From 43e89bafd85ac2c101a2bc68d08d39a1cef19734 Mon Sep 17 00:00:00 2001 From: Yicheng Li Date: Thu, 25 Jul 2019 17:29:20 -0700 Subject: fpsensor: Add hkdf-expand implementation for arbitrary output size. This can be used to replace hkdf_expand_one_step in more general cases of HKDF. Also add unit tests for this. BRANCH=nocturne BUG=none TEST=make -j buildall Change-Id: Ie116b13ee33d171298eccabb8a37b59e702d0218 Signed-off-by: Yicheng Li Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1719871 Reviewed-by: Nicolas Norvez --- include/fpsensor_crypto.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'include') diff --git a/include/fpsensor_crypto.h b/include/fpsensor_crypto.h index ebda41bcb9..e01a38799d 100644 --- a/include/fpsensor_crypto.h +++ b/include/fpsensor_crypto.h @@ -8,6 +8,29 @@ #ifndef __CROS_EC_FPSENSOR_CRYPTO_H #define __CROS_EC_FPSENSOR_CRYPTO_H +#include + +#include "sha256.h" + +#define HKDF_MAX_INFO_SIZE 128 +#define HKDF_SHA256_MAX_BLOCK_COUNT 255 + +/** + * Expand hkdf pseudorandom key |prk| to length |out_key_size|. + * + * @param out_key the buffer to hold output key material. + * @param out_key_size length of output key in bytes. Must be less than + * or equal to HKDF_SHA256_MAX_BLOCK_COUNT * SHA256_DIGEST_SIZE bytes. + * @param prk pseudorandom key. + * @param prk_size length of |prk| in bytes. + * @param info optional context. + * @param info_size size of |info| in bytes, must be less than or equal to + * HKDF_MAX_INFO_SIZE bytes. + * @return EC_SUCCESS on success and error code otherwise. + */ +int hkdf_expand(uint8_t *out_key, size_t out_key_size, const uint8_t *prk, + size_t prk_size, const uint8_t *info, size_t info_size); + /** * Derive hardware encryption key from rollback secret and |salt|. * -- cgit v1.2.1