cosmopolitan/third_party/mbedtls/hkdf.h

#ifndef MBEDTLS_HKDF_H
#define MBEDTLS_HKDF_H
#include "third_party/mbedtls/config.h"
#include "third_party/mbedtls/md.h"
/* clang-format off */

/**
 *  \name HKDF Error codes
 *  \{
 */
#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA  -0x5F80  /**< Bad input parameters to function. */
/* \} name */

#ifdef __cplusplus
extern "C" {
#endif

/**
 *  \brief  This is the HMAC-based Extract-and-Expand Key Derivation Function
 *          (HKDF).
 *
 *  \param  md        A hash function; md.size denotes the length of the hash
 *                    function output in bytes.
 *  \param  salt      An optional salt value (a non-secret random value);
 *                    if the salt is not provided, a string of all zeros of
 *                    md.size length is used as the salt.
 *  \param  salt_len  The length in bytes of the optional \p salt.
 *  \param  ikm       The input keying material.
 *  \param  ikm_len   The length in bytes of \p ikm.
 *  \param  info      An optional context and application specific information
 *                    string. This can be a zero-length string.
 *  \param  info_len  The length of \p info in bytes.
 *  \param  okm       The output keying material of \p okm_len bytes.
 *  \param  okm_len   The length of the output keying material in bytes. This
 *                    must be less than or equal to 255 * md.size bytes.
 *
 *  \return 0 on success.
 *  \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
 *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
 *          MD layer.
 */
int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,
                  const unsigned char *info, size_t info_len,
                  unsigned char *okm, size_t okm_len );

/**
 *  \brief  Take the input keying material \p ikm and extract from it a
 *          fixed-length pseudorandom key \p prk.
 *
 *  \warning    This function should only be used if the security of it has been
 *              studied and established in that particular context (eg. TLS 1.3
 *              key schedule). For standard HKDF security guarantees use
 *              \c mbedtls_hkdf instead.
 *
 *  \param       md        A hash function; md.size denotes the length of the
 *                         hash function output in bytes.
 *  \param       salt      An optional salt value (a non-secret random value);
 *                         if the salt is not provided, a string of all zeros
 *                         of md.size length is used as the salt.
 *  \param       salt_len  The length in bytes of the optional \p salt.
 *  \param       ikm       The input keying material.
 *  \param       ikm_len   The length in bytes of \p ikm.
 *  \param[out]  prk       A pseudorandom key of at least md.size bytes.
 *
 *  \return 0 on success.
 *  \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
 *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
 *          MD layer.
 */
int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
                          const unsigned char *salt, size_t salt_len,
                          const unsigned char *ikm, size_t ikm_len,
                          unsigned char *prk );

/**
 *  \brief  Expand the supplied \p prk into several additional pseudorandom
 *          keys, which is the output of the HKDF.
 *
 *  \warning    This function should only be used if the security of it has been
 *              studied and established in that particular context (eg. TLS 1.3
 *              key schedule). For standard HKDF security guarantees use
 *              \c mbedtls_hkdf instead.
 *
 *  \param  md        A hash function; md.size denotes the length of the hash
 *                    function output in bytes.
 *  \param  prk       A pseudorandom key of at least md.size bytes. \p prk is
 *                    usually the output from the HKDF extract step.
 *  \param  prk_len   The length in bytes of \p prk.
 *  \param  info      An optional context and application specific information
 *                    string. This can be a zero-length string.
 *  \param  info_len  The length of \p info in bytes.
 *  \param  okm       The output keying material of \p okm_len bytes.
 *  \param  okm_len   The length of the output keying material in bytes. This
 *                    must be less than or equal to 255 * md.size bytes.
 *
 *  \return 0 on success.
 *  \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.
 *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
 *          MD layer.
 */
int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
                         size_t prk_len, const unsigned char *info,
                         size_t info_len, unsigned char *okm, size_t okm_len );

#ifdef __cplusplus
}
#endif

#endif /* hkdf.h */
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00			`#ifndef MBEDTLS_HKDF_H`
			`#define MBEDTLS_HKDF_H`
Flatten Mbed TLS directory structure 2021-06-16 03:18:59 +00:00			`#include "third_party/mbedtls/config.h"`
			`#include "third_party/mbedtls/md.h"`
Add SSL to redbean Your redbean can now interoperate with clients that require TLS crypto. This is accomplished using a protocol polyglot that lets us distinguish between HTTP and HTTPS regardless of the port number. Certificates will be generated automatically, if none are supplied by the user. Footprint increases by only a few hundred kb so redbean in MODY=tiny is now 1.0mb - Add lseek() polyfills for ZIP executable - Automatically polyfill /tmp/FOO paths on NT - Fix readdir() / ftw() / nftw() bugs on Windows - Introduce -B flag for slower SSL that's stronger - Remove mbedtls features Cosmopolitan doesn't need - Have base64 decoder support the uri-safe alternative - Remove Truncated HMAC because it's forbidden by the IETF - Add all the mbedtls test suites and make them go 3x faster - Support opendir() / readdir() / closedir() on ZIP executable - Use Everest for ECDHE-ECDSA because it's so good it's so good - Add tinier implementation of sha1 since it's not worth the rom - Add chi-square monte-carlo mean correlation tests for getrandom() - Source entropy on Windows from the proper interface everyone uses We're continuing to outperform NGINX and other servers on raw message throughput. Using SSL means that instead of 1,000,000 qps you can get around 300,000 qps. However redbean isn't as fast as NGINX yet at SSL handshakes, since redbean can do 2,627 per second and NGINX does 4.3k Right now, the SSL UX story works best if you give your redbean a key signing key since that can be easily generated by openssl using a one liner then redbean will do all the things that are impossibly hard to do like signing ecdsa and rsa certificates that'll work in chrome. We should integrate the let's encrypt acme protocol in the future. Live Demo: https://redbean.justine.lol/ Root Cert: https://redbean.justine.lol/redbean1.crt 2021-06-24 19:31:26 +00:00			`/* clang-format off */`
Import Mbed TLS v2.26.0 2021-06-15 18:39:36 +00:00
			`/**`
			`* \name HKDF Error codes`
			`* \{`
			`*/`
			`#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80 /*< Bad input parameters to function. /`
			`/* \} name */`

			`#ifdef __cplusplus`
			`extern "C" {`
			`#endif`

			`/**`
			`* \brief This is the HMAC-based Extract-and-Expand Key Derivation Function`
			`* (HKDF).`
			`*`
			`* \param md A hash function; md.size denotes the length of the hash`
			`* function output in bytes.`
			`* \param salt An optional salt value (a non-secret random value);`
			`* if the salt is not provided, a string of all zeros of`
			`* md.size length is used as the salt.`
			`* \param salt_len The length in bytes of the optional \p salt.`
			`* \param ikm The input keying material.`
			`* \param ikm_len The length in bytes of \p ikm.`
			`* \param info An optional context and application specific information`
			`* string. This can be a zero-length string.`
			`* \param info_len The length of \p info in bytes.`
			`* \param okm The output keying material of \p okm_len bytes.`
			`* \param okm_len The length of the output keying material in bytes. This`
			`* must be less than or equal to 255 * md.size bytes.`
			`*`
			`* \return 0 on success.`
			`* \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.`
			`* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying`
			`* MD layer.`
			`*/`
			`int mbedtls_hkdf( const mbedtls_md_info_t md, const unsigned char salt,`
			`size_t salt_len, const unsigned char *ikm, size_t ikm_len,`
			`const unsigned char *info, size_t info_len,`
			`unsigned char *okm, size_t okm_len );`

			`/**`
			`* \brief Take the input keying material \p ikm and extract from it a`
			`* fixed-length pseudorandom key \p prk.`
			`*`
			`* \warning This function should only be used if the security of it has been`
			`* studied and established in that particular context (eg. TLS 1.3`
			`* key schedule). For standard HKDF security guarantees use`
			`* \c mbedtls_hkdf instead.`
			`*`
			`* \param md A hash function; md.size denotes the length of the`
			`* hash function output in bytes.`
			`* \param salt An optional salt value (a non-secret random value);`
			`* if the salt is not provided, a string of all zeros`
			`* of md.size length is used as the salt.`
			`* \param salt_len The length in bytes of the optional \p salt.`
			`* \param ikm The input keying material.`
			`* \param ikm_len The length in bytes of \p ikm.`
			`* \param[out] prk A pseudorandom key of at least md.size bytes.`
			`*`
			`* \return 0 on success.`
			`* \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.`
			`* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying`
			`* MD layer.`
			`*/`
			`int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,`
			`const unsigned char *salt, size_t salt_len,`
			`const unsigned char *ikm, size_t ikm_len,`
			`unsigned char *prk );`

			`/**`
			`* \brief Expand the supplied \p prk into several additional pseudorandom`
			`* keys, which is the output of the HKDF.`
			`*`
			`* \warning This function should only be used if the security of it has been`
			`* studied and established in that particular context (eg. TLS 1.3`
			`* key schedule). For standard HKDF security guarantees use`
			`* \c mbedtls_hkdf instead.`
			`*`
			`* \param md A hash function; md.size denotes the length of the hash`
			`* function output in bytes.`
			`* \param prk A pseudorandom key of at least md.size bytes. \p prk is`
			`* usually the output from the HKDF extract step.`
			`* \param prk_len The length in bytes of \p prk.`
			`* \param info An optional context and application specific information`
			`* string. This can be a zero-length string.`
			`* \param info_len The length of \p info in bytes.`
			`* \param okm The output keying material of \p okm_len bytes.`
			`* \param okm_len The length of the output keying material in bytes. This`
			`* must be less than or equal to 255 * md.size bytes.`
			`*`
			`* \return 0 on success.`
			`* \return #MBEDTLS_ERR_HKDF_BAD_INPUT_DATA when the parameters are invalid.`
			`* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying`
			`* MD layer.`
			`*/`
			`int mbedtls_hkdf_expand( const mbedtls_md_info_t md, const unsigned char prk,`
			`size_t prk_len, const unsigned char *info,`
			`size_t info_len, unsigned char *okm, size_t okm_len );`

			`#ifdef __cplusplus`
			`}`
			`#endif`

			`#endif /* hkdf.h */`