2022-06-07 07:26:45 -06:00
|
|
|
import hashlib
|
|
|
|
from math import ceil
|
|
|
|
from RNS.Cryptography import HMAC
|
|
|
|
|
|
|
|
def hkdf(length=None, derive_from=None, salt=None, context=None):
|
|
|
|
hash_len = 32
|
|
|
|
|
|
|
|
def hmac_sha256(key, data):
|
2022-06-07 09:33:08 -06:00
|
|
|
return HMAC.new(key, data).digest()
|
2022-06-07 07:26:45 -06:00
|
|
|
|
|
|
|
if length == None or length < 1:
|
|
|
|
raise ValueError("Invalid output key length")
|
|
|
|
|
|
|
|
if derive_from == "None" or derive_from == "":
|
|
|
|
raise ValueError("Cannot derive key from empty input material")
|
|
|
|
|
|
|
|
if salt == None or len(salt) == 0:
|
|
|
|
salt = bytes([0] * hash_len)
|
|
|
|
|
|
|
|
if salt == None:
|
|
|
|
salt = b""
|
|
|
|
|
|
|
|
if context == None:
|
|
|
|
context = b""
|
|
|
|
|
|
|
|
pseudorandom_key = hmac_sha256(salt, derive_from)
|
|
|
|
|
|
|
|
block = b""
|
|
|
|
derived = b""
|
|
|
|
|
|
|
|
for i in range(ceil(length / hash_len)):
|
|
|
|
block = hmac_sha256(pseudorandom_key, block + context + bytes([i + 1]))
|
|
|
|
derived += block
|
|
|
|
|
|
|
|
return derived[:length]
|