DMTF
diff --git a/‎include/library/spdm_crypt_lib.h‎
Lines changed: 94 additions & 1 deletion b/‎include/library/spdm_crypt_lib.h‎
Lines changed: 94 additions & 1 deletion
diff --git a/‎include/library/spdm_secured_message_lib.h‎
Lines changed: 1 addition & 18 deletions b/‎include/library/spdm_secured_message_lib.h‎
Lines changed: 1 addition & 18 deletions
diff --git a/‎library/spdm_crypt_lib/CMakeLists.txt‎
Lines changed: 1 addition & 0 deletions b/‎library/spdm_crypt_lib/CMakeLists.txt‎
Lines changed: 1 addition & 0 deletions
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2025 DMTF. All rights reserved.
+ *  Copyright 2021-2026 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -1581,6 +1581,99 @@ bool libspdm_kem_decapsulate(uint32_t kem_alg, void *context,
                              uint8_t *shared_secret,
                              size_t *shared_secret_size);
 
+/**
+ * This function concatenates binary data, which is used as info in HKDF expand later.
+ *
+ * @param  label        An ascii string label for the libspdm_bin_concat.
+ * @param  label_size   The size in bytes of the ASCII string label, not including NULL terminator.
+ * @param  context      A pre-defined hash value as the context for the libspdm_bin_concat.
+ * @param  length       16 bits length for the libspdm_bin_concat.
+ * @param  hash_size    The size in bytes of the context hash.
+ * @param  out_bin      The buffer to store the output binary.
+ * @param  out_bin_size The size in bytes for the out_bin.
+ **/
+void libspdm_bin_concat(spdm_version_number_t spdm_version,
+                        const char *label, size_t label_size,
+                        const uint8_t *context, uint16_t length,
+                        size_t hash_size, uint8_t *out_bin,
+                        size_t *out_bin_size);
+
+/**
+ * This function generates SPDM HandshakeKey.
+ *
+ * @param spdm_version                   The SPDM version number.
+ * @param secret                         Pointer to the input secret used for key derivation.
+ *                                       For DHE/KEM, input is shared_secret
+ *                                       For PSK, input is psk_hint
+ *                                       For PSK (FIPS test), input is psk
+ * @param secret_size                    Size of the input secret in bytes.
+ * @param use_psk                        Indicates whether to use PSK for key generation.
+ * @param base_hash_algo                 The base hash algorithm identifier to use for key derivation.
+ * @param th1_hash_data                  Pointer to the TH1 hash data used in the key derivation process.
+ * @param handshake_secret               Pointer to the buffer that will receive the generated handshake secret.
+ * @param handshake_secret_size          On input, the size of the handshake_secret buffer.
+ *                                       On output, the actual size of the generated handshake secret.
+ * @param request_handshake_secret       Pointer to the buffer that will receive the generated request handshake secret.
+ * @param request_handshake_secret_size  On input, the size of the request_handshake_secret buffer.
+ *                                       On output, the actual size of the generated handshake secret.
+ * @param response_handshake_secret      Pointer to the buffer that will receive the generated response handshake secret.
+ * @param response_handshake_secret_size On input, the size of the response_handshake_secret buffer.
+ *                                       On output, the actual size of the generated handshake secret.
+ * @param fips_test                      Indicates whether the function is being called for FIPS test purposes.
+ *
+ * @retval true   Handshake keys were generated successfully.
+ * @retval false  An error occurred during key generation.
+ */
+bool libspdm_generate_handshake_key (
+    spdm_version_number_t spdm_version,
+    const uint8_t *secret, size_t secret_size,
+    bool use_psk, uint32_t base_hash_algo,
+    const uint8_t *th1_hash_data,
+    uint8_t *handshake_secret, size_t *handshake_secret_size,
+    uint8_t *request_handshake_secret, size_t *request_handshake_secret_size,
+    uint8_t *response_handshake_secret, size_t *response_handshake_secret_size,
+    bool fips_test);
+
+/**
+ * This function generates SPDM DataKey.
+ *
+ * @param spdm_version                   The SPDM version number.
+ * @param secret                         Pointer to the input secret used for key derivation.
+ *                                       For DHE/KEM, input is handshake_secret
+ *                                       For PSK, input is psk_hint
+ *                                       For PSK (FIPS test), input is psk
+ * @param secret_size                    Size of the input secret in bytes.
+ * @param use_psk                        Indicates whether to use PSK for key generation.
+ * @param base_hash_algo                 The base hash algorithm identifier to use for key derivation.
+ * @param th2_hash_data                  Pointer to the TH2 hash data used in the key derivation process.
+ * @param master_secret                  Pointer to the buffer that will receive the generated master secret.
+ * @param master_secret_size             On input, the size of the master_secret buffer.
+ *                                       On output, the actual size of the generated master secret.
+ * @param request_data_secret            Pointer to the buffer that will receive the generated request data secret.
+ * @param request_data_secret_size       On input, the size of the request_data_secret buffer.
+ *                                       On output, the actual size of the generated data secret.
+ * @param response_data_secret           Pointer to the buffer that will receive the generated response data secret.
+ * @param response_data_secret_size      On input, the size of the response_data_secret buffer.
+ *                                       On output, the actual size of the generated data secret.
+ * @param export_master_secret           Pointer to the buffer that will receive the generated export master secret.
+ * @param export_master_secret_size      On input, the size of the export_master_secret buffer.
+ *                                       On output, the actual size of the generated export master secret.
+ * @param fips_test                      Indicates whether the function is being called for FIPS test purposes.
+ *
+ * @retval true   Handshake keys were generated successfully.
+ * @retval false  An error occurred during key generation.
+ */
+bool libspdm_generate_data_key (
+    spdm_version_number_t spdm_version,
+    const uint8_t *secret, size_t secret_size,
+    bool use_psk, uint32_t base_hash_algo,
+    const uint8_t *th2_hash_data,
+    uint8_t *master_secret, size_t *master_secret_size,
+    uint8_t *request_data_secret, size_t *request_data_secret_size,
+    uint8_t *response_data_secret, size_t *response_data_secret_size,
+    uint8_t *export_master_secret, size_t *export_master_secret_size,
+    bool fips_test);
+
 #if LIBSPDM_FIPS_MODE
 /*run all of the self-tests and returns the results.*/
 bool libspdm_fips_run_selftest(void *fips_selftest_context);
 
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2025 DMTF. All rights reserved.
+ *  Copyright 2021-2026 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -153,23 +153,6 @@ void libspdm_clear_handshake_secret(void *spdm_secured_message_context);
  **/
 void libspdm_clear_master_secret(void *spdm_secured_message_context);
 
-/**
- * This function concatenates binary data, which is used as info in HKDF expand later.
- *
- * @param  label        An ascii string label for the libspdm_bin_concat.
- * @param  label_size   The size in bytes of the ASCII string label, not including NULL terminator.
- * @param  context      A pre-defined hash value as the context for the libspdm_bin_concat.
- * @param  length       16 bits length for the libspdm_bin_concat.
- * @param  hash_size    The size in bytes of the context hash.
- * @param  out_bin      The buffer to store the output binary.
- * @param  out_bin_size The size in bytes for the out_bin.
- **/
-void libspdm_bin_concat(spdm_version_number_t spdm_version,
-                        const char *label, size_t label_size,
-                        const uint8_t *context, uint16_t length,
-                        size_t hash_size, uint8_t *out_bin,
-                        size_t *out_bin_size);
-
 typedef enum {
     LIBSPDM_KEY_UPDATE_OPERATION_CREATE_UPDATE,
     LIBSPDM_KEY_UPDATE_OPERATION_COMMIT_UPDATE,
 
@@ -20,6 +20,7 @@ target_sources(spdm_crypt_lib
         libspdm_crypt_rng.c
         libspdm_crypt_pqc_asym.c
         libspdm_crypt_pqc_kem.c
+        libspdm_crypt_key_schedule.c
         fips/libspdm_selftest.c
         fips/libspdm_selftest_hmac.c
         fips/libspdm_selftest_aes_gcm.c