ffsend_api/crypto/
hkdf.rs

1extern crate hkdf;
2extern crate sha2;
3
4#[cfg(feature = "crypto-ring")]
5use std::num::NonZeroU32;
6
7use self::hkdf::Hkdf;
8use self::sha2::Sha256;
9#[cfg(feature = "crypto-openssl")]
10use openssl::{hash::MessageDigest, pkcs5::pbkdf2_hmac};
11#[cfg(feature = "crypto-ring")]
12use ring::pbkdf2;
13use url::Url;
14
15/// The length of the derived authentication key in bytes.
16const KEY_AUTH_SIZE: usize = 64;
17
18/// The number of iterations to do for deriving a passworded authentication
19/// key.
20const KEY_AUTH_ITERATIONS: usize = 100;
21
22/// Derive a HKDF key.
23///
24/// # Arguments
25/// * salt - Key salt, `None` for no salt
26/// * length - Length of the derived key value that is returned.
27/// * ikm - The input keying material.
28/// * info - Optional context and application specific information to use.
29///
30/// # Returns
31/// The output keying material, with the length as as specified in the `length`
32/// argument.
33pub fn hkdf(salt: Option<&[u8]>, length: usize, ikm: &[u8], info: Option<&[u8]>) -> Vec<u8> {
34    // Unwrap info or use empty info, define output key material
35    let info = info.unwrap_or(&[]);
36    let mut okm = vec![0u8; length];
37
38    // Derive a HKDF key with the given length
39    Hkdf::<Sha256>::extract(salt, &ikm)
40        .1
41        .expand(&info, &mut okm)
42        .unwrap();
43
44    okm
45}
46
47/// Derive a key to use for file data encryption, based on the given `secret`.
48pub fn derive_file_key(secret: &[u8]) -> Vec<u8> {
49    hkdf(None, 16, secret, Some(b"encryption"))
50}
51
52/// Derive a key to use for metadata encryption, based on the given `secret`.
53pub fn derive_meta_key(secret: &[u8]) -> Vec<u8> {
54    hkdf(None, 16, secret, Some(b"metadata"))
55}
56
57/// Derive a key used for authentication, based on the given `secret`.
58///
59/// A `password` and `url` may be given for special key deriving.
60/// At this time this is not implemented however.
61pub fn derive_auth_key(secret: &[u8], password: Option<&str>, url: Option<&Url>) -> Vec<u8> {
62    // Nothing, or both a password and URL must be given
63    assert_eq!(
64        password.is_none(),
65        url.is_none(),
66        "unable to derive authentication key, missing password or URL",
67    );
68
69    // Derive a key without a password
70    if password.is_none() {
71        return hkdf(None, KEY_AUTH_SIZE, secret, Some(b"authentication"));
72    }
73
74    // Derive a key with a password and URL
75    let mut key = vec![0u8; KEY_AUTH_SIZE];
76
77    // TODO: do not expect/unwrap here
78    #[cfg(feature = "crypto-openssl")]
79    pbkdf2_hmac(
80        password.unwrap().as_bytes(),
81        url.unwrap().as_str().as_bytes(),
82        KEY_AUTH_ITERATIONS,
83        MessageDigest::sha256(),
84        &mut key,
85    )
86    .expect("failed to derive passworded authentication key");
87
88    #[cfg(feature = "crypto-ring")]
89    pbkdf2::derive(
90        pbkdf2::PBKDF2_HMAC_SHA256,
91        NonZeroU32::new(KEY_AUTH_ITERATIONS as u32)
92            .expect("key authentication iteration count cannot be 0"),
93        url.unwrap().as_str().as_bytes(),
94        password.unwrap().as_bytes(),
95        &mut key,
96    );
97
98    key
99}