kcapi_hkdf - Man Page

Extract-and-Expand HKDF (RFC5869)

Synopsis

int32_t kcapi_hkdf(const char * hashname, const uint8_t * ikm, uint32_t ikmlen, const uint8_t * salt, uint32_t saltlen, const uint8_t * info, uint32_t infolen, uint8_t * dst, uint32_t dlen);

Arguments

hashname

[in] kernel crypto API name of a keyed hash (e.g. hmac(sha1))

ikm

[in] Input Keying Material (IKM) -- must be provided

ikmlen

[in] IKM buffer length -- must be non-zero

salt

[in] salt buffer -- may be NULL

saltlen

[in] salt buffer length -- may be zero

info

[in] info buffer -- may be NULL

infolen

[in] info buffer length -- may be zero

dst

[out] Buffer to store the generated key in,

dlen

[in] Length of the dst buffer. This value defines the number of bytes generated by the KDF.

Description

Perform the key-derivation function according to RFC5869. The input data is defined in sections 2.2 und 2.3 of RFC5869.

return 0 upon success; a negative errno-style error code if an error occurred

Author

Stephan Mueller <smueller@chronox.de>

Author.

Info

March 2021 libkcapi Manual 1.2.1 Programming Interface