libcrux-hkdf 0.0.2

Libcrux HKDF implementation
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177

//! HKDF
//!
//! This crate implements HKDF on SHA 1 and SHA 2 (except for SHA 224).
#![no_std]

extern crate alloc;

use alloc::vec::Vec;

pub mod hacl;

mod impl_hacl;

pub use impl_hacl::{HkdfSha2_256, HkdfSha2_384, HkdfSha2_512};

pub trait HkdfMode<const HASH_LEN: usize> {
    /// The hash algorithm used in this HKDF mode.
    const MODE: Algorithm;

    /// HKDF extract using the `salt` and the input key material `ikm`.
    /// The result is written to `prk`.
    ///
    /// Returns nothing on success.
    /// Returns [`Error::ArgumentsTooLarge`] if one of `ikm` or `salt` is longer than [`u32::MAX`]
    /// bytes.
    fn extract(prk: &mut [u8; HASH_LEN], salt: &[u8], ikm: &[u8]) -> Result<(), Error>;

    /// HKDF expand using the pre-key material `prk` and `info`. The output length
    /// is defined through the type of the `okm` parameter, that the output is written to.
    ///
    /// Returns nothing on success.
    /// Returns [`Error::OkmTooLarge`] if the requested `OKM_LEN` is large.
    /// Returns [`Error::ArgumentsTooLarge`] if `prk` or `info` is longer than [`u32::MAX`] bytes.
    fn expand<const OKM_LEN: usize>(
        okm: &mut [u8; OKM_LEN],
        prk: &[u8],
        info: &[u8],
    ) -> Result<(), Error>;

    /// HKDF expand using the pre-key material `prk` and `info`. The output length
    /// is defined by the parameter `okm_len`.
    ///
    /// Returns the key material in a [`Vec<u8>`] of length `okm_len` on success.
    /// Returns [`Error::OkmTooLarge`] if the requested `okm_len` is too large.
    /// Returns [`Error::ArgumentsTooLarge`] if `prk` or `info` is longer than [`u32::MAX`] bytes.
    fn expand_vec(prk: &[u8], info: &[u8], okm_len: usize) -> Result<Vec<u8>, Error>;

    /// HKDF using the `salt`, input key material `ikm`, `info`.
    /// The result is written to `okm`.
    /// The output length is defined through the length of `okm`.
    /// Calls `extract` and `expand` with the given inputs.
    ///
    /// Returns nothing on success.
    /// Returns [`Error::OkmTooLarge`] if the requested `OKM_LEN` is too large.
    /// Returns [`Error::ArgumentsTooLarge`] if one of `ikm`, `salt` or `info` is longer than
    /// [`u32::MAX`] bytes.
    #[inline(always)]
    fn hkdf<const OKM_LEN: usize>(
        okm: &mut [u8; OKM_LEN],
        salt: &[u8],
        ikm: &[u8],
        info: &[u8],
    ) -> Result<(), Error> {
        let mut prk = [0u8; HASH_LEN];
        Self::extract(&mut prk, salt, ikm)?;
        Self::expand(okm, &prk, info)
    }

    /// HKDF using the `salt`, input key material `ikm`, `info`.
    /// The output length is defined by the parameter `okm_len`.
    /// Calls `extract` and `expand_vec` with the given input.
    ///
    /// Returns the key material in a [`Vec<u8>`] of length `okm_len` on success.
    /// Returns [`Error::OkmTooLarge`] if the requested `okm_len` is too large.
    /// Returns [`Error::ArgumentsTooLarge`] if `salt`, `ikm` or `info` is longer than [`u32::MAX`] bytes.
    #[inline(always)]
    fn hkdf_vec(salt: &[u8], ikm: &[u8], info: &[u8], okm_len: usize) -> Result<Vec<u8>, Error> {
        let mut prk = [0u8; HASH_LEN];
        Self::extract(&mut prk, salt, ikm)?;
        Self::expand_vec(&prk, info, okm_len)
    }
}

/// The HKDF algorithm defining the used hash function.
#[derive(Copy, Clone, Debug, PartialEq)]
pub enum Algorithm {
    Sha256,
    Sha384,
    Sha512,
}

impl Algorithm {
    /// Returns the length of the underlying hash function.
    pub const fn hash_len(self) -> usize {
        match self {
            Algorithm::Sha256 => 32,
            Algorithm::Sha384 => 48,
            Algorithm::Sha512 => 64,
        }
    }
}

/// HKDF Errors
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum Error {
    /// The requested output key material in expand was too large for the used
    /// hash function.
    OkmTooLarge,
    /// At least one function argument has been too large to process.
    ArgumentsTooLarge,
}

/// HKDF extract using hash function `mode`, `salt`, and the input key material `ikm`.
/// Returns the pre-key material in a vector of tag length.
#[inline(always)]
pub fn extract(
    alg: Algorithm,
    salt: impl AsRef<[u8]>,
    ikm: impl AsRef<[u8]>,
) -> Result<Vec<u8>, Error> {
    let salt = salt.as_ref();
    let ikm = ikm.as_ref();
    match alg {
        Algorithm::Sha256 => allocbuf(|prk| HkdfSha2_256::extract(prk, salt, ikm)),
        Algorithm::Sha384 => allocbuf(|prk| HkdfSha2_384::extract(prk, salt, ikm)),
        Algorithm::Sha512 => allocbuf(|prk| HkdfSha2_512::extract(prk, salt, ikm)),
    }
}

/// HKDF expand using hash function `mode`, pre-key material `prk`, `info`, and output length `okm_len`.
/// Returns the key material in a vector of length `okm_len` or [`Error::OkmLengthTooLarge`]
/// if the requested output length is too large.
#[inline(always)]
pub fn expand(
    alg: Algorithm,
    prk: impl AsRef<[u8]>,
    info: impl AsRef<[u8]>,
    okm_len: usize,
) -> Result<Vec<u8>, Error> {
    let prk = prk.as_ref();
    let info = info.as_ref();
    match alg {
        Algorithm::Sha256 => HkdfSha2_256::expand_vec(prk, info, okm_len),
        Algorithm::Sha384 => HkdfSha2_384::expand_vec(prk, info, okm_len),
        Algorithm::Sha512 => HkdfSha2_512::expand_vec(prk, info, okm_len),
    }
}

/// HKDF using hash function `mode`, `salt`, input key material `ikm`, `info`, and output length `okm_len`.
/// Calls `extract` and `expand` with the given input.
/// Returns the key material in a vector of length `okm_len` or [`Error::OkmLengthTooLarge`]
/// if the requested output length is too large.
#[inline(always)]
pub fn hkdf(
    mode: Algorithm,
    salt: impl AsRef<[u8]>,
    ikm: impl AsRef<[u8]>,
    info: impl AsRef<[u8]>,
    okm_len: usize,
) -> Result<Vec<u8>, Error> {
    let salt = salt.as_ref();
    let ikm = ikm.as_ref();
    let info = info.as_ref();

    match mode {
        Algorithm::Sha256 => HkdfSha2_256::hkdf_vec(salt, ikm, info, okm_len),
        Algorithm::Sha384 => HkdfSha2_384::hkdf_vec(salt, ikm, info, okm_len),
        Algorithm::Sha512 => HkdfSha2_512::hkdf_vec(salt, ikm, info, okm_len),
    }
}

#[inline(always)]
fn allocbuf<const N: usize, T, E, F: Fn(&mut [u8; N]) -> Result<T, E>>(f: F) -> Result<Vec<u8>, E> {
    let mut buf = [0u8; N];

    f(&mut buf).map(|_| buf.into())
}