Skip to content

hkdf: impl kdf::Kdf for GenericHkdfExtract #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tarcieri merged 1 commit into from
Jan 15, 2026
Merged

hkdf: impl kdf::Kdf for GenericHkdfExtract #173

tarcieri merged 1 commit into from
Jan 15, 2026

Conversation

@tarcieri
Copy link
Member

@tarcieri tarcieri commented Jan 14, 2026

Due to the &self requirement in the Kdf trait, this seems like the only existing type that a Kdf impl makes sense for, since derive_key needs to be able to input IKM.

The "salt" parameter of Kdf::derive_key has been mapped to the HKDF info parameter, as what HKDF calls the "salt" (the non-secret value that goes into the extract step) has already been (potentially) configured via &self, whereas the "info" parameter (the non-secret value that goes into the expand step) is the one we can actually configure through this API.

@tarcieri
hkdf: impl kdf::Kdf for GenericHkdfExtract
9840374 
Due to the `&self` requirement in the `Kdf` trait, this seems like the
only existing type that a `Kdf` impl makes sense for, since `derive_key`
needs to be able to input IKM.

The "salt" parameter of `Kdf::derive_key` has been mapped to the HKDF
`info` parameter, as what HKDF calls the "salt" (the non-secret value
that goes into the extract step) has already been (potentially)
configured via `&self`, whereas the "info" parameter (the non-secret
value that goes into the expand step) is the one we can actually
configure through this API.
@tarcieri tarcieri requested a review from newpavlov January 14, 2026 21:46
tarcieri
tarcieri commented Jan 14, 2026
View reviewed changes
hkdf/src/lib.rs

#[cfg(feature = "kdf")]
impl<H: HmacImpl> Kdf for GenericHkdfExtract<H> {
fn derive_key(&self, secret: &[u8], info: &[u8], out: &mut [u8]) -> kdf::Result<()> {
Copy link
Member Author

@tarcieri tarcieri Jan 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@newpavlov per your point on RustCrypto/traits#1879 it does seem like the non-secret argument to derive_key is a better fit for HKDF info and maybe we can consider renaming it in the trait.

For now I have used the info name in the impl.

@tarcieri
Copy link
Member Author

tarcieri commented Jan 14, 2026

I can't tell if being able to input IKM before invoking derive_key is a feature or a bug

@tarcieri tarcieri merged commit cd6df6d into master Jan 15, 2026
35 checks passed
@tarcieri tarcieri deleted the hkdf/impl-kdf-trait branch January 15, 2026 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@newpavlov newpavlov Awaiting requested review from newpavlov

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tarcieri