diff options
Diffstat (limited to 'src/Codec')
-rw-r--r-- | src/Codec/Crypto/HKDF.hs | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/src/Codec/Crypto/HKDF.hs b/src/Codec/Crypto/HKDF.hs index 2b1dc1f..bd2d7a5 100644 --- a/src/Codec/Crypto/HKDF.hs +++ b/src/Codec/Crypto/HKDF.hs @@ -19,11 +19,12 @@ module Codec.Crypto.HKDF import qualified Data.ByteString as ByteString import qualified Data.ByteString.Unsafe as ByteString -import Foreign (Storable(peek), alloca, allocaArray) +import Foreign (allocaArray) import Foreign.Marshal.Unsafe (unsafeLocalState) import BTLS.BoringSSL.Digest (evpMaxMDSize) import BTLS.BoringSSL.HKDF +import BTLS.BoringSSLPatterns (onBufferOfMaxSize) import BTLS.Cast (asCUCharBuf) import BTLS.Types ( Algorithm(Algorithm), AssociatedData(AssociatedData), Salt(Salt) @@ -33,9 +34,9 @@ import BTLS.Types -- | Computes an HKDF pseudorandom key (PRK) as specified by RFC 5869. extract :: Algorithm -> Salt -> SecretKey -> SecretKey extract (Algorithm md) (Salt salt) (SecretKey secret) = - unsafeLocalState $ - allocaArray evpMaxMDSize $ \pOutKey -> - alloca $ \pOutLen -> do + SecretKey $ + unsafeLocalState $ + onBufferOfMaxSize evpMaxMDSize $ \pOutKey pOutLen -> do -- @HKDF_extract@ won't mutate @secret@ or @salt@, so the sharing inherent -- in 'ByteString.unsafeUseAsCStringLen' is fine. ByteString.unsafeUseAsCStringLen secret $ \(pSecret, secretLen) -> @@ -45,21 +46,20 @@ extract (Algorithm md) (Salt salt) (SecretKey secret) = md (asCUCharBuf pSecret) (fromIntegral secretLen) (asCUCharBuf pSalt) (fromIntegral saltLen) - outLen <- fromIntegral <$> peek pOutLen - SecretKey <$> ByteString.packCStringLen (pOutKey, outLen) -- | Computes HKDF output key material (OKM) as specified by RFC 5869. expand :: Algorithm -> AssociatedData -> Int -> SecretKey -> SecretKey expand (Algorithm md) (AssociatedData info) outLen (SecretKey secret) = - unsafeLocalState $ - allocaArray outLen $ \pOutKey -> do - -- @HKDF_expand@ won't mutate @secret@ or @info@, so the sharing inherent - -- in 'ByteString.unsafeUseAsCStringLen' is fine. - ByteString.unsafeUseAsCStringLen secret $ \(pSecret, secretLen) -> - ByteString.unsafeUseAsCStringLen info $ \(pInfo, infoLen) -> - hkdfExpand - (asCUCharBuf pOutKey) (fromIntegral outLen) - md - (asCUCharBuf pSecret) (fromIntegral secretLen) - (asCUCharBuf pInfo) (fromIntegral infoLen) - SecretKey <$> ByteString.packCStringLen (pOutKey, outLen) + SecretKey $ + unsafeLocalState $ + allocaArray outLen $ \pOutKey -> do + -- @HKDF_expand@ won't mutate @secret@ or @info@, so the sharing inherent + -- in 'ByteString.unsafeUseAsCStringLen' is fine. + ByteString.unsafeUseAsCStringLen secret $ \(pSecret, secretLen) -> + ByteString.unsafeUseAsCStringLen info $ \(pInfo, infoLen) -> + hkdfExpand + (asCUCharBuf pOutKey) (fromIntegral outLen) + md + (asCUCharBuf pSecret) (fromIntegral secretLen) + (asCUCharBuf pInfo) (fromIntegral infoLen) + ByteString.packCStringLen (pOutKey, outLen) |