tink_core/subtle/
hkdf.rs

1// Copyright 2020 The Tink-Rust Authors
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17//! HKDF functions.
18
19use crate::{utils::wrap_err, TinkError};
20use tink_proto::HashType;
21
22/// Minimum tag size in bytes. This provides minimum 80-bit security strength.
23const MIN_TAG_SIZE_IN_BYTES: usize = 10;
24
25/// Validate parameters of HKDF constructor.
26fn validate_hkdf_params(
27    hash: HashType,
28    _key_size: usize,
29    tag_size: usize,
30) -> Result<(), TinkError> {
31    // validate tag size
32    let digest_size = super::get_hash_digest_size(hash)?;
33    if tag_size > 255 * digest_size {
34        Err("tag size too big".into())
35    } else if tag_size < MIN_TAG_SIZE_IN_BYTES {
36        Err("tag size too small".into())
37    } else {
38        Ok(())
39    }
40}
41
42/// Extract a pseudorandom key.
43pub fn compute_hkdf(
44    hash_alg: HashType,
45    key: &[u8],
46    salt: &[u8],
47    info: &[u8],
48    tag_size: usize,
49) -> Result<Vec<u8>, TinkError> {
50    let key_size = key.len();
51    validate_hkdf_params(hash_alg, key_size, tag_size).map_err(|e| wrap_err("hkdf", e))?;
52
53    let mut okm = vec![0; tag_size];
54    match hash_alg {
55        HashType::Sha1 => {
56            let prk = hkdf::Hkdf::<sha1::Sha1>::new(Some(salt), key);
57            prk.expand(info, &mut okm)
58                .map_err(|_| "compute of hkdf failed")?;
59        }
60        HashType::Sha256 => {
61            let prk = hkdf::Hkdf::<sha2::Sha256>::new(Some(salt), key);
62            prk.expand(info, &mut okm)
63                .map_err(|_| "compute of hkdf failed")?;
64        }
65        HashType::Sha384 => {
66            let prk = hkdf::Hkdf::<sha2::Sha384>::new(Some(salt), key);
67            prk.expand(info, &mut okm)
68                .map_err(|_| "compute of hkdf failed")?;
69        }
70        HashType::Sha512 => {
71            let prk = hkdf::Hkdf::<sha2::Sha512>::new(Some(salt), key);
72            prk.expand(info, &mut okm)
73                .map_err(|_| "compute of hkdf failed")?;
74        }
75        h => return Err(format!("hkdf: unsupported hash {h:?}").into()),
76    }
77    Ok(okm)
78}