-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #305 from cryspen/jonas/hmac-hkdf-crates
Pull out `hkdf` and `hmac` modules as standalone crates
- Loading branch information
Showing
10 changed files
with
178 additions
and
125 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
[package] | ||
name = "libcrux-hkdf" | ||
version.workspace = true | ||
authors.workspace = true | ||
license.workspace = true | ||
homepage.workspace = true | ||
edition.workspace = true | ||
repository.workspace = true | ||
readme.workspace = true | ||
|
||
[lib] | ||
path = "src/hkdf.rs" | ||
|
||
[dependencies] | ||
libcrux-hacl = { version = "=0.0.2-pre.2", path = "../sys/hacl" } | ||
|
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
//! HKDF | ||
//! | ||
//! This crate implements HKDF on SHA 1 and SHA 2 (except for SHA 224). | ||
|
||
pub(crate) mod hacl_hkdf; | ||
|
||
/// The HKDF algorithm defining the used hash function. | ||
#[derive(Copy, Clone, Debug, PartialEq)] | ||
pub enum Algorithm { | ||
Sha256, | ||
Sha384, | ||
Sha512, | ||
} | ||
|
||
/// HKDF Errors | ||
#[derive(Debug, Clone, Copy, PartialEq, Eq)] | ||
pub enum Error { | ||
OkmLengthTooLarge, | ||
} | ||
|
||
/// HKDF extract using hash function `mode`, `salt`, and the input key material `ikm`. | ||
/// Returns the pre-key material in a vector of tag length. | ||
pub fn extract(alg: Algorithm, salt: impl AsRef<[u8]>, ikm: impl AsRef<[u8]>) -> Vec<u8> { | ||
match alg { | ||
Algorithm::Sha256 => { | ||
crate::hacl_hkdf::sha2_256::extract(salt.as_ref(), ikm.as_ref()).into() | ||
} | ||
Algorithm::Sha384 => { | ||
crate::hacl_hkdf::sha2_384::extract(salt.as_ref(), ikm.as_ref()).into() | ||
} | ||
Algorithm::Sha512 => { | ||
crate::hacl_hkdf::sha2_512::extract(salt.as_ref(), ikm.as_ref()).into() | ||
} | ||
} | ||
} | ||
|
||
/// HKDF expand using hash function `mode`, pre-key material `prk`, `info`, and output length `okm_len`. | ||
/// Returns the key material in a vector of length `okm_len` or [`Error::OkmLengthTooLarge`] | ||
/// if the requested output length is too large. | ||
pub fn expand( | ||
alg: Algorithm, | ||
prk: impl AsRef<[u8]>, | ||
info: impl AsRef<[u8]>, | ||
okm_len: usize, | ||
) -> Result<Vec<u8>, Error> { | ||
match alg { | ||
Algorithm::Sha256 => { | ||
crate::hacl_hkdf::sha2_256::vec::expand(prk.as_ref(), info.as_ref(), okm_len) | ||
.map_err(|_| Error::OkmLengthTooLarge) | ||
} | ||
Algorithm::Sha384 => { | ||
crate::hacl_hkdf::sha2_384::vec::expand(prk.as_ref(), info.as_ref(), okm_len) | ||
.map_err(|_| Error::OkmLengthTooLarge) | ||
} | ||
Algorithm::Sha512 => { | ||
crate::hacl_hkdf::sha2_512::vec::expand(prk.as_ref(), info.as_ref(), okm_len) | ||
.map_err(|_| Error::OkmLengthTooLarge) | ||
} | ||
} | ||
} | ||
|
||
/// HKDF using hash function `mode`, `salt`, input key material `ikm`, `info`, and output length `okm_len`. | ||
/// Calls `extract` and `expand` with the given input. | ||
/// Returns the key material in a vector of length `okm_len` or [`Error::OkmLengthTooLarge`] | ||
/// if the requested output length is too large. | ||
pub fn hkdf( | ||
mode: Algorithm, | ||
salt: &[u8], | ||
ikm: &[u8], | ||
info: &[u8], | ||
okm_len: usize, | ||
) -> Result<Vec<u8>, Error> { | ||
let prk = extract(mode, salt, ikm); | ||
expand(mode, prk, info, okm_len) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
[package] | ||
name = "libcrux-hmac" | ||
version.workspace = true | ||
authors.workspace = true | ||
license.workspace = true | ||
homepage.workspace = true | ||
edition.workspace = true | ||
repository.workspace = true | ||
readme.workspace = true | ||
|
||
[lib] | ||
path = "src/hmac.rs" | ||
|
||
[dependencies] | ||
libcrux-hkdf = { version = "=0.0.2-pre.2", path = "../libcrux-hkdf" } | ||
libcrux-hacl = { version = "=0.0.2-pre.2", path = "../sys/hacl" } |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
//! HMAC | ||
//! | ||
//! This crate implements HMAC on SHA 1 and SHA 2 (except for SHA 224). | ||
|
||
use libcrux_hkdf as hkdf; | ||
pub(crate) mod hacl_hmac; | ||
|
||
/// The HMAC algorithm defining the used hash function. | ||
#[derive(Copy, Clone, Debug, PartialEq)] | ||
pub enum Algorithm { | ||
Sha1, | ||
// Not implemented | ||
// Sha224 | ||
Sha256, | ||
Sha384, | ||
Sha512, | ||
} | ||
|
||
impl From<hkdf::Algorithm> for Algorithm { | ||
fn from(value: hkdf::Algorithm) -> Self { | ||
match value { | ||
hkdf::Algorithm::Sha256 => Self::Sha256, | ||
hkdf::Algorithm::Sha384 => Self::Sha384, | ||
hkdf::Algorithm::Sha512 => Self::Sha512, | ||
} | ||
} | ||
} | ||
|
||
/// Get the tag size for a given algorithm. | ||
pub const fn tag_size(alg: Algorithm) -> usize { | ||
match alg { | ||
Algorithm::Sha1 => 20, | ||
Algorithm::Sha256 => 32, | ||
Algorithm::Sha384 => 48, | ||
Algorithm::Sha512 => 64, | ||
} | ||
} | ||
|
||
/// Compute the HMAC value with the given `alg` and `key` on `data` with an | ||
/// output tag length of `tag_length`. | ||
/// Returns a vector of length `tag_length`. | ||
pub fn hmac(alg: Algorithm, key: &[u8], data: &[u8], tag_length: Option<usize>) -> Vec<u8> { | ||
let native_tag_length = tag_size(alg); | ||
let tag_length = match tag_length { | ||
Some(v) => v, | ||
None => native_tag_length, | ||
}; | ||
let mut dst: Vec<_> = match alg { | ||
Algorithm::Sha1 => crate::hacl_hmac::sha1(key, data).into(), | ||
Algorithm::Sha256 => crate::hacl_hmac::sha2_256(key, data).into(), | ||
Algorithm::Sha384 => crate::hacl_hmac::sha2_384(key, data).into(), | ||
Algorithm::Sha512 => crate::hacl_hmac::sha2_512(key, data).into(), | ||
}; | ||
dst.truncate(tag_length); | ||
dst | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters