noxtls-crypto 0.1.3

Internal implementation crate for noxtls: hash, symmetric cipher, public-key, and DRBG primitives.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

// Copyright (c) 2019-2026, Argenox Technologies LLC
// All rights reserved.
//
// SPDX-License-Identifier: GPL-2.0-only OR LicenseRef-Argenox-Commercial-License
//
// This file is part of the NoxTLS Library.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by the
// Free Software Foundation; version 2 of the License.
//
// Alternatively, this file may be used under the terms of a commercial
// license from Argenox Technologies LLC.
//
// See `noxtls/LICENSE` and `noxtls/LICENSE.md` in this repository for full details.
// CONTACT: info@argenox.com

use crate::internal_alloc::Vec;
use noxtls_core::{Error, Result};

use super::{hmac_sha256, hmac_sha384};

/// Extracts a pseudorandom key (PRK) using HKDF-Extract with SHA-256.
///
/// # Arguments
/// * `salt`: Optional salt value; an all-zero 32-byte salt is used when empty.
/// * `ikm`: Input keying material to extract from.
///
/// # Returns
/// A 32-byte pseudorandom key suitable for HKDF expand steps.
///
/// # Panics
///
/// This function does not panic.
#[must_use]
pub fn hkdf_extract_sha256(salt: &[u8], ikm: &[u8]) -> [u8; 32] {
    let effective_salt = if salt.is_empty() {
        &[0_u8; 32][..]
    } else {
        salt
    };
    hmac_sha256(effective_salt, ikm)
}

/// Expands HKDF output material using SHA-256 and requested output length.
///
/// # Arguments
/// * `prk`: Pseudorandom key produced by HKDF-Extract (must be at least 32 bytes).
/// * `info`: Optional context/application-specific info string.
/// * `len`: Number of output bytes to derive (max `255 * 32`).
///
/// # Returns
/// Derived output keying material with exact requested length.
///
/// # Errors
///
/// Returns [`Error::InvalidLength`] when `prk` is shorter than 32 bytes or `len` exceeds `255 * 32`.
///
/// # Panics
///
/// This function does not panic.
pub fn hkdf_expand_sha256(prk: &[u8], info: &[u8], len: usize) -> Result<Vec<u8>> {
    if prk.len() < 32 {
        return Err(Error::InvalidLength("hkdf prk must be at least 32 bytes"));
    }
    if len > 32 * 255 {
        return Err(Error::InvalidLength("hkdf output length exceeds RFC limit"));
    }
    let mut okm = Vec::with_capacity(len);
    let mut t = Vec::new();
    let n = len.div_ceil(32);
    for idx in 1..=n {
        let mut msg = Vec::with_capacity(t.len() + info.len() + 1);
        msg.extend_from_slice(&t);
        msg.extend_from_slice(info);
        msg.push(idx as u8);
        t = hmac_sha256(prk, &msg).to_vec();
        okm.extend_from_slice(&t);
    }
    okm.truncate(len);
    Ok(okm)
}

/// Extracts a pseudorandom key (PRK) using HKDF-Extract with SHA-384.
///
/// # Arguments
/// * `salt`: Optional salt value; an all-zero 48-byte salt is used when empty.
/// * `ikm`: Input keying material to extract from.
///
/// # Returns
/// A 48-byte pseudorandom key suitable for HKDF expand steps.
///
/// # Panics
///
/// This function does not panic.
#[must_use]
pub fn hkdf_extract_sha384(salt: &[u8], ikm: &[u8]) -> [u8; 48] {
    let effective_salt = if salt.is_empty() {
        &[0_u8; 48][..]
    } else {
        salt
    };
    hmac_sha384(effective_salt, ikm)
}

/// Expands HKDF output material using SHA-384 and requested output length.
///
/// # Arguments
/// * `prk`: Pseudorandom key produced by HKDF-Extract (must be at least 48 bytes).
/// * `info`: Optional context/application-specific info string.
/// * `len`: Number of output bytes to derive (max `255 * 48`).
///
/// # Returns
/// Derived output keying material with exact requested length.
///
/// # Errors
///
/// Returns [`Error::InvalidLength`] when `prk` is shorter than 48 bytes or `len` exceeds `255 * 48`.
///
/// # Panics
///
/// This function does not panic.
pub fn hkdf_expand_sha384(prk: &[u8], info: &[u8], len: usize) -> Result<Vec<u8>> {
    if prk.len() < 48 {
        return Err(Error::InvalidLength("hkdf prk must be at least 48 bytes"));
    }
    if len > 48 * 255 {
        return Err(Error::InvalidLength("hkdf output length exceeds RFC limit"));
    }
    let mut okm = Vec::with_capacity(len);
    let mut t = Vec::new();
    let n = len.div_ceil(48);
    for idx in 1..=n {
        let mut msg = Vec::with_capacity(t.len() + info.len() + 1);
        msg.extend_from_slice(&t);
        msg.extend_from_slice(info);
        msg.push(idx as u8);
        t = hmac_sha384(prk, &msg).to_vec();
        okm.extend_from_slice(&t);
    }
    okm.truncate(len);
    Ok(okm)
}