
  29. unsigned char keyS[14];
  30. int kdrIdx = 0; // Use all of index
  31. int ret;
  32. ret = wc_SRTP_KDF(key, sizeof(key), salt, sizeof(salt), kdrIdx, index,
  33. keyE, sizeof(keyE), keyA, sizeof(keyA), keyS, sizeof(keyS));
  34. if (ret != 0) {
  35. WOLFSSL_MSG("wc_SRTP_KDF failed");
  36. }
  37. \endcode
  38. \sa wc_SRTCP_KDF
  39. \sa wc_SRTP_KDF_label
  40. \sa wc_SRTCP_KDF_label
  41. \sa wc_SRTP_KDF_kdr_to_idx
  42. */
  43. int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
  44. int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2,
  45. word32 key2Sz, byte* key3, word32 key3Sz);
  46. /*!
  47. \ingroup SrtpKdf
  48. \brief This function derives keys using SRTCP KDF algorithm.
  49. \return 0 Returned upon successful key derivation.
  50. \return BAD_FUNC_ARG Returned when key or salt is NULL
  51. \return BAD_FUNC_ARG Returned when key length is not 16, 24 or 32.
  52. \return BAD_FUNC_ARG Returned when saltSz is larger than 14.
  53. \return BAD_FUNC_ARG Returned when kdrIdx is less than -1 or larger than 24.
  54. \return MEMORY_E on dynamic memory allocation failure.
  55. \param [in] key Key to use with encryption.
  56. \param [in] keySz Size of key in bytes.
  57. \param [in] salt Random non-secret value.
  58. \param [in] saltSz Size of random in bytes.
  59. \param [in] kdrIdx Key derivation rate. kdr = 0 when -1, otherwise kdr = 2^kdrIdx.
  60. \param [in] index Index value to XOR in.
  61. \param [out] key1 First key. Label value of 0x00.
  62. \param [in] key1Sz Size of first key in bytes.
  63. \param [out] key2 Second key. Label value of 0x01.
  64. \param [in] key2Sz Size of second key in bytes.
  65. \param [out] key3 Third key. Label value of 0x02.
  66. \param [in] key3Sz Size of third key in bytes.
  67. _Example_
  68. \code
  69. unsigned char key[16] = { ... };
  70. unsigned char salt[14] = { ... };
  71. unsigned char index[4] = { ... };
  72. unsigned char keyE[16];
  73. unsigned char keyA[20];
  74. unsigned char keyS[14];
  75. int kdrIdx = 0; // Use all of index
  76. int ret;
  77. ret = wc_SRTCP_KDF(key, sizeof(key), salt, sizeof(salt), kdrIdx, index,
  78. keyE, sizeof(keyE), keyA, sizeof(keyA), keyS, sizeof(keyS));
  79. if (ret != 0) {
  80. WOLFSSL_MSG("wc_SRTP_KDF failed");
  81. }
  82. \endcode
  83. \sa wc_SRTP_KDF
  84. \sa wc_SRTP_KDF_label
  85. \sa wc_SRTCP_KDF_label
  86. \sa wc_SRTP_KDF_kdr_to_idx
  87. */
  88. int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
  89. int kdrIdx, const byte* index, byte* key1, word32 key1Sz, byte* key2,
  90. word32 key2Sz, byte* key3, word32 key3Sz);
  91. /*!
  92. \ingroup SrtpKdf
  93. \brief This function derives a key with label using SRTP KDF algorithm.
  94. \return 0 Returned upon successful key derivation.
  95. \return BAD_FUNC_ARG Returned when key, salt or outKey is NULL
  96. \return BAD_FUNC_ARG Returned when key length is not 16, 24 or 32.
  97. \return BAD_FUNC_ARG Returned when saltSz is larger than 14.
  98. \return BAD_FUNC_ARG Returned when kdrIdx is less than -1 or larger than 24.
  99. \return MEMORY_E on dynamic memory allocation failure.
  100. \param [in] key Key to use with encryption.
  101. \param [in] keySz Size of key in bytes.
  102. \param [in] salt Random non-secret value.
  103. \param [in] saltSz Size of random in bytes.
  104. \param [in] kdrIdx Key derivation rate. kdr = 0 when -1, otherwise kdr = 2^kdrIdx.
  105. \param [in] index Index value to XOR in.
  106. \param [in] label Label to use when deriving key.
  107. \param [out] outKey Derived key.
  108. \param [in] outKeySz Size of derived key in bytes.
  109. _Example_
  110. \code
  111. unsigned char key[16] = { ... };
  112. unsigned char salt[14] = { ... };
  113. unsigned char index[6] = { ... };
  114. unsigned char keyE[16];
  115. int kdrIdx = 0; // Use all of index
  116. int ret;
  117. ret = wc_SRTP_KDF_label(key, sizeof(key), salt, sizeof(salt), kdrIdx, index,
  118. WC_SRTP_LABEL_ENCRYPTION, keyE, sizeof(keyE));
  119. if (ret != 0) {
  120. WOLFSSL_MSG("wc_SRTP_KDF failed");
  121. }
  122. \endcode
  123. \sa wc_SRTP_KDF
  124. \sa wc_SRTCP_KDF
  125. \sa wc_SRTCP_KDF_label
  126. \sa wc_SRTP_KDF_kdr_to_idx
  127. */
  128. int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
  129. word32 saltSz, int kdrIdx, const byte* index, byte label, byte* outKey,
  130. word32 outKeySz);
  131. /*!
  132. \ingroup SrtpKdf
  133. \brief This function derives key with label using SRTCP KDF algorithm.
  134. \return 0 Returned upon successful key derivation.
  135. \return BAD_FUNC_ARG Returned when key, salt or outKey is NULL
  136. \return BAD_FUNC_ARG Returned when key length is not 16, 24 or 32.
  137. \return BAD_FUNC_ARG Returned when saltSz is larger than 14.
  138. \return BAD_FUNC_ARG Returned when kdrIdx is less than -1 or larger than 24.
  139. \return MEMORY_E on dynamic memory allocation failure.
  140. \param [in] key Key to use with encryption.
  141. \param [in] keySz Size of key in bytes.
  142. \param [in] salt Random non-secret value.
  143. \param [in] saltSz Size of random in bytes.
  144. \param [in] kdrIdx Key derivation rate. kdr = 0 when -1, otherwise kdr = 2^kdrIdx.
  145. \param [in] index Index value to XOR in.
  146. \param [in] label Label to use when deriving key.
  147. \param [out] outKey Derived key.
  148. \param [in] outKeySz Size of derived key in bytes.
  149. _Example_
  150. \code
  151. unsigned char key[16] = { ... };
  152. unsigned char salt[14] = { ... };
  153. unsigned char index[4] = { ... };
  154. unsigned char keyE[16];
  155. int kdrIdx = 0; // Use all of index
  156. int ret;
  157. ret = wc_SRTCP_KDF_label(key, sizeof(key), salt, sizeof(salt), kdrIdx,
  158. index, WC_SRTCP_LABEL_ENCRYPTION, keyE, sizeof(keyE));
  159. if (ret != 0) {
  160. WOLFSSL_MSG("wc_SRTP_KDF failed");
  161. }
  162. \endcode
  163. \sa wc_SRTP_KDF
  164. \sa wc_SRTCP_KDF
  165. \sa wc_SRTP_KDF_label
  166. \sa wc_SRTP_KDF_kdr_to_idx
  167. */
  168. int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
  169. word32 saltSz, int kdrIdx, const byte* index, byte label, byte* outKey,
  170. word32 outKeySz);
  171. /*!
  172. \ingroup SrtpKdf
  173. \brief This function converts a kdr value to an index to use in SRTP/SRTCP KDF API.
  174. \return Key derivation rate as an index.
  175. \param [in] kdr Key derivation rate to convert.
  176. _Example_
  177. \code
  178. word32 kdr = 0x00000010;
  179. int kdrIdx;
  180. int ret;
  181. kdrIdx = wc_SRTP_KDF_kdr_to_idx(kdr);
  182. \endcode
  183. \sa wc_SRTP_KDF
  184. \sa wc_SRTCP_KDF
  185. \sa wc_SRTP_KDF_label
  186. \sa wc_SRTCP_KDF_label
  187. */
  188. int wc_SRTP_KDF_kdr_to_idx(word32 kdr);
  189. /**
  190. * \brief Performs the single-step key derivation function (KDF) as specified in
  191. * SP800-56C option 1.
  192. *
  193. * \param [in] z The input keying material.
  194. * \param [in] zSz The size of the input keying material.
  195. * \param [in] fixedInfo The fixed information to be included in the KDF.
  196. * \param [in] fixedInfoSz The size of the fixed information.
  197. * \param [in] derivedSecretSz The desired size of the derived secret.
  198. * \param [in] hashType The hash algorithm to be used in the KDF.
  199. * \param [out] output The buffer to store the derived secret.
  200. * \param [in] outputSz The size of the output buffer.
  201. *
  202. * \return 0 if the KDF operation is successful,
  203. * \return BAD_FUNC_ARG if the input parameters are invalid.
  204. * \return negative error code if the KDF operation fails.
  205. *
  206. * _Example_
  207. \code
  208. unsigned char z[32] = { ... };
  209. unsigned char fixedInfo[16] = { ... };
  210. unsigned char output[32];
  211. int ret;
  212. ret = wc_KDA_KDF_onestep(z, sizeof(z), fixedInfo, sizeof(fixedInfo),
  213. sizeof(output), WC_HASH_TYPE_SHA256, output, sizeof(output));
  214. if (ret != 0) {
  215. WOLFSSL_MSG("wc_KDA_KDF_onestep failed");
  216. }
  217. \endcode
  218. */
  219. int wc_KDA_KDF_onestep(const byte* z, word32 zSz,
  220. const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz,
  221. enum wc_HashType hashType, byte* output, word32 outputSz);