diff options
Diffstat (limited to 'openpgp/src/crypto/backend/botan/kdf.rs')
-rw-r--r-- | openpgp/src/crypto/backend/botan/kdf.rs | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/openpgp/src/crypto/backend/botan/kdf.rs b/openpgp/src/crypto/backend/botan/kdf.rs new file mode 100644 index 00000000..942165e2 --- /dev/null +++ b/openpgp/src/crypto/backend/botan/kdf.rs @@ -0,0 +1,31 @@ +use crate::{ + Result, + crypto::{ + SessionKey, + backend::interface::Kdf, + }, +}; + +impl Kdf for super::Backend { + fn hkdf_sha256(ikm: &SessionKey, salt: Option<&[u8]>, info: &[u8], + okm: &mut SessionKey) + -> Result<()> + { + assert!(okm.len() <= 255 * 32); + + const NO_SALT: [u8; 32] = [0; 32]; + let salt = salt.unwrap_or(&NO_SALT); + + // XXX: It'd be nice to write that directly to `okm`, but botan-rs + // does not have such an interface. + let okm_heap: SessionKey = + botan::kdf("HKDF(SHA-256)", okm.len(), &*ikm, salt, info)? + .into(); + + // XXX: Now copy the secret. + let l = okm.len().min(okm_heap.len()); + okm[..l].copy_from_slice(&okm_heap[..l]); + + Ok(()) + } +} |