1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
use clear_on_drop::clear::Clear;
use hmac::Hmac;
use pbkdf2::pbkdf2;
use sha2::Sha256;
use super::KEY_SIZE;
pub struct IdentityKeys {
pub(crate) enc_key: [u8; KEY_SIZE],
pub(crate) mac_key: [u8; KEY_SIZE],
}
impl IdentityKeys {
pub fn derive_from_password(password: &[u8], salt: &[u8], iterations: usize) -> Self {
let mut kdf_output = [0u8; KEY_SIZE * 2];
pbkdf2::<Hmac<Sha256>>(password, salt, iterations, &mut kdf_output);
let keys = Self::new(&kdf_output);
kdf_output.clear();
keys
}
pub fn new(key_bytes: &[u8; KEY_SIZE * 2]) -> Self {
let mut enc_key = [0u8; KEY_SIZE];
enc_key.copy_from_slice(&key_bytes[..KEY_SIZE]);
let mut mac_key = [0u8; KEY_SIZE];
mac_key.copy_from_slice(&key_bytes[KEY_SIZE..]);
Self { enc_key, mac_key }
}
}
impl Drop for IdentityKeys {
fn drop(&mut self) {
self.enc_key.clear();
self.mac_key.clear();
}
}