xref: /aosp_15_r20/external/tink/go/hybrid/internal/hpke/hkdf_kdf.go (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1// Copyright 2021 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//      http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14//
15////////////////////////////////////////////////////////////////////////////////
16
17package hpke
18
19import (
20	"crypto"
21	"fmt"
22	"io"
23
24	"golang.org/x/crypto/hkdf"
25)
26
27// hkdfKDF is a HKDF HPKE KDF variant that implements interface kdf.
28type hkdfKDF struct {
29	// HPKE KDF algorithm identifier.
30	kdfID        uint16
31	hashFunction crypto.Hash
32}
33
34var _ kdf = (*hkdfKDF)(nil)
35
36// newHKDFKDF constructs a HKDF HPKE KDF using hashFunction.
37func newHKDFKDF(hashFunction string) (*hkdfKDF, error) {
38	if hashFunction == sha256 {
39		return &hkdfKDF{kdfID: hkdfSHA256, hashFunction: crypto.SHA256}, nil
40	}
41	return nil, fmt.Errorf("hash function %s is not supported", hashFunction)
42}
43
44func (h *hkdfKDF) labeledExtract(salt, ikm []byte, ikmLabel string, suiteID []byte) []byte {
45	return hkdf.Extract(h.hashFunction.New, labelIKM(ikmLabel, ikm, suiteID), salt)
46}
47
48func (h *hkdfKDF) labeledExpand(prk, info []byte, infoLabel string, suiteID []byte, length int) ([]byte, error) {
49	labeledInfo, err := labelInfo(infoLabel, info, suiteID, length)
50	if err != nil {
51		return nil, err
52	}
53	reader := hkdf.Expand(h.hashFunction.New, prk, labeledInfo)
54	key := make([]byte, length)
55	if _, err := io.ReadFull(reader, key); err != nil {
56		return nil, err
57	}
58	return key, nil
59}
60
61func (h *hkdfKDF) extractAndExpand(salt, ikm []byte, ikmLabel string, info []byte, infoLabel string, suiteID []byte, length int) ([]byte, error) {
62	prk := h.labeledExtract(salt, ikm, ikmLabel, suiteID)
63	return h.labeledExpand(prk, info, infoLabel, suiteID, length)
64}
65
66func (h *hkdfKDF) id() uint16 {
67	return h.kdfID
68}
69