mirror of
https://github.com/markqvist/Reticulum.git
synced 2024-11-07 14:50:15 +00:00
35 lines
899 B
Python
35 lines
899 B
Python
|
import hashlib
|
||
|
from math import ceil
|
||
|
from RNS.Cryptography import HMAC
|
||
|
|
||
|
def hkdf(length=None, derive_from=None, salt=None, context=None):
|
||
|
hash_len = 32
|
||
|
|
||
|
def hmac_sha256(key, data):
|
||
|
return HMAC.new(key, data, hashlib.sha256).digest()
|
||
|
|
||
|
if length == None or length < 1:
|
||
|
raise ValueError("Invalid output key length")
|
||
|
|
||
|
if derive_from == "None" or derive_from == "":
|
||
|
raise ValueError("Cannot derive key from empty input material")
|
||
|
|
||
|
if salt == None or len(salt) == 0:
|
||
|
salt = bytes([0] * hash_len)
|
||
|
|
||
|
if salt == None:
|
||
|
salt = b""
|
||
|
|
||
|
if context == None:
|
||
|
context = b""
|
||
|
|
||
|
pseudorandom_key = hmac_sha256(salt, derive_from)
|
||
|
|
||
|
block = b""
|
||
|
derived = b""
|
||
|
|
||
|
for i in range(ceil(length / hash_len)):
|
||
|
block = hmac_sha256(pseudorandom_key, block + context + bytes([i + 1]))
|
||
|
derived += block
|
||
|
|
||
|
return derived[:length]
|