diff options
author | Yicheng Li <yichengli@chromium.org> | 2019-07-25 17:29:20 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-10-03 05:03:21 +0000 |
commit | 43e89bafd85ac2c101a2bc68d08d39a1cef19734 (patch) | |
tree | 68c98726b16ab38e8a40daf1d420889ff8582ed1 /include | |
parent | 8357a4fb160bda9a3c926c674492cb604421b7f1 (diff) | |
download | chrome-ec-43e89bafd85ac2c101a2bc68d08d39a1cef19734.tar.gz |
fpsensor: Add hkdf-expand implementation for arbitrary output size.
This can be used to replace hkdf_expand_one_step in more general cases
of HKDF. Also add unit tests for this.
BRANCH=nocturne
BUG=none
TEST=make -j buildall
Change-Id: Ie116b13ee33d171298eccabb8a37b59e702d0218
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1719871
Reviewed-by: Nicolas Norvez <norvez@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/fpsensor_crypto.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/include/fpsensor_crypto.h b/include/fpsensor_crypto.h index ebda41bcb9..e01a38799d 100644 --- a/include/fpsensor_crypto.h +++ b/include/fpsensor_crypto.h @@ -8,6 +8,29 @@ #ifndef __CROS_EC_FPSENSOR_CRYPTO_H #define __CROS_EC_FPSENSOR_CRYPTO_H +#include <stddef.h> + +#include "sha256.h" + +#define HKDF_MAX_INFO_SIZE 128 +#define HKDF_SHA256_MAX_BLOCK_COUNT 255 + +/** + * Expand hkdf pseudorandom key |prk| to length |out_key_size|. + * + * @param out_key the buffer to hold output key material. + * @param out_key_size length of output key in bytes. Must be less than + * or equal to HKDF_SHA256_MAX_BLOCK_COUNT * SHA256_DIGEST_SIZE bytes. + * @param prk pseudorandom key. + * @param prk_size length of |prk| in bytes. + * @param info optional context. + * @param info_size size of |info| in bytes, must be less than or equal to + * HKDF_MAX_INFO_SIZE bytes. + * @return EC_SUCCESS on success and error code otherwise. + */ +int hkdf_expand(uint8_t *out_key, size_t out_key_size, const uint8_t *prk, + size_t prk_size, const uint8_t *info, size_t info_size); + /** * Derive hardware encryption key from rollback secret and |salt|. * |