Function orion::default::hkdf [−][src]
pub fn hkdf(
salt: &[u8],
input: &[u8],
info: &[u8]
) -> Result<[u8; 32], UnknownCryptoError>
HKDF-HMAC-SHA512.
About:
The output length is set to 32, which makes the derived key suitable for use with AES256.
Parameters:
salt
: Salt valueinput
: Input keying materialinfo
: Optional context and application specific information (can be a zero-length string)
See RFC for more information.
Exceptions:
An exception will be thrown if:
- The length of the salt is less than 16 bytes.
Security:
Salts should always be generated using a CSPRNG. The gen_rand_key
function
in util
can be used for this. The recommended length for a salt is 16 bytes as a minimum.
HKDF is not suitable for password storage.
Example:
use orion::default; use orion::utilities::util; let mut salt = [0u8; 32]; util::gen_rand_key(&mut salt).unwrap(); let data = "Some data.".as_bytes(); let info = "Some info.".as_bytes(); let hkdf = default::hkdf(&salt, data, info).unwrap();