Skip to main content

Crypto: Derive key using KDF functions

In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function […]

Source: https://en.wikipedia.org/wiki/Key_derivation_function

This directly relates to my previous post: Create an ECDH key pair and calculate shared secret

In this post I am going to share a code that can take the calculated shared secret and derive a new key(s).

Note! I am not a cryptography expert. Don’t use this for production code. This is simply an example code that shows how to generate new keys from a shared secret with OpenSSL via KDF functions.

I highly recommend reading more about ECDH and KDF before using the code below. Moreover, don’t reinvent cryptography from scratch, use an already existing solutions (not this).

This was adapted from: https://wiki.openssl.org/index.php/EVP_Key_Derivation to use C++ and exceptions.

#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"

#include <openssl/core_names.h>
#include <openssl/evp.h>
#include <openssl/kdf.h>
#include <openssl/params.h>

using KdfCtxPtr = std::unique_ptr<EVP_KDF_CTX, decltype(&EVP_KDF_CTX_free)>;

using HkdfResult = std::array<uint8_t, 32>;

HkdfResult hkdfKeyDerivation(const std::vector<uint8_t>& sharedSecret, const std::string_view& salt) {
    static const std::string_view algo = "HKDF";
    static const std::string_view digest = "sha256";
    static const std::string_view info = "label";

    // Find and allocate a context for the HKDF algorithm
    auto kdf = EVP_KDF_fetch(nullptr, algo.data(), nullptr);
    if (!kdf) {
        throw std::runtime_error("EVP_KDF_fetch failed to fetch hkdf algorithm");
    }

    auto kctxPtr = EVP_KDF_CTX_new(kdf);

    // The kctx keeps a reference so this is safe
    EVP_KDF_free(kdf);

    if (!kctxPtr) {
        throw std::runtime_error("EVP_KDF_CTX_new failed to create context");
    }

    KdfCtxPtr kctx{kctxPtr, &EVP_KDF_CTX_free};

    // Cast to types that OSSL_PARAM_construct can accept
    auto digestData = const_cast<char*>(digest.data());
    auto infoData = const_cast<char*>(info.data());
    auto saltData = const_cast<char*>(reinterpret_cast<const char*>(salt.data()));
    auto secretData = const_cast<uint8_t*>(sharedSecret.data());

    // Build up the parameters for the derivation
    OSSL_PARAM params[5];
    auto* p = params;
    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, digestData, digest.size());
    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, saltData, salt.size());
    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, secretData, sharedSecret.size());
    *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, infoData, info.size());
    *p = OSSL_PARAM_construct_end();

    if (EVP_KDF_CTX_set_params(kctx.get(), params) <= 0) {
        throw std::runtime_error("EVP_KDF_CTX_set_params failed to set params");
    }

    HkdfResult result;

    // Do the derivation
    if (EVP_KDF_derive(kctx.get(), result.data(), result.size(), nullptr) <= 0) {
        throw std::runtime_error("EVP_KDF_derive failed");
    }

    return result;
}