blob: 5dc6876d77fd55a208143976dd9edbd3bf028f1e [file] [log] [blame]
Alice Wangf1a83b02023-09-26 12:39:17 +00001// Copyright 2023, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! Wrappers of the HKDF functions in BoringSSL hkdf.h.
16
17use crate::digest::Digester;
18use crate::util::check_int_result;
19use bssl_avf_error::{ApiName, Result};
20use bssl_ffi::HKDF;
21
22/// Computes HKDF (as specified by [RFC 5869]) of initial keying material `secret` with
23/// `salt` and `info` using the given `digester`.
24///
25/// [RFC 5869]: https://www.rfc-editor.org/rfc/rfc5869.html
26pub fn hkdf<const N: usize>(
27 secret: &[u8],
28 salt: &[u8],
29 info: &[u8],
30 digester: Digester,
31) -> Result<[u8; N]> {
32 let mut key = [0u8; N];
33 // SAFETY: Only reads from/writes to the provided slices and the digester was non-null.
34 let ret = unsafe {
35 HKDF(
36 key.as_mut_ptr(),
37 key.len(),
38 digester.0,
39 secret.as_ptr(),
40 secret.len(),
41 salt.as_ptr(),
42 salt.len(),
43 info.as_ptr(),
44 info.len(),
45 )
46 };
47 check_int_result(ret, ApiName::HKDF)?;
48 Ok(key)
49}