35 lines
899 B
Python
35 lines
899 B
Python
import hashlib
|
|
from math import ceil
|
|
from RNS.Cryptography import HMAC
|
|
|
|
def hkdf(length=None, derive_from=None, salt=None, context=None):
|
|
hash_len = 32
|
|
|
|
def hmac_sha256(key, data):
|
|
return HMAC.new(key, data, hashlib.sha256).digest()
|
|
|
|
if length == None or length < 1:
|
|
raise ValueError("Invalid output key length")
|
|
|
|
if derive_from == "None" or derive_from == "":
|
|
raise ValueError("Cannot derive key from empty input material")
|
|
|
|
if salt == None or len(salt) == 0:
|
|
salt = bytes([0] * hash_len)
|
|
|
|
if salt == None:
|
|
salt = b""
|
|
|
|
if context == None:
|
|
context = b""
|
|
|
|
pseudorandom_key = hmac_sha256(salt, derive_from)
|
|
|
|
block = b""
|
|
derived = b""
|
|
|
|
for i in range(ceil(length / hash_len)):
|
|
block = hmac_sha256(pseudorandom_key, block + context + bytes([i + 1]))
|
|
derived += block
|
|
|
|
return derived[:length] |