Provides functions to generate HMAC based Key Derivation Function (HKDF). More...
Enumerations | |
| enum | nrf_crypto_hkdf_mode_t { NRF_CRYPTO_HKDF_EXTRACT_AND_EXPAND, NRF_CRYPTO_HKDF_EXPAND_ONLY } |
| Enumeration of HKDF modes. More... | |
Functions | |
| ret_code_t | nrf_crypto_hkdf_calculate (nrf_crypto_hmac_context_t *const p_context, nrf_crypto_hmac_info_t const *p_info, uint8_t *const p_output_key, size_t *const p_output_key_size, uint8_t const *const p_input_key, size_t input_key_size, uint8_t const *p_salt, size_t salt_size, uint8_t const *const p_ainfo, size_t ainfo_size, nrf_crypto_hkdf_mode_t mode) |
| Integrated HKDF calculation function. More... | |
Provides functions to generate HMAC based Key Derivation Function (HKDF).
Provides functions to generate HMAC based Key Derivation Function (HKDF) using one of the supported hash algorithms. This layer is independent of backend crypto library. The HKDF module does not have a backend configuration, as it uses the nrf_crypto_hmac API, including the backend configured for HMAC in SDK configuration header file.
| ret_code_t nrf_crypto_hkdf_calculate | ( | nrf_crypto_hmac_context_t *const | p_context, |
| nrf_crypto_hmac_info_t const * | p_info, | ||
| uint8_t *const | p_output_key, | ||
| size_t *const | p_output_key_size, | ||
| uint8_t const *const | p_input_key, | ||
| size_t | input_key_size, | ||
| uint8_t const * | p_salt, | ||
| size_t | salt_size, | ||
| uint8_t const *const | p_ainfo, | ||
| size_t | ainfo_size, | ||
| nrf_crypto_hkdf_mode_t | mode | ||
| ) |
Integrated HKDF calculation function.
This HKDF calculation function uses the nrf_crypto HMAC frontend directly. The backend is selected by configuring the HMAC backend in SDK configuration header file.
| [in,out] | p_context | Pointer to context structure. Context memory will be allocated internally if the context pointer is NULL. |
| [in] | p_info | Pointer to static info structure. This defines the algorithm. This should be either g_nrf_crypto_hmac_sha256_info or g_nrf_crypto_hmac_sha512_info. |
| [out] | p_output_key | Pointer to buffer to hold the output key material. |
| [in,out] | p_output_key_size | Pointer to the length of the wanted output key material as input and actual length of the output material as output. Can be any number between 1 and the hash digest size multiplied by 255 (65280 for SHA-256 or 130560 for SHA-512). The p_output_key buffer must be large enough to hold this value. |
| [in] | p_input_key | Pointer to buffer holding the input key material. |
| [in] | input_key_size | Length of the input key material. |
| [in] | p_salt | Pointer to buffer of nonsecret random salt data. Set to NULL in order to use the default salt defined by RFC 5869 (all zero array of hash digest size) or if salt is not used (expand only). |
| [in] | salt_size | Length of the salt. Must be > 0 unless default salt is used, or in case mode is set to NRF_CRYPTO_HKDF_EXPAND_ONLY. |
| [in] | p_ainfo | Pointer to optional application specific information. (set to NULL and set ainfo_size to 0 if unused). |
| [in] | ainfo_size | Length of the additional information. |
| [in] | mode | Set to NRF_CRYPTO_HKDF_EXTRACT_AND_EXPAND for normal mode. Alternatively, set to NRF_CRYPTO_HKDF_EXPAND_ONLY to skip the extraction step. |
| NRF_SUCCESS | Output key material hash was successfully calculated. |
| NRF_ERROR_CRYPTO_INPUT_NULL | If p_input_key was NULL. |
| NRF_ERROR_CRYPTO_INPUT_LENGTH | If input_key_size or salt_size was invalid. |
| NRF_ERROR_CRYPTO_OUTPUT_NULL | If p_output_key_sizen was NULL. |
| NRF_ERROR_CRYPTO_OUTPUT_LENGTH | If *p_output_key_size is 0. |
| NRF_ERROR_CRYPTO_ALLOC_FAILED | Unable to allocate memory for the context. |
| NRF_ERROR_CRYPTO_INTERNAL | An error occurred in the crypto backend. |
| NRF_ERROR_CRYPTO_BUSY | The function could not be called because the nrf_crypto backend was busy. Please rerun the cryptographic routine at a later time. CC310 only. |