bitwarden_crypto/keys/
prf.rs1use crate::{SymmetricCryptoKey, utils::stretch_key};
2
3#[derive(Debug)]
4pub struct InvalidInputError;
5
6pub fn derive_symmetric_key_from_prf(prf: &[u8]) -> Result<SymmetricCryptoKey, InvalidInputError> {
11 let (secret, _) = prf.split_at_checked(32).ok_or(InvalidInputError)?;
12 let secret: [u8; 32] = secret.try_into().expect("length to be 32 bytes");
13 if secret.iter().all(|b| *b == b'\0') {
15 return Err(InvalidInputError);
16 }
17 Ok(SymmetricCryptoKey::Aes256CbcHmacKey(stretch_key(
18 &Box::pin(secret.into()),
19 )))
20}
21
22#[cfg(test)]
23mod tests {
24 use super::*;
25
26 #[test]
27 fn test_prf_succeeds() {
28 let prf = pseudorandom_bytes(32);
29 let key = derive_symmetric_key_from_prf(&prf).unwrap();
30 assert!(matches!(key, SymmetricCryptoKey::Aes256CbcHmacKey(_)));
31 }
32
33 #[test]
34 fn test_zero_key_fails() {
35 let prf: Vec<u8> = (0..32).map(|_| 0).collect();
36 let err = derive_symmetric_key_from_prf(&prf).unwrap_err();
37 assert!(matches!(err, InvalidInputError));
38 }
39
40 #[test]
41 fn test_short_prf_fails() {
42 let prf = pseudorandom_bytes(9);
43 let err = derive_symmetric_key_from_prf(&prf).unwrap_err();
44 assert!(matches!(err, InvalidInputError));
45 }
46
47 #[test]
48 fn test_long_prf_truncated_to_proper_length() {
49 let long_prf = pseudorandom_bytes(33);
50 let prf = pseudorandom_bytes(32);
51 let key1 = derive_symmetric_key_from_prf(&long_prf).unwrap();
52 let key2 = derive_symmetric_key_from_prf(&prf).unwrap();
53 assert_eq!(key1, key2);
54 }
55
56 fn pseudorandom_bytes(len: usize) -> Vec<u8> {
58 (0..len).map(|x| (x % 255) as u8).collect()
59 }
60}