| Overview |  |
Copyright © (C) 2020, Roman Pushkov
Authors: Roman Pushkov (pushkovroman@me.com).
hash() = md5 | sha | sha224 | sha256 | sha384 | sha512
| derive/3 | The derivation function. |
| derive/4 | |
| derive/5 | |
| expand/3 | The expansion function. |
| expand/4 | |
| extract/2 | The extraction function. |
| extract/3 |
The derivation function.
Extracts a pseudorandom key from an input keying material and expands it into an output keying material.
See the respective functions for details.derive(Hash, IKM, Info, L) -> OKM
derive(Hash, IKM, Info, Salt, L) -> OKM
The expansion function.
HKDF-Expand(PRK, info, L) -> OKM
Options:
Hash a hash function; HashLen denotes the length of the
hash function output in octets
Inputs:
PRK a pseudorandom key of at least HashLen octets
(usually, the output from the extract step)
info optional context and application specific information
(can be a zero-length string)
L length of output keying material in octets
(<= 255*HashLen)
Output:
OKM output keying material (of L octets)
The output OKM is calculated as follows:
N = ceil(L/HashLen)
T = T(1) | T(2) | T(3) | ... | T(N)
OKM = first L octets of T
where:
T(0) = empty string (zero length)
T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
T(2) = HMAC-Hash(PRK, T(1) | info | 0x02)
T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
...
(where the constant concatenated to the end of each T(n) is a
single octet.)
expand(Hash, PRK, Info, L) -> OKM
The extraction function.
HKDF-Extract(salt, IKM) -> PRK
Options:
Hash a hash function; HashLen denotes the length of the
hash function output in octets
Inputs:
salt optional salt value (a non-secret random value);
if not provided, it is set to a string of HashLen zeros.
IKM input keying material
Output:
PRK a pseudorandom key (of HashLen octets)
The output PRK is calculated as follows:
PRK = HMAC-Hash(salt, IKM)
Generated by EDoc