From d40e9f78cdce0e475bb5c581a8cb90020bad12c5 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Fri, 2 Apr 2021 13:57:52 -0700 Subject: [PATCH] Restore the HKDF code to hmac.c. For compatibility between FIPS builds. --- src/include.am | 8 +- src/tls13.c | 141 ------------------------------ wolfcrypt/src/ecc.c | 9 +- wolfcrypt/src/hmac.c | 153 +++++++++++++++++++++++++++++++++ wolfcrypt/src/kdf.c | 180 +++++++-------------------------------- wolfssl/wolfcrypt/hash.h | 32 ------- wolfssl/wolfcrypt/hmac.h | 15 ++++ wolfssl/wolfcrypt/kdf.h | 13 +-- 8 files changed, 213 insertions(+), 338 deletions(-) diff --git a/src/include.am b/src/include.am index 052a5d122..8cc190d74 100644 --- a/src/include.am +++ b/src/include.am @@ -218,6 +218,8 @@ src_libwolfssl_la_SOURCES += \ wolfcrypt/src/random.c \ wolfcrypt/src/sha256.c +src_libwolfssl_la_SOURCES += wolfcrypt/src/kdf.c + if BUILD_RSA src_libwolfssl_la_SOURCES += wolfcrypt/src/rsa.c endif @@ -275,7 +277,6 @@ if BUILD_CMAC src_libwolfssl_la_SOURCES += wolfcrypt/src/cmac.c endif -src_libwolfssl_la_SOURCES += wolfcrypt/src/kdf.c src_libwolfssl_la_SOURCES += wolfcrypt/src/fips.c \ wolfcrypt/src/fips_test.c @@ -294,7 +295,6 @@ if !BUILD_FIPS_RAND # CtaoCrypt files included above. if !BUILD_FIPS_CURRENT src_libwolfssl_la_SOURCES += wolfcrypt/src/hmac.c -src_libwolfssl_la_SOURCES += wolfcrypt/src/kdf.c endif !BUILD_FIPS_CURRENT # CAVP self test @@ -310,6 +310,10 @@ src_libwolfssl_la_SOURCES += \ if !BUILD_FIPS_RAND +if !BUILD_FIPS_V5 +src_libwolfssl_la_SOURCES += wolfcrypt/src/kdf.c +endif !BUILD_FIPS_V5 + if !BUILD_FIPS_CURRENT if BUILD_RNG src_libwolfssl_la_SOURCES += wolfcrypt/src/random.c diff --git a/src/tls13.c b/src/tls13.c index 476690be5..337b11a33 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -140,147 +140,6 @@ */ #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } -#if (defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))) || \ - defined(HAVE_SELFTEST) - -enum { -/* - MAX_HKDF_LABEL_SZ = OPAQUE16_LEN + - OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ + - OPAQUE8_LEN + WC_MAX_DIGEST_SIZE -*/ - MAX_TLS13_HKDF_LABEL_SZ = 47 + WC_MAX_DIGEST_SIZE -}; - -/* Extract data using HMAC, salt and input. - * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF) - * - * prk The generated pseudorandom key. - * salt The salt. - * saltLen The length of the salt. - * ikm The input keying material. - * ikmLen The length of the input keying material. - * digest The type of digest to use. - * returns 0 on success, otherwise failure. - */ -static int wc_Tls13_HKDF_Extract(byte* prk, const byte* salt, int saltLen, - byte* ikm, int ikmLen, int digest) -{ - int ret; - int len = 0; - - switch (digest) { - #ifndef NO_SHA256 - case WC_SHA256: - len = WC_SHA256_DIGEST_SIZE; - break; - #endif - - #ifdef WOLFSSL_SHA384 - case WC_SHA384: - len = WC_SHA384_DIGEST_SIZE; - break; - #endif - - #ifdef WOLFSSL_TLS13_SHA512 - case WC_SHA512: - len = WC_SHA512_DIGEST_SIZE; - break; - #endif - default: - return BAD_FUNC_ARG; - } - - /* When length is 0 then use zeroed data of digest length. */ - if (ikmLen == 0) { - ikmLen = len; - XMEMSET(ikm, 0, len); - } - -#ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG(" Salt"); - WOLFSSL_BUFFER(salt, saltLen); - WOLFSSL_MSG(" IKM"); - WOLFSSL_BUFFER(ikm, ikmLen); -#endif - - ret = wc_HKDF_Extract(digest, salt, saltLen, ikm, ikmLen, prk); - -#ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG(" PRK"); - WOLFSSL_BUFFER(prk, len); -#endif - - return ret; -} - - -/* Expand data using HMAC, salt and label and info. - * TLS v1.3 defines this function. - * - * okm The generated pseudorandom key - output key material. - * okmLen The length of generated pseudorandom key - output key material. - * prk The salt - pseudo-random key. - * prkLen The length of the salt - pseudo-random key. - * protocol The TLS protocol label. - * protocolLen The length of the TLS protocol label. - * info The information to expand. - * infoLen The length of the information. - * digest The type of digest to use. - * returns 0 on success, otherwise failure. - */ -static int wc_Tls13_HKDF_Expand_Label(byte* okm, word32 okmLen, - const byte* prk, word32 prkLen, - const byte* protocol, word32 protocolLen, - const byte* label, word32 labelLen, - const byte* info, word32 infoLen, - int digest) -{ - int ret = 0; - int idx = 0; - byte data[MAX_TLS13_HKDF_LABEL_SZ]; - - /* Output length. */ - data[idx++] = (byte)(okmLen >> 8); - data[idx++] = (byte)okmLen; - /* Length of protocol | label. */ - data[idx++] = (byte)(protocolLen + labelLen); - /* Protocol */ - XMEMCPY(&data[idx], protocol, protocolLen); - idx += protocolLen; - /* Label */ - XMEMCPY(&data[idx], label, labelLen); - idx += labelLen; - /* Length of hash of messages */ - data[idx++] = (byte)infoLen; - /* Hash of messages */ - if (info != NULL && infoLen > 0) { - XMEMCPY(&data[idx], info, infoLen); - idx += infoLen; - } - -#ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG(" PRK"); - WOLFSSL_BUFFER(prk, prkLen); - WOLFSSL_MSG(" Info"); - WOLFSSL_BUFFER(data, idx); -#endif - - ret = wc_HKDF_Expand(digest, prk, prkLen, data, idx, okm, okmLen); - -#ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG(" OKM"); - WOLFSSL_BUFFER(okm, okmLen); -#endif - - ForceZero(data, idx); - - return ret; -} - -#endif /* HAVE_FIPS */ - /* Size of the TLS v1.3 label use when deriving keys. */ #define TLS13_PROTOCOL_LABEL_SZ 6 /* The protocol label for TLS v1.3. */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 1b55f211e..87c1e4919 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -1208,7 +1208,7 @@ static int ecc_check_pubkey_order(ecc_key* key, ecc_point* pubkey, mp_int* a, mp_int* prime, mp_int* order); #endif static int _ecc_validate_public_key(ecc_key* key, int partial, int priv); -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN +#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(WOLFSSL_VALIDATE_ECC_IMPORT) static int _ecc_pairwise_consistency_test(ecc_key* key); #endif @@ -7618,8 +7618,10 @@ static int ecc_check_privkey_gen_helper(ecc_key* key) return err; } +#endif /* WOLFSSL_VALIDATE_ECC_IMPORT */ -#ifdef WOLFSSL_VALIDATE_ECC_KEYGEN + +#if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || defined(WOLFSSL_VALIDATE_ECC_IMPORT) /* Performs a Pairwise Consistency Test on an ECC key pair. */ static int _ecc_pairwise_consistency_test(ecc_key* key) { @@ -7630,9 +7632,8 @@ static int _ecc_pairwise_consistency_test(ecc_key* key) return err; } -#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN */ +#endif /* WOLFSSL_VALIDATE_ECC_KEYGEN || WOLFSSL_VALIDATE_ECC_IMPORT */ -#endif /* WOLFSSL_VALIDATE_ECC_IMPORT */ #if defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || !defined(WOLFSSL_SP_MATH) /* validate order * pubkey = point at infinity, 0 on success */ diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 8c16afde3..4344fb962 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -108,6 +108,17 @@ HmacFree(hmac); */ } + #ifdef HAVE_HKDF + int wc_HKDF(int type, const byte* inKey, word32 inKeySz, + const byte* salt, word32 saltSz, + const byte* info, word32 infoSz, + byte* out, word32 outSz) + { + return HKDF(type, inKey, inKeySz, salt, saltSz, + info, infoSz, out, outSz); + } + #endif /* HAVE_HKDF */ + #else /* else build without fips, or for new fips */ @@ -1167,7 +1178,149 @@ int wolfSSL_GetHmacMaxSize(void) return WC_MAX_DIGEST_SIZE; } +#ifdef HAVE_HKDF + /* HMAC-KDF-Extract. + * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + * + * type The hash algorithm type. + * salt The optional salt value. + * saltSz The size of the salt. + * inKey The input keying material. + * inKeySz The size of the input keying material. + * out The pseudorandom key with the length that of the hash. + * returns 0 on success, otherwise failure. + */ + int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz, + const byte* inKey, word32 inKeySz, byte* out) + { + byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */ + Hmac myHmac; + int ret; + const byte* localSalt; /* either points to user input or tmp */ + int hashSz; + ret = wc_HmacSizeByType(type); + if (ret < 0) + return ret; + + hashSz = ret; + localSalt = salt; + if (localSalt == NULL) { + XMEMSET(tmp, 0, hashSz); + localSalt = tmp; + saltSz = hashSz; + } + + ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); + if (ret == 0) + ret = wc_HmacUpdate(&myHmac, inKey, inKeySz); + if (ret == 0) + ret = wc_HmacFinal(&myHmac, out); + wc_HmacFree(&myHmac); + } + + return ret; + } + + /* HMAC-KDF-Expand. + * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + * + * type The hash algorithm type. + * inKey The input key. + * inKeySz The size of the input key. + * info The application specific information. + * infoSz The size of the application specific information. + * out The output keying material. + * returns 0 on success, otherwise failure. + */ + int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, + const byte* info, word32 infoSz, byte* out, word32 outSz) + { + byte tmp[WC_MAX_DIGEST_SIZE]; + Hmac myHmac; + int ret = 0; + word32 outIdx = 0; + word32 hashSz = wc_HmacSizeByType(type); + byte n = 0x1; + + /* RFC 5869 states that the length of output keying material in + octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ + + if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) + return BAD_FUNC_ARG; + + ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); + if (ret != 0) + return ret; + + + while (outIdx < outSz) { + int tmpSz = (n == 1) ? 0 : hashSz; + word32 left = outSz - outIdx; + + ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz); + if (ret != 0) + break; + ret = wc_HmacUpdate(&myHmac, tmp, tmpSz); + if (ret != 0) + break; + ret = wc_HmacUpdate(&myHmac, info, infoSz); + if (ret != 0) + break; + ret = wc_HmacUpdate(&myHmac, &n, 1); + if (ret != 0) + break; + ret = wc_HmacFinal(&myHmac, tmp); + if (ret != 0) + break; + + left = min(left, hashSz); + XMEMCPY(out+outIdx, tmp, left); + + outIdx += hashSz; + n++; + } + + wc_HmacFree(&myHmac); + + return ret; + } + + /* HMAC-KDF. + * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). + * + * type The hash algorithm type. + * inKey The input keying material. + * inKeySz The size of the input keying material. + * salt The optional salt value. + * saltSz The size of the salt. + * info The application specific information. + * infoSz The size of the application specific information. + * out The output keying material. + * returns 0 on success, otherwise failure. + */ + int wc_HKDF(int type, const byte* inKey, word32 inKeySz, + const byte* salt, word32 saltSz, + const byte* info, word32 infoSz, + byte* out, word32 outSz) + { + byte prk[WC_MAX_DIGEST_SIZE]; + int hashSz = wc_HmacSizeByType(type); + int ret; + + if (hashSz < 0) + return BAD_FUNC_ARG; + + ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk); + if (ret != 0) + return ret; + + return wc_HKDF_Expand(type, prk, hashSz, info, infoSz, out, outSz); + } + +#endif /* HAVE_HKDF */ #endif /* HAVE_FIPS */ #endif /* NO_HMAC */ diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index ad4f962e3..21e5670f8 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -41,7 +41,6 @@ #endif #endif -#include #ifdef NO_INLINE #include @@ -50,6 +49,7 @@ #include #endif +#include #include @@ -334,148 +334,7 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, #endif /* WOLFSSL_HAVE_PRF */ -#ifdef HAVE_HKDF - - /* HMAC-KDF-Extract. - * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). - * - * type The hash algorithm type. - * salt The optional salt value. - * saltSz The size of the salt. - * inKey The input keying material. - * inKeySz The size of the input keying material. - * out The pseudorandom key with the length that of the hash. - * returns 0 on success, otherwise failure. - */ - int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz, - const byte* inKey, word32 inKeySz, byte* out) - { - byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */ - Hmac myHmac; - int ret; - const byte* localSalt; /* either points to user input or tmp */ - int hashSz; - - ret = wc_HmacSizeByType(type); - if (ret < 0) - return ret; - - hashSz = ret; - localSalt = salt; - if (localSalt == NULL) { - XMEMSET(tmp, 0, hashSz); - localSalt = tmp; - saltSz = hashSz; - } - - ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); - if (ret == 0) { - ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); - if (ret == 0) - ret = wc_HmacUpdate(&myHmac, inKey, inKeySz); - if (ret == 0) - ret = wc_HmacFinal(&myHmac, out); - wc_HmacFree(&myHmac); - } - - return ret; - } - - /* HMAC-KDF-Expand. - * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). - * - * type The hash algorithm type. - * inKey The input key. - * inKeySz The size of the input key. - * info The application specific information. - * infoSz The size of the application specific information. - * out The output keying material. - * returns 0 on success, otherwise failure. - */ - int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, - const byte* info, word32 infoSz, byte* out, word32 outSz) - { - byte tmp[WC_MAX_DIGEST_SIZE]; - Hmac myHmac; - int ret = 0; - word32 outIdx = 0; - word32 hashSz = wc_HmacSizeByType(type); - byte n = 0x1; - - /* RFC 5869 states that the length of output keying material in - octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ - - if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) - return BAD_FUNC_ARG; - - ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); - if (ret != 0) - return ret; - - - while (outIdx < outSz) { - int tmpSz = (n == 1) ? 0 : hashSz; - word32 left = outSz - outIdx; - - ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz); - if (ret != 0) - break; - ret = wc_HmacUpdate(&myHmac, tmp, tmpSz); - if (ret != 0) - break; - ret = wc_HmacUpdate(&myHmac, info, infoSz); - if (ret != 0) - break; - ret = wc_HmacUpdate(&myHmac, &n, 1); - if (ret != 0) - break; - ret = wc_HmacFinal(&myHmac, tmp); - if (ret != 0) - break; - - left = min(left, hashSz); - XMEMCPY(out+outIdx, tmp, left); - - outIdx += hashSz; - n++; - } - - wc_HmacFree(&myHmac); - - return ret; - } - - /* HMAC-KDF. - * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF). - * - * type The hash algorithm type. - * inKey The input keying material. - * inKeySz The size of the input keying material. - * salt The optional salt value. - * saltSz The size of the salt. - * info The application specific information. - * infoSz The size of the application specific information. - * out The output keying material. - * returns 0 on success, otherwise failure. - */ - int wc_HKDF(int type, const byte* inKey, word32 inKeySz, - const byte* salt, word32 saltSz, - const byte* info, word32 infoSz, - byte* out, word32 outSz) - { - byte prk[WC_MAX_DIGEST_SIZE]; - int hashSz = wc_HmacSizeByType(type); - int ret; - - if (hashSz < 0) - return BAD_FUNC_ARG; - - ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk); - if (ret != 0) - return ret; - - return wc_HKDF_Expand(type, prk, hashSz, info, infoSz, out, outSz); - } +#if defined(HAVE_HKDF) /* Extract data using HMAC, salt and input. * RFC 5869 - HMAC-based Extract-and-Expand Key Derivation Function (HKDF) @@ -606,8 +465,33 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, #ifdef WOLFSSL_WOLFSSH +/* hash union */ +typedef union { +#ifndef NO_MD5 + wc_Md5 md5; +#endif +#ifndef NO_SHA + wc_Sha sha; +#endif +#ifdef WOLFSSL_SHA224 + wc_Sha224 sha224; +#endif +#ifndef NO_SHA256 + wc_Sha256 sha256; +#endif +#ifdef WOLFSSL_SHA384 + wc_Sha384 sha384; +#endif +#ifdef WOLFSSL_SHA512 + wc_Sha512 sha512; +#endif +#ifdef WOLFSSL_SHA3 + wc_Sha3 sha3; +#endif +} _hash; + static -int _HashInit(byte hashId, wc_Hmac_Hash* hash) +int _HashInit(byte hashId, _hash* hash) { int ret = BAD_FUNC_ARG; @@ -640,7 +524,7 @@ int _HashInit(byte hashId, wc_Hmac_Hash* hash) } static -int _HashUpdate(byte hashId, wc_Hmac_Hash* hash, +int _HashUpdate(byte hashId, _hash* hash, const byte* data, word32 dataSz) { int ret = BAD_FUNC_ARG; @@ -674,7 +558,7 @@ int _HashUpdate(byte hashId, wc_Hmac_Hash* hash, } static -int _HashFinal(byte hashId, wc_Hmac_Hash* hash, byte* digest) +int _HashFinal(byte hashId, _hash* hash, byte* digest) { int ret = BAD_FUNC_ARG; @@ -707,7 +591,7 @@ int _HashFinal(byte hashId, wc_Hmac_Hash* hash, byte* digest) } static -void _HashFree(byte hashId, wc_Hmac_Hash* hash) +void _HashFree(byte hashId, _hash* hash) { switch (hashId) { #ifndef NO_SHA @@ -743,7 +627,7 @@ int wc_SSH_KDF(byte hashId, byte keyId, byte* key, word32 keySz, const byte* sessionId, word32 sessionIdSz) { word32 blocks, remainder; - wc_Hmac_Hash hash; + _hash hash; enum wc_HashType enmhashId = (enum wc_HashType)hashId; byte kPad = 0; byte pad = 0; diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 0f06df860..2dece3f51 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -220,38 +220,6 @@ WOLFSSL_API int wc_Shake256Hash(const byte*, word32, byte*, word32); #endif /* !NO_HASH_WRAPPER */ - -#if (defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))) || \ - defined(HAVE_SELFTEST) -enum max_prf { -#ifdef HAVE_FFDHE_8192 - MAX_PRF_HALF = 516, /* Maximum half secret len */ -#elif defined(HAVE_FFDHE_6144) - MAX_PRF_HALF = 388, /* Maximum half secret len */ -#else - MAX_PRF_HALF = 260, /* Maximum half secret len */ -#endif - MAX_PRF_LABSEED = 128, /* Maximum label + seed len */ - MAX_PRF_DIG = 224 /* Maximum digest len */ -}; -#endif - -#if defined(WOLFSSL_HAVE_PRF) && ((defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4))) || defined(HAVE_SELFTEST)) - -WOLFSSL_API int wc_PRF(byte* result, word32 resLen, const byte* secret, - word32 secLen, const byte* seed, word32 seedLen, int hash, - void* heap, int devId); -WOLFSSL_API int wc_PRF_TLSv1(byte* digest, word32 digLen, const byte* secret, - word32 secLen, const byte* label, word32 labLen, - const byte* seed, word32 seedLen, void* heap, int devId); -WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, - word32 secLen, const byte* label, word32 labLen, - const byte* seed, word32 seedLen, int useAtLeastSha256, - int hash_type, void* heap, int devId); -#endif /* WOLFSSL_HAVE_PRF */ - #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h index df131d30f..a8d12a7ab 100644 --- a/wolfssl/wolfcrypt/hmac.h +++ b/wolfssl/wolfcrypt/hmac.h @@ -189,6 +189,21 @@ WOLFSSL_API int wolfSSL_GetHmacMaxSize(void); WOLFSSL_LOCAL int _InitHmac(Hmac* hmac, int type, void* heap); +#ifdef HAVE_HKDF + +WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz, + const byte* inKey, word32 inKeySz, byte* out); +WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, + const byte* info, word32 infoSz, + byte* out, word32 outSz); + +WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz, + const byte* salt, word32 saltSz, + const byte* info, word32 infoSz, + byte* out, word32 outSz); + +#endif /* HAVE_HKDF */ + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/wolfcrypt/kdf.h b/wolfssl/wolfcrypt/kdf.h index 3292addb5..fabf8a228 100644 --- a/wolfssl/wolfcrypt/kdf.h +++ b/wolfssl/wolfcrypt/kdf.h @@ -33,6 +33,8 @@ #include #endif +#include + #ifdef __cplusplus extern "C" { #endif @@ -65,17 +67,6 @@ WOLFSSL_API int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, #ifdef HAVE_HKDF -WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz, - const byte* inKey, word32 inKeySz, byte* out); -WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, - const byte* info, word32 infoSz, - byte* out, word32 outSz); - -WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz, - const byte* salt, word32 saltSz, - const byte* info, word32 infoSz, - byte* out, word32 outSz); - enum { /* MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +