33e1c37c6fb546ef5aa0657e176ee54b5f8a2bf2bb21cb7861a4ba4a7889b99f.json raw

   1  {"ast":null,"code":"import assert from './_assert.js';\nimport { toBytes } from './utils.js';\nimport { hmac } from './hmac.js';\n// HKDF (RFC 5869)\n// https://soatok.blog/2021/11/17/understanding-hkdf/\n/**\n * HKDF-Extract(IKM, salt) -> PRK\n * Arguments position differs from spec (IKM is first one, since it is not optional)\n * @param hash\n * @param ikm\n * @param salt\n * @returns\n */\nexport function extract(hash, ikm, salt) {\n  assert.hash(hash);\n  // NOTE: some libraries treat zero-length array as 'not provided';\n  // we don't, since we have undefined as 'not provided'\n  // https://github.com/RustCrypto/KDFs/issues/15\n  if (salt === undefined) salt = new Uint8Array(hash.outputLen); // if not provided, it is set to a string of HashLen zeros\n  return hmac(hash, toBytes(salt), toBytes(ikm));\n}\n// HKDF-Expand(PRK, info, L) -> OKM\nconst HKDF_COUNTER = new Uint8Array([0]);\nconst EMPTY_BUFFER = new Uint8Array();\n/**\n * HKDF-expand from the spec.\n * @param prk - a pseudorandom key of at least HashLen octets (usually, the output from the extract step)\n * @param info - optional context and application specific information (can be a zero-length string)\n * @param length - length of output keying material in octets\n */\nexport function expand(hash, prk, info, length = 32) {\n  assert.hash(hash);\n  assert.number(length);\n  if (length > 255 * hash.outputLen) throw new Error('Length should be <= 255*HashLen');\n  const blocks = Math.ceil(length / hash.outputLen);\n  if (info === undefined) info = EMPTY_BUFFER;\n  // first L(ength) octets of T\n  const okm = new Uint8Array(blocks * hash.outputLen);\n  // Re-use HMAC instance between blocks\n  const HMAC = hmac.create(hash, prk);\n  const HMACTmp = HMAC._cloneInto();\n  const T = new Uint8Array(HMAC.outputLen);\n  for (let counter = 0; counter < blocks; counter++) {\n    HKDF_COUNTER[0] = counter + 1;\n    // T(0) = empty string (zero length)\n    // T(N) = HMAC-Hash(PRK, T(N-1) | info | N)\n    HMACTmp.update(counter === 0 ? EMPTY_BUFFER : T).update(info).update(HKDF_COUNTER).digestInto(T);\n    okm.set(T, hash.outputLen * counter);\n    HMAC._cloneInto(HMACTmp);\n  }\n  HMAC.destroy();\n  HMACTmp.destroy();\n  T.fill(0);\n  HKDF_COUNTER.fill(0);\n  return okm.slice(0, length);\n}\n/**\n * HKDF (RFC 5869): extract + expand in one step.\n * @param hash - hash function that would be used (e.g. sha256)\n * @param ikm - input keying material, the initial key\n * @param salt - optional salt value (a non-secret random value)\n * @param info - optional context and application specific information\n * @param length - length of output keying material in octets\n */\nexport const hkdf = (hash, ikm, salt, info, length) => expand(hash, extract(hash, ikm, salt), info, length);\n//# sourceMappingURL=hkdf.js.map","map":null,"metadata":{},"sourceType":"module","externalDependencies":[]}