RustCrypto: HKDF
Pure Rust implementation of the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) generic over hash function.
Usage
The most common way to use HKDF is as follows: you provide the Initial Key Material (IKM) and an optional salt, then you expand it (perhaps multiple times) into some Output Key Material (OKM) bound to an "info" context string.
use Sha256;
use Hkdf;
use hex;
let ikm = hex!;
let salt = hex!;
let info = hex!;
let hk = new;
let mut okm = ;
hk.expand
.expect;
let expected = hex!;
assert_eq!;
Normally the PRK (Pseudo-Random Key) remains hidden within the HKDF object, but if you need to access it, use Hkdf::extract
instead of Hkdf::new
.
let = extract;
let expected = hex!;
assert_eq!;
If you already have a strong key to work from (uniformly-distributed and
long enough), you can save a tiny amount of time by skipping the extract
step. In this case, you pass a Pseudo-Random Key (PRK) into the
Hkdf::from_prk
constructor, then use the resulting Hkdf
object
as usual.
let prk = hex!;
let hk = from_prk.expect;
let mut okm = ;
hk.expand
.expect;
let expected = hex!;
assert_eq!;
Minimum Supported Rust Version
Rust 1.71 or higher.
Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.
SemVer Policy
- All on-by-default features of this library are covered by SemVer
- MSRV is considered exempt from SemVer as noted above
License
Licensed under either of:
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.