跳到主要内容

Hkdf

rustls::crypto::tls13

特性 Hkdf 

Source 
pub trait Hkdf: Send + Sync {
    // Required methods
    fn extract_from_zero_ikm(
        &self,
        salt: Option<&[u8]>,
    ) -> Box<dyn HkdfExpander>;
    fn extract_from_secret(
        &self,
        salt: Option<&[u8]>,
        secret: &[u8],
    ) -> Box<dyn HkdfExpander>;
    fn expander_for_okm(&self, okm: &OkmBlock) -> Box<dyn HkdfExpander>;
    fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> Tag;

    // Provided methods
    fn extract_from_kx_shared_secret(
        &self,
        salt: Option<&[u8]>,
        kx: Box<dyn ActiveKeyExchange>,
        peer_pub_key: &[u8],
    ) -> Result<Box<dyn HkdfExpander>, Error> { ... }
    fn fips(&self) -> bool { ... }
}
展开描述

面向 TLS 1.3 需求的 HKDF 实现。

,请参见RFC5869 用于 the terminology 用 in this definition.

可以使用 HkdfUsingHmac,它基于 hmac::Hmac 的实现来实现此 trait。

必需方法§

Source

fn extract_from_zero_ikm(&self, salt: Option<&[u8]>) -> Box<dyn HkdfExpander>

HKDF-Extract(salt, 0_HashLen)

0_HashLen 是 string of HashLen zero bytes.

A salt of None should be treated as 一个 sequence of HashLen zero bytes.

Source

fn extract_from_secret( &self, salt: Option<&[u8]>, secret: &[u8], ) -> Box<dyn HkdfExpander>

HKDF-Extract(salt, secret)

A salt of None should be treated as 一个 sequence of HashLen zero bytes.

Source

fn expander_for_okm(&self, okm: &OkmBlock) -> Box<dyn HkdfExpander>

构建 HkdfExpander using okm as 密钥 PRK.

Source

fn hmac_sign(&self, key: &OkmBlock, message: &[u8]) -> Tag

Signs message using key viewed as 一个 HMAC key.

This should use the same hash function as the HKDF functions in this trait.

,请参见RFC2104 用于 the definition of HMAC.

提供方法§

Source

fn extract_from_kx_shared_secret( &self, salt: Option<&[u8]>, kx: Box<dyn ActiveKeyExchange>, peer_pub_key: &[u8], ) -> Result<Box<dyn HkdfExpander>, Error>

HKDF-Extract(salt, shared_secret) where shared_secret is 结果 of 一个 key exchange.

Custom implementations should complete the key exchange by calling kx.complete(peer_pub_key) 并 then using this as 输入 keying material 到 HKDF-Extract

A salt of None should be treated as 一个 sequence of HashLen zero bytes.

Source

fn fips(&self) -> bool

Return true if this is 由 FIPS 批准的实现支持。

实现者§