apple-cryptokit-rs 0.1.2

A Rust wrapper around Apple's native CryptoKit framework for App Store compliant cryptography.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

use super::KeyDerivationFunction;
use crate::error::{CryptoKitError, Result};

// HKDF-SHA256 Swift FFI 声明
extern "C" {
    #[link_name = "hkdf_sha256_derive"]
    fn swift_hkdf_sha256_derive(
        input_key: *const u8,
        input_key_len: i32,
        salt: *const u8,
        salt_len: i32,
        info: *const u8,
        info_len: i32,
        output_length: i32,
        output: *mut u8,
    ) -> i32;
}

/// HKDF-SHA256 密钥派生实现
#[allow(non_camel_case_types)]
pub struct HKDF_SHA256;

impl HKDF_SHA256 {
    /// 从输入密钥材料派生密钥,使用SHA256哈希算法
    ///
    /// # 参数
    /// * `input_key_material` - 输入密钥材料
    /// * `salt` - 盐值(可选,建议使用)
    /// * `info` - 应用特定信息(可选)
    /// * `output_length` - 输出密钥长度
    ///
    /// # 返回
    /// 派生的密钥数据
    ///
    /// # 错误
    /// 如果密钥派生失败,返回 `CryptoKitError::DerivationFailed`
    ///
    /// # 示例
    /// ```rust,no_run
    /// use apple_cryptokit::key_derivation::hkdf_sha256::HKDF_SHA256;
    /// use apple_cryptokit::key_derivation::KeyDerivationFunction;
    ///
    /// let ikm = b"input key material";
    /// let salt = b"optional salt";
    /// let info = b"application context";
    ///
    /// let derived_key = HKDF_SHA256::derive(ikm, salt, info, 32).unwrap();
    /// ```
    pub fn derive_key(
        input_key_material: &[u8],
        salt: &[u8],
        info: &[u8],
        output_length: usize,
    ) -> Result<Vec<u8>> {
        Self::derive(input_key_material, salt, info, output_length)
    }
}

impl KeyDerivationFunction for HKDF_SHA256 {
    fn derive(
        input_key_material: &[u8],
        salt: &[u8],
        info: &[u8],
        output_length: usize,
    ) -> Result<Vec<u8>> {
        if input_key_material.is_empty() {
            return Err(CryptoKitError::InvalidInput(
                "Input key material cannot be empty".to_string(),
            ));
        }

        if output_length == 0 || output_length > 255 * 32 {
            // SHA256输出32字节,最大255个输出块
            return Err(CryptoKitError::InvalidLength);
        }

        unsafe {
            let mut output = vec![0u8; output_length];

            let result = swift_hkdf_sha256_derive(
                input_key_material.as_ptr(),
                input_key_material.len() as i32,
                salt.as_ptr(),
                salt.len() as i32,
                info.as_ptr(),
                info.len() as i32,
                output_length as i32,
                output.as_mut_ptr(),
            );

            if result == 0 {
                Ok(output)
            } else {
                Err(CryptoKitError::DerivationFailed)
            }
        }
    }
}

/// 便利函数:HKDF-SHA256 密钥派生
///
/// # 参数
/// * `input_key_material` - 输入密钥材料
/// * `salt` - 盐值(可选,建议使用)
/// * `info` - 应用特定信息(可选)
/// * `output_length` - 输出密钥长度
///
/// # 示例
/// ```rust,no_run
/// use apple_cryptokit::key_derivation::hkdf_sha256_derive;
///
/// let ikm = b"input key material";
/// let salt = b"optional salt";
/// let info = b"application context";
///
/// let derived_key = hkdf_sha256_derive(ikm, salt, info, 32).unwrap();
/// ```
pub fn hkdf_sha256_derive(
    input_key_material: &[u8],
    salt: &[u8],
    info: &[u8],
    output_length: usize,
) -> Result<Vec<u8>> {
    HKDF_SHA256::derive(input_key_material, salt, info, output_length)
}