nRF5 SDK v17.1.0
Enumerations | Functions
HMAC based Key Derivation Function (HKDF) related functions

Provides functions to generate HMAC based Key Derivation Function (HKDF). More...


enum  nrf_crypto_hkdf_mode_t {
 Enumeration of HKDF modes. More...


ret_code_t nrf_crypto_hkdf_calculate (nrf_crypto_hmac_context_t *const p_context, nrf_crypto_hmac_info_t const *p_info, uint8_t *const p_output_key, size_t *const p_output_key_size, uint8_t const *const p_input_key, size_t input_key_size, uint8_t const *p_salt, size_t salt_size, uint8_t const *const p_ainfo, size_t ainfo_size, nrf_crypto_hkdf_mode_t mode)
 Integrated HKDF calculation function. More...

Detailed Description

Provides functions to generate HMAC based Key Derivation Function (HKDF).

Provides functions to generate HMAC based Key Derivation Function (HKDF) using one of the supported hash algorithms. This layer is independent of backend crypto library. The HKDF module does not have a backend configuration, as it uses the nrf_crypto_hmac API, including the backend configured for HMAC in SDK configuration header file.

Enumeration Type Documentation

Enumeration of HKDF modes.


HKDF Extract and expand mode (normal).


HKDF Expand only mode.

Function Documentation

ret_code_t nrf_crypto_hkdf_calculate ( nrf_crypto_hmac_context_t *const  p_context,
nrf_crypto_hmac_info_t const *  p_info,
uint8_t *const  p_output_key,
size_t *const  p_output_key_size,
uint8_t const *const  p_input_key,
size_t  input_key_size,
uint8_t const *  p_salt,
size_t  salt_size,
uint8_t const *const  p_ainfo,
size_t  ainfo_size,
nrf_crypto_hkdf_mode_t  mode 

Integrated HKDF calculation function.

This HKDF calculation function uses the nrf_crypto HMAC frontend directly. The backend is selected by configuring the HMAC backend in SDK configuration header file.

[in,out]p_contextPointer to context structure. Context memory will be allocated internally if the context pointer is NULL.
[in]p_infoPointer to static info structure. This defines the algorithm. This should be either g_nrf_crypto_hmac_sha256_info or g_nrf_crypto_hmac_sha512_info.
[out]p_output_keyPointer to buffer to hold the output key material.
[in,out]p_output_key_sizePointer to the length of the wanted output key material as input and actual length of the output material as output. Can be any number between 1 and the hash digest size multiplied by 255 (65280 for SHA-256 or 130560 for SHA-512). The p_output_key buffer must be large enough to hold this value.
[in]p_input_keyPointer to buffer holding the input key material.
[in]input_key_sizeLength of the input key material.
[in]p_saltPointer to buffer of nonsecret random salt data. Set to NULL in order to use the default salt defined by RFC 5869 (all zero array of hash digest size) or if salt is not used (expand only).
[in]salt_sizeLength of the salt. Must be > 0 unless default salt is used, or in case mode is set to NRF_CRYPTO_HKDF_EXPAND_ONLY.
[in]p_ainfoPointer to optional application specific information. (set to NULL and set ainfo_size to 0 if unused).
[in]ainfo_sizeLength of the additional information.
[in]modeSet to NRF_CRYPTO_HKDF_EXTRACT_AND_EXPAND for normal mode. Alternatively, set to NRF_CRYPTO_HKDF_EXPAND_ONLY to skip the extraction step.
Return values
NRF_SUCCESSOutput key material hash was successfully calculated.
NRF_ERROR_CRYPTO_INPUT_LENGTHIf input_key_size or salt_size was invalid.
NRF_ERROR_CRYPTO_OUTPUT_NULLIf p_output_key_sizen was NULL.
NRF_ERROR_CRYPTO_OUTPUT_LENGTHIf *p_output_key_size is 0.
NRF_ERROR_CRYPTO_ALLOC_FAILEDUnable to allocate memory for the context.
NRF_ERROR_CRYPTO_INTERNALAn error occurred in the crypto backend.
NRF_ERROR_CRYPTO_BUSYThe function could not be called because the nrf_crypto backend was busy. Please rerun the cryptographic routine at a later time. CC310 only.

Documentation feedback | Developer Zone | Subscribe | Updated