Definition: Key derivation function (KDF) that follows the "extract-then-expand" paradigm, where the KDF logically consists of two modules. The first stage takes the input keying material and "extracts" from it a fixed-length pseudorandom key
$\mathcal{K}$ . The second stage "expands" the key$\mathcal{K}$ into several additional pseudorandom keys (the output of the KDF).
HKDF use HMAC and a hash function (e.g. SHA-1, SHA-256, SHA-516...).
HMAC(BYTES key, BYTES message, HASH hash_func)
HKDF_extract(BYTES salt = b"", BYTES IKM, HASH hash_func) -> BYTES
BYTES PKM = HMAC(salt, IKM, hash_func)
RETURN PKM
HKDF_expand(BYTES PRK, BYTES info = b"", INT L, HASH hash_func) -> BYTES
INT N = ceil(L / hash_func.len)
BYTES T = b""
FOR k IN 1 TO N
T += HMAC(PRK, T + info + BYTES(k), hash_func)
BYTES OKM = T[:L]
RETURN OKM
HKDF(BYTES IKM, BYTES salt = b"", BYTES info = b"", INT L, HASH hash_func) -> BYTES
RETURN HKDF_expand(HKDF_extract(salt, IKM, hash_func), info, L, hash_func)