Separating HKDF into HKDFExtract and HKDFExpand.
The key schedule in TLS 1.3 requires a separate Extract and Expand phase
for the cryptographic computations.
Change-Id: Ifdac1237bda5212de5d4f7e8db54e202151d45ec
Reviewed-on: https://boringssl-review.googlesource.com/7983
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/include/openssl/hkdf.h b/include/openssl/hkdf.h
index 8c96c4c..a484a30 100644
--- a/include/openssl/hkdf.h
+++ b/include/openssl/hkdf.h
@@ -37,6 +37,23 @@
const uint8_t *salt, size_t salt_len,
const uint8_t *info, size_t info_len);
+/* HKDF_extract computes a HKDF PRK (as specified by RFC 5869) from initial
+ * keying material |secret| and salt |salt| using |digest|, and outputs
+ * |out_len| bytes to |out_key|. The maximum output size is |EVP_MAX_MD_SIZE|.
+ * It returns one on success and zero on error. */
+OPENSSL_EXPORT int HKDF_extract(uint8_t *out_key, size_t *out_len,
+ const EVP_MD *digest, const uint8_t *secret,
+ size_t secret_len, const uint8_t *salt,
+ size_t salt_len);
+
+/* HKDF_expand computes a HKDF OKM (as specified by RFC 5869) of length
+ * |out_len| from the PRK |prk| and info |info| using |digest|, and outputs
+ * the result to |out_key|. It returns one on success and zero on error. */
+OPENSSL_EXPORT int HKDF_expand(uint8_t *out_key, size_t out_len,
+ const EVP_MD *digest, uint8_t *prk,
+ size_t prk_len, const uint8_t *info,
+ size_t info_len);
+
#if defined(__cplusplus)
} /* extern C */
