hmac_sha256

Struct HKDF

Source 
pub struct HKDF;
Expand description

HMAC-based Key Derivation Function (HKDF) implementation using SHA-256.

HKDF is a key derivation function based on HMAC, standardized in RFC 5869. It is used to derive one or more cryptographically strong keys from input keying material.

The HKDF process consists of two stages:

  1. Extract: Takes input keying material and an optional salt, and produces a pseudorandom key (PRK)
  2. Expand: Takes the PRK, optional context information, and desired output length to generate output keying material

§Examples

Basic usage:

// Extract a pseudorandom key from input keying material using a salt
let prk = hmac_sha256::HKDF::extract(b"salt value", b"input key material");

// Expand the PRK into output keying material of desired length
let mut okm = [0u8; 64]; // 64 bytes of output keying material
hmac_sha256::HKDF::expand(&mut okm, prk, b"application info");

Implementations§

Source§

impl HKDF

Source

pub fn extract(salt: impl AsRef<[u8]>, ikm: impl AsRef<[u8]>) -> [u8; 32]

Performs the HKDF-Extract function (first stage of HKDF).

Extracts a pseudorandom key from the input keying material using the optional salt.

§Arguments
  • salt - Optional salt value (a non-secret random value)
  • ikm - Input keying material (the secret input)
§Returns

A 32-byte pseudorandom key

§Example
let prk = hmac_sha256::HKDF::extract(b"salt value", b"input key material");
Source

pub fn expand(out: &mut [u8], prk: impl AsRef<[u8]>, info: impl AsRef<[u8]>)

Performs the HKDF-Expand function (second stage of HKDF).

Expands the pseudorandom key into output keying material of the desired length.

§Arguments
  • out - Buffer to receive the output keying material
  • prk - Pseudorandom key (from the extract step)
  • info - Optional context and application specific information
§Panics

Panics if the requested output length is greater than 255 * 32 bytes (8160 bytes).

§Example
let prk = hmac_sha256::HKDF::extract(b"salt", b"input key material");
let mut okm = [0u8; 64]; // 64 bytes of output keying material
hmac_sha256::HKDF::expand(&mut okm, prk, b"context info");

Auto Trait Implementations§

§

impl Freeze for HKDF

§

impl RefUnwindSafe for HKDF

§

impl Send for HKDF

§

impl Sync for HKDF

§

impl Unpin for HKDF

§

impl UnwindSafe for HKDF

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.