HKDF-Expand(PRK, info, L) -> OKM

Options:

• Hash- a hash function; HashLen denotes the length of the hash function output in octets

Inputs:

• PRK a pseudorandom key of at least HashLen octets (usually, the output from the extract step)

• info optional context and application specific information (can be a zero-length string)

• L length of output keying material in octets (<= 255*HashLen)

Output:

• OKM output keying material (of L octets)

The output OKM is calculated as follows:

N = ceil(L/HashLen) T = T(1) | T(2) | T(3) | ... | T(N) OKM = first L octets of T

where:

T(0) = empty string (zero length) T(1) = HMAC-Hash(PRK, T(0) | info | 0x01) T(2) = HMAC-Hash(PRK, T(1) | info | 0x02) T(3) = HMAC-Hash(PRK, T(2) | info | 0x03) .......

(where the constant concatenated to the end of each T(n) is a single octet.)