Module orion::hazardous::hkdf [−][src]
HKDF-HMAC-SHA512 (HMAC-based Extract-and-Expand Key Derivation Function) as specified in the RFC 5869.
Parameters:
salt
: Optional salt valueikm
: Input keying materialinfo
: Optional context and application specific information (can be a zero-length string)okm_out
: Destination buffer for the derived key. The length of the derived key is implied by the length ofokm_out
See RFC for more information.
Exceptions:
An exception will be thrown if:
- The length of
okm_out
is less than 1 - The length of
okm_out
is greater than 255 * hash_output_size_in_bytes
Security:
Salts should always be generated using a CSPRNG. The gen_rand_key
function
in util
can be used for this. The recommended length for a salt is 16 bytes as a minimum.
HKDF is not suitable for password storage. Even though a salt value is optional, it is strongly
recommended to use one.
Example:
Generating derived key:
use orion::hazardous::hkdf; let salt = "Very insecure salt, should NOT be used".as_bytes(); let mut okm_out = [0u8; 32]; hkdf::derive_key(salt, "IKM".as_bytes(), "Info".as_bytes(), &mut okm_out).unwrap();
Verifying derived key:
use orion::hazardous::hkdf; let salt = "Very insecure salt, should NOT be used".as_bytes(); let mut okm_out = [0u8; 32]; hkdf::derive_key(salt, "IKM".as_bytes(), "Info".as_bytes(), &mut okm_out).unwrap(); let exp_okm = okm_out; assert!(hkdf::verify(&exp_okm, salt, "IKM".as_bytes(), "Info".as_bytes(), &mut okm_out).unwrap());
Functions
derive_key |
Combine |
expand |
The HKDF expand step. |
extract |
The HKDF extract step. |
verify |
Verify a derived key in constant time. |