blob: 942165e2112830bfdea578f01120f5a824702e8e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
use crate::{
Result,
crypto::{
SessionKey,
backend::interface::Kdf,
},
};
impl Kdf for super::Backend {
fn hkdf_sha256(ikm: &SessionKey, salt: Option<&[u8]>, info: &[u8],
okm: &mut SessionKey)
-> Result<()>
{
assert!(okm.len() <= 255 * 32);
const NO_SALT: [u8; 32] = [0; 32];
let salt = salt.unwrap_or(&NO_SALT);
// XXX: It'd be nice to write that directly to `okm`, but botan-rs
// does not have such an interface.
let okm_heap: SessionKey =
botan::kdf("HKDF(SHA-256)", okm.len(), &*ikm, salt, info)?
.into();
// XXX: Now copy the secret.
let l = okm.len().min(okm_heap.len());
okm[..l].copy_from_slice(&okm_heap[..l]);
Ok(())
}
}
|