in src/key_exchange/tripledh.rs [453:502]
fn derive_3dh_keys<D: Hash, KG: KeGroup, S: SecretKey<KG>>(
dh: TripleDHComponents<KG, S>,
hashed_derivation_transcript: &[u8],
) -> Result<TripleDHDerivationResult<D>, ProtocolError<S::Error>>
where
D::Core: ProxyHash,
<D::Core as BlockSizeUser>::BlockSize: IsLess<U256>,
Le<<D::Core as BlockSizeUser>::BlockSize, U256>: NonZero,
{
let mut hkdf = HkdfExtract::<D>::new(None);
hkdf.input_ikm(
&dh.sk1
.diffie_hellman(dh.pk1)
.map_err(InternalError::into_custom)?,
);
hkdf.input_ikm(&dh.sk2.diffie_hellman(dh.pk2)?);
hkdf.input_ikm(
&dh.sk3
.diffie_hellman(dh.pk3)
.map_err(InternalError::into_custom)?,
);
let (_, extracted_ikm) = hkdf.finalize();
let handshake_secret = derive_secrets::<D>(
&extracted_ikm,
STR_HANDSHAKE_SECRET,
hashed_derivation_transcript,
)
.map_err(ProtocolError::into_custom)?;
let session_key = derive_secrets::<D>(
&extracted_ikm,
STR_SESSION_KEY,
hashed_derivation_transcript,
)
.map_err(ProtocolError::into_custom)?;
let km2 = hkdf_expand_label::<D>(&handshake_secret, STR_SERVER_MAC, b"")
.map_err(ProtocolError::into_custom)?;
let km3 = hkdf_expand_label::<D>(&handshake_secret, STR_CLIENT_MAC, b"")
.map_err(ProtocolError::into_custom)?;
Ok((
GenericArray::clone_from_slice(&session_key),
GenericArray::clone_from_slice(&km2),
GenericArray::clone_from_slice(&km3),
#[cfg(test)]
handshake_secret,
))
}