aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cryptography/hazmat/primitives/kdf/hkdf.py22
1 files changed, 22 insertions, 0 deletions
diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 03500aaa..78c5bfc1 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -100,3 +100,25 @@ class HKDF(object):
def verify(self, key_material, expected_key):
if not constant_time.bytes_eq(self.derive(key_material), expected_key):
raise InvalidKey
+
+@utils.register_interface(interfaces.KeyDerivationFunction)
+class HKDFExpandOnly(HKDF):
+ def __init__(self, algorithm, length, info, backend):
+ HKDF.__init__(self, algorithm, length, None, info, backend)
+
+ def derive(self, key_material):
+ if isinstance(key_material, six.text_type):
+ raise TypeError(
+ "Unicode-objects must be encoded before using them as key"
+ "material."
+ )
+
+ if self._used:
+ raise AlreadyFinalized
+
+ self._used = True
+ return self._expand(key_material)
+
+ def verify(self, key_material, expected_key):
+ if not constant_time.bytes_eq(self.derive(key_material), expected_key):
+ raise InvalidKey
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-07 22:40:54 +0000