1 use crate::cvt;
2 use crate::error::ErrorStack;
3 use crate::md::MdRef;
4 use foreign_types::ForeignTypeRef;
5 use openssl_macros::corresponds;
6 
7 /// Computes HKDF (as specified by RFC 5869).
8 ///
9 /// HKDF is an Extract-and-Expand algorithm. It does not do any key stretching,
10 /// and as such, is not suited to be used alone to generate a key from a
11 /// password.
12 #[corresponds(HKDF)]
13 #[inline]
hkdf( out_key: &mut [u8], md: &MdRef, secret: &[u8], salt: &[u8], info: &[u8], ) -> Result<(), ErrorStack>14 pub fn hkdf(
15     out_key: &mut [u8],
16     md: &MdRef,
17     secret: &[u8],
18     salt: &[u8],
19     info: &[u8],
20 ) -> Result<(), ErrorStack> {
21     unsafe {
22         cvt(ffi::HKDF(
23             out_key.as_mut_ptr(),
24             out_key.len(),
25             md.as_ptr(),
26             secret.as_ptr(),
27             secret.len(),
28             salt.as_ptr(),
29             salt.len(),
30             info.as_ptr(),
31             info.len(),
32         ))?;
33     }
34 
35     Ok(())
36 }
37 
38 /// Computes a HKDF PRK (as specified by RFC 5869).
39 ///
40 /// WARNING: This function orders the inputs differently from RFC 5869
41 /// specification. Double-check which parameter is the secret/IKM and which is
42 /// the salt when using.
43 #[corresponds(HKDF_extract)]
44 #[inline]
hkdf_extract<'a>( out_key: &'a mut [u8], md: &MdRef, secret: &[u8], salt: &[u8], ) -> Result<&'a [u8], ErrorStack>45 pub fn hkdf_extract<'a>(
46     out_key: &'a mut [u8],
47     md: &MdRef,
48     secret: &[u8],
49     salt: &[u8],
50 ) -> Result<&'a [u8], ErrorStack> {
51     let mut out_len = out_key.len();
52     unsafe {
53         cvt(ffi::HKDF_extract(
54             out_key.as_mut_ptr(),
55             &mut out_len,
56             md.as_ptr(),
57             secret.as_ptr(),
58             secret.len(),
59             salt.as_ptr(),
60             salt.len(),
61         ))?;
62     }
63 
64     Ok(&out_key[..out_len])
65 }
66 
67 /// Computes a HKDF OKM (as specified by RFC 5869).
68 #[corresponds(HKDF_expand)]
69 #[inline]
hkdf_expand( out_key: &mut [u8], md: &MdRef, prk: &[u8], info: &[u8], ) -> Result<(), ErrorStack>70 pub fn hkdf_expand(
71     out_key: &mut [u8],
72     md: &MdRef,
73     prk: &[u8],
74     info: &[u8],
75 ) -> Result<(), ErrorStack> {
76     unsafe {
77         cvt(ffi::HKDF_expand(
78             out_key.as_mut_ptr(),
79             out_key.len(),
80             md.as_ptr(),
81             prk.as_ptr(),
82             prk.len(),
83             info.as_ptr(),
84             info.len(),
85         ))?;
86     }
87 
88     Ok(())
89 }
90