in src/opaque.rs [1098:1125]
fn get_password_derived_key<CS: CipherSuite>(
input: &[u8],
oprf_client: voprf::NonVerifiableClient<CS::OprfGroup>,
evaluation_element: voprf::EvaluationElement<CS::OprfGroup>,
slow_hash: Option<&CS::SlowHash>,
) -> Result<(Output<OprfHash<CS>>, Hkdf<OprfHash<CS>>), ProtocolError>
where
<OprfHash<CS> as OutputSizeUser>::OutputSize:
IsLess<U256> + IsLessOrEqual<<OprfHash<CS> as BlockSizeUser>::BlockSize>,
OprfHash<CS>: Hash,
<OprfHash<CS> as CoreProxy>::Core: ProxyHash,
<<OprfHash<CS> as CoreProxy>::Core as BlockSizeUser>::BlockSize: IsLess<U256>,
Le<<<OprfHash<CS> as CoreProxy>::Core as BlockSizeUser>::BlockSize, U256>: NonZero,
{
let oprf_output = oprf_client.finalize(input, &evaluation_element, None)?;
let hardened_output = if let Some(slow_hash) = slow_hash {
slow_hash.hash(oprf_output.clone())
} else {
CS::SlowHash::default().hash(oprf_output.clone())
}
.map_err(ProtocolError::from)?;
let mut hkdf = HkdfExtract::<OprfHash<CS>>::new(None);
hkdf.input_ikm(&oprf_output);
hkdf.input_ikm(&hardened_output);
Ok(hkdf.finalize())
}