48 lines
1.1 KiB
Rust
48 lines
1.1 KiB
Rust
|
//! Hash-based Key Derivation Function
|
||
|
//! We just repackage other crates
|
||
|
|
||
|
use ::hkdf::Hkdf;
|
||
|
use ::sha3::Sha3_256;
|
||
|
use ::zeroize::Zeroize;
|
||
|
|
||
|
use crate::enc::sym::Secret;
|
||
|
|
||
|
// Hack & tricks:
|
||
|
// HKDF are pretty important, but they don't zero out the data.
|
||
|
// we can't user #[derive(Zeroing)] either.
|
||
|
// So we craete a union with a Zeroing object, and drop manually both.
|
||
|
|
||
|
#[derive(Zeroize)]
|
||
|
#[zeroize(drop)]
|
||
|
struct Zeroable([u8; ::core::mem::size_of::<Hkdf<Sha3_256>>()]);
|
||
|
|
||
|
union HkdfInner {
|
||
|
hkdf: ::core::mem::ManuallyDrop<Hkdf<Sha3_256>>,
|
||
|
zeroable: ::core::mem::ManuallyDrop<Zeroable>,
|
||
|
}
|
||
|
|
||
|
impl Drop for HkdfInner {
|
||
|
fn drop(&mut self) {
|
||
|
#[allow(unsafe_code)]
|
||
|
unsafe {
|
||
|
drop(&mut self.hkdf);
|
||
|
drop(&mut self.zeroable);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/// Sha3 based HKDF
|
||
|
#[allow(missing_debug_implementations)]
|
||
|
pub struct HkdfSha3 {
|
||
|
_inner: Hkdf<Sha3_256>,
|
||
|
}
|
||
|
|
||
|
impl HkdfSha3 {
|
||
|
/// Instantiate a new HKDF with Sha3-256
|
||
|
pub fn new(salt: Option<&[u8]>, key: Secret) -> Self {
|
||
|
Self {
|
||
|
_inner: Hkdf::<Sha3_256>::new(salt, key.as_ref()),
|
||
|
}
|
||
|
}
|
||
|
}
|