HKDF is used to generate derived keys from an input key. The first step, "extract", takes the input key material and generates a fixed-length pseudo random key (PRK). The intention of this step is to concentrate the entropy from a longer input key of possibly lower entropy. The extract step is optional. The second step, "expand", generates derived keys of arbitrary length from the PRK. The derived keys can be different by using different additional information for each derived key.
A typical use case for HKDF is converting shared secrets to encryption keys. For example, HKDF is used to generate the identity key in Eddystone.
The HKDF frontend (HMAC based Key Derivation Function (HKDF) related functions) provides a common API that is independent of the crypto backends. The application has control of the memory usage, as most of the work memory is part of the context structure that is allocated by the user and provided to the HKDF API.
The nrf_crypto HKDF module can use any hash function that is supported by the underlying HMAC - Hash-based message authentication code module. There is no dedicated backend configuration for the HKDF module.
The following example code demonstrates how to calculate HKDF SHA-256.
Refer to HKDF Example for a usage example of this library.
For an example showing the verification procedure of HKDF, see Test Example.