openpgp/src/crypto/backend/botan/kdf.rs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

use crate::{
    Result,
    crypto::{
        SessionKey,
        backend::interface::Kdf,
    },
};

impl Kdf for super::Backend {
    fn hkdf_sha256(ikm: &SessionKey, salt: Option<&[u8]>, info: &[u8],
                   okm: &mut SessionKey)
                   -> Result<()>
    {
        assert!(okm.len() <= 255 * 32);

        const NO_SALT: [u8; 32] = [0; 32];
        let salt = salt.unwrap_or(&NO_SALT);

        // XXX: It'd be nice to write that directly to `okm`, but botan-rs
        // does not have such an interface.
        let okm_heap: SessionKey =
            botan::kdf("HKDF(SHA-256)", okm.len(), &*ikm, salt, info)?
            .into();

        // XXX: Now copy the secret.
        let l = okm.len().min(okm_heap.len());
        okm[..l].copy_from_slice(&okm_heap[..l]);

        Ok(())
    }
}