charlesportwoodii/HKDF.cs

## README.md

      
    Raw
  

              README.md
            
          
    HMAC-based Extract-and-Expand Key Derivation Function (HKDF)

https://tools.ietf.org/html/rfc5869
public static HKDF HKDF(HashAlgorithmName algorithm, byte[] ikm, byte[] info, int outputLength = 0, byte[] salt = null)
Properties

hash
The resulting hash from the HKDF calculation
Parameters

HKDF takes 5 parameters:

A HashAlgorithmName algorithm as defined from https://docs.microsoft.com/en-us/dotnet/core/api/system.security.cryptography.hashalgorithmname.
HashAlgorithmName.HmacMd5
HashAlgorithmName.HmacSha1
HashAlgorithmName.HmacSha256
HashAlgorithmName.HmacSha384
HashAlgorithmName.HmacSha512

The initial keying material ikm represented in bytes.
The additional authentication information info.
A byte salt.
The desired outputLength represented as an integer. If 0 is set, the outputLength will be set to the algorithm length.

Example

// This is the hash algorithm to use
var algorithm = HashAlgorithmName.SHA256;

// ikm, info, and salt can be variable length - for an example we're just going to generate some random bytes
var rng = new Random();
var ikm = new byte[32];
var salt = new byte[32];
var info = new byte[4];
rng.NextBytes(ikm);
rng.NextBytes(salt);
rng.NextBytes(info);

// Our HKDF can be calculated as follows.
var hkdf = new HKDF(algorithm, ikm, info, l, salt);
var hash = hkdf.hash;

  
## HKDF.cs
using System;
using System.Security.Cryptography;

class HKDF
{
    public byte[] hash { get; set; }
    private readonly HashAlgorithmName algorithm;
    private readonly HMAC hmac;
    private readonly int digestLength;

    public HKDF(HashAlgorithmName algo, byte[] ikm, byte[] info, int outputLength = 0, byte[] salt = null)
    {
        this.algorithm = algo;
        this.hmac = this.determineHMAC();
        this.digestLength = this.hmac.ComputeHash(ikm).Length;

        if (outputLength == 0) {
            outputLength = this.digestLength;
        }

        if (outputLength < 0 || outputLength > 255 * digestLength) {
            throw new Exception("Bad output length requested of HKDF");
        }

        this.hash = this.deriveKey(salt, ikm, info, outputLength);
    }

    private HMAC determineHMAC()
    {
        if (this.algorithm == HashAlgorithmName.MD5) {
            return new HMACMD5();
        } else if (this.algorithm == HashAlgorithmName.SHA1) {
            return new HMACSHA1();
        } else if (this.algorithm == HashAlgorithmName.SHA256) {
            return new HMACSHA256();
        } else if (this.algorithm == HashAlgorithmName.SHA384) {
            return new HMACSHA384();
        } else if (this.algorithm == HashAlgorithmName.SHA512) {
            return new HMACSHA512();
        }

        return new HMACSHA256();
    }

    private byte[] extract(byte[] salt, byte[] ikm)
    {
        return this.HMAC(salt, ikm);
    }

    private byte[] HMAC(byte[] key, byte[] message)
    {
        var hmac = this.hmac;
        hmac.Key = key;
        return hmac.ComputeHash(message);
    }

    private byte[] expand(byte[] prk, byte[] info, int outputLength)
    {
        var resultBlock = new byte[0];
        var result = new byte[outputLength];
        var bytesRemaining = outputLength;

        for (int i = 1; bytesRemaining > 0; i++)
        {
            var currentInfo = new byte[resultBlock.Length + info.Length + 1];
            Array.Copy(resultBlock, 0, currentInfo, 0, resultBlock.Length);
            Array.Copy(info, 0, currentInfo, resultBlock.Length, info.Length);
            currentInfo[currentInfo.Length - 1] = (byte)i;
            resultBlock = this.HMAC(prk, currentInfo);
            Array.Copy(resultBlock, 0, result, outputLength - bytesRemaining, Math.Min(resultBlock.Length, bytesRemaining));
            bytesRemaining -= resultBlock.Length;
        }

        return result;
    }

    private byte[] deriveKey(byte[] salt, byte[] ikm, byte[] info, int outputLength)
    {
        if (info == null) {
            info = new byte[0];
        }

        if (salt == null) {
            salt = new byte[this.digestLength];
        }

        var prk = extract(salt, ikm);

        if (prk.Length < digestLength) {
            throw new Exception("Psuedo-random key is larger then digest length. Cannot perform operation");
        }

        var result = expand(prk, info, outputLength);
        return result;
    }
}
	using System;
	using System.Security.Cryptography;

	class HKDF
	{
	public byte[] hash { get; set; }
	private readonly HashAlgorithmName algorithm;
	private readonly HMAC hmac;
	private readonly int digestLength;

	public HKDF(HashAlgorithmName algo, byte[] ikm, byte[] info, int outputLength = 0, byte[] salt = null)
	{
	this.algorithm = algo;
	this.hmac = this.determineHMAC();
	this.digestLength = this.hmac.ComputeHash(ikm).Length;

	if (outputLength == 0) {
	outputLength = this.digestLength;
	}

	if (outputLength < 0 \|\| outputLength > 255 * digestLength) {
	throw new Exception("Bad output length requested of HKDF");
	}

	this.hash = this.deriveKey(salt, ikm, info, outputLength);
	}

	private HMAC determineHMAC()
	{
	if (this.algorithm == HashAlgorithmName.MD5) {
	return new HMACMD5();
	} else if (this.algorithm == HashAlgorithmName.SHA1) {
	return new HMACSHA1();
	} else if (this.algorithm == HashAlgorithmName.SHA256) {
	return new HMACSHA256();
	} else if (this.algorithm == HashAlgorithmName.SHA384) {
	return new HMACSHA384();
	} else if (this.algorithm == HashAlgorithmName.SHA512) {
	return new HMACSHA512();
	}

	return new HMACSHA256();
	}

	private byte[] extract(byte[] salt, byte[] ikm)
	{
	return this.HMAC(salt, ikm);
	}

	private byte[] HMAC(byte[] key, byte[] message)
	{
	var hmac = this.hmac;
	hmac.Key = key;
	return hmac.ComputeHash(message);
	}

	private byte[] expand(byte[] prk, byte[] info, int outputLength)
	{
	var resultBlock = new byte[0];
	var result = new byte[outputLength];
	var bytesRemaining = outputLength;

	for (int i = 1; bytesRemaining > 0; i++)
	{
	var currentInfo = new byte[resultBlock.Length + info.Length + 1];
	Array.Copy(resultBlock, 0, currentInfo, 0, resultBlock.Length);
	Array.Copy(info, 0, currentInfo, resultBlock.Length, info.Length);
	currentInfo[currentInfo.Length - 1] = (byte)i;
	resultBlock = this.HMAC(prk, currentInfo);
	Array.Copy(resultBlock, 0, result, outputLength - bytesRemaining, Math.Min(resultBlock.Length, bytesRemaining));
	bytesRemaining -= resultBlock.Length;
	}

	return result;
	}

	private byte[] deriveKey(byte[] salt, byte[] ikm, byte[] info, int outputLength)
	{
	if (info == null) {
	info = new byte[0];
	}

	if (salt == null) {
	salt = new byte[this.digestLength];
	}

	var prk = extract(salt, ikm);

	if (prk.Length < digestLength) {
	throw new Exception("Psuedo-random key is larger then digest length. Cannot perform operation");
	}

	var result = expand(prk, info, outputLength);
	return result;
	}
	}