crypto/hkdf.h - Issue 423333002: Implement QUIC key extraction.

Side by Side Diff: crypto/hkdf.h

Issue 423333002: Implement QUIC key extraction. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Pass a size_t constant as a size_t argument. Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CRYPTO_HKDF_H_	5 #ifndef CRYPTO_HKDF_H_

6 #define CRYPTO_HKDF_H_	6 #define CRYPTO_HKDF_H_

7	7

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/basictypes.h"	10 #include "base/basictypes.h"

11 #include "base/memory/scoped_ptr.h"

12 #include "base/strings/string_piece.h"	11 #include "base/strings/string_piece.h"

13 #include "build/build_config.h"

14 #include "crypto/crypto_export.h"	12 #include "crypto/crypto_export.h"

15	13

16 namespace crypto {	14 namespace crypto {

17	15

18 // HKDF implements the key derivation function specified in RFC 5869 (using	16 // HKDF implements the key derivation function specified in RFC 5869 (using

19 // SHA-256) and outputs key material, as needed by QUIC.	17 // SHA-256) and outputs key material, as needed by QUIC.

20 // See https://tools.ietf.org/html/rfc5869 for details.	18 // See https://tools.ietf.org/html/rfc5869 for details.

21 class CRYPTO_EXPORT HKDF {	19 class CRYPTO_EXPORT HKDF {

22 public:	20 public:

23 // \|secret\|: The input shared secret (or, from RFC 5869, the IKM).	21 // \|secret\|: the input shared secret (or, from RFC 5869, the IKM).

24 // \|salt\|: an (optional) public salt / non-secret random value. While	22 // \|salt\|: an (optional) public salt / non-secret random value. While

25 // optional, callers are strongly recommended to provide a salt. There is no	23 // optional, callers are strongly recommended to provide a salt. There is no

26 // added security value in making this larger than the SHA-256 block size of	24 // added security value in making this larger than the SHA-256 block size of

27 // 64 bytes.	25 // 64 bytes.

28 // \|info\|: an (optional) label to distinguish different uses of HKDF. It is	26 // \|info\|: an (optional) label to distinguish different uses of HKDF. It is

29 // optional context and application specific information (can be a zero-length	27 // optional context and application specific information (can be a zero-length

30 // string).	28 // string).

31 // \|key_bytes_to_generate\|: the number of bytes of key material to generate.	29 // \|key_bytes_to_generate\|: the number of bytes of key material to generate

32 // \|iv_bytes_to_generate\|: the number of bytes of IV to generate.	30 // for both client and server.

	31 // \|iv_bytes_to_generate\|: the number of bytes of IV to generate for both

	32 // client and server.

	33 // \|subkey_secret_bytes_to_generate\|: the number of bytes of subkey secret to

	34 // generate, shared between client and server.

33 HKDF(const base::StringPiece& secret,	35 HKDF(const base::StringPiece& secret,

34 const base::StringPiece& salt,	36 const base::StringPiece& salt,

35 const base::StringPiece& info,	37 const base::StringPiece& info,

36 size_t key_bytes_to_generate,	38 size_t key_bytes_to_generate,

37 size_t iv_bytes_to_generate);	39 size_t iv_bytes_to_generate,

	40 size_t subkey_secret_bytes_to_generate);
	wtc 2014/07/30 18:16:52 Adam: while porting this change to Chromium, I rea Adam: while porting this change to Chromium, I realized that the HKDF class has become very QUIC-specific. In the internal QUIC source tree, this class is inside the quic/crypto/base directory, so a QUIC-specific interface is acceptable. In Chromium's crypto directory, a QUIC-specific interface seems bad, although I just noticed the comment on line 17 that says this class generates output "as needed by QUIC". I am surprised that I didn't need to change any files outside net/quic. So this means no other code is using the HKDF class right now.
38 ~HKDF();	41 ~HKDF();

39	42

40 base::StringPiece client_write_key() const {	43 base::StringPiece client_write_key() const {

41 return client_write_key_;	44 return client_write_key_;

42 }	45 }

43 base::StringPiece client_write_iv() const {	46 base::StringPiece client_write_iv() const {

44 return client_write_iv_;	47 return client_write_iv_;

45 }	48 }

46 base::StringPiece server_write_key() const {	49 base::StringPiece server_write_key() const {

47 return server_write_key_;	50 return server_write_key_;

48 }	51 }

49 base::StringPiece server_write_iv() const {	52 base::StringPiece server_write_iv() const {

50 return server_write_iv_;	53 return server_write_iv_;

51 }	54 }

	55 base::StringPiece subkey_secret() const {

	56 return subkey_secret_;

	57 }

52	58

53 private:	59 private:

54 std::vector<uint8> output_;	60 std::vector<uint8> output_;

55	61

56 base::StringPiece client_write_key_;	62 base::StringPiece client_write_key_;

57 base::StringPiece server_write_key_;	63 base::StringPiece server_write_key_;

58 base::StringPiece client_write_iv_;	64 base::StringPiece client_write_iv_;

59 base::StringPiece server_write_iv_;	65 base::StringPiece server_write_iv_;

	66 base::StringPiece subkey_secret_;

60 };	67 };

61	68

62 } // namespace crypto	69 } // namespace crypto

63	70

64 #endif // CRYPTO_HKDF_H_	71 #endif // CRYPTO_HKDF_H_

OLD	NEW

« no previous file with comments | « no previous file | crypto/hkdf.cc » ('j') | no next file with comments »