CryptoKit HKDF implementation

Author: whyoleg

cryptography-providers/cryptokit/src/commonMain/kotlin/CryptoKitCryptographyProvider.kt

@@ -26,7 +26,7 @@ internal object CryptoKitCryptographyProvider : CryptographyProvider() {
         SHA384 -> CryptoKitDigest(SHA384, SwiftHash::sha384, SwiftHashAlgorithmSha384)
         SHA512 -> CryptoKitDigest(SHA512, SwiftHash::sha512, SwiftHashAlgorithmSha512)
         HMAC -> CryptoKitHmac
-//        HKDF ->
+        HKDF -> CryptoKitHkdf
 //        AES.GCM ->
 //        ECDSA   ->
 //        ECDH   ->

cryptography-providers/cryptokit/src/commonMain/kotlin/algorithms/CryptoKitHkdf.kt

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2024-2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.cryptokit.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.algorithms.*
+import dev.whyoleg.cryptography.operations.*
+import dev.whyoleg.cryptography.providers.base.*
+import dev.whyoleg.cryptography.providers.cryptokit.internal.swiftinterop.*
+import kotlinx.cinterop.*
+
+@OptIn(UnsafeNumber::class)
+internal object CryptoKitHkdf : HKDF {
+    override fun secretDerivation(
+        digest: CryptographyAlgorithmId<Digest>,
+        outputSize: BinarySize,
+        salt: ByteArray?,
+        info: ByteArray?,
+    ): SecretDerivation = HkdfSecretDerivation(
+        algorithm = when (digest) {
+            MD5    -> SwiftHashAlgorithmMd5
+            SHA1   -> SwiftHashAlgorithmSha1
+            SHA256 -> SwiftHashAlgorithmSha256
+            SHA384 -> SwiftHashAlgorithmSha384
+            SHA512 -> SwiftHashAlgorithmSha512
+            else   -> throw IllegalStateException("Unsupported hash algorithm: $digest")
+        },
+        outputSize = outputSize,
+        salt = salt ?: EmptyByteArray,
+        info = info ?: EmptyByteArray
+    )
+}
+
+@OptIn(UnsafeNumber::class)
+private class HkdfSecretDerivation(
+    private val algorithm: SwiftHashAlgorithm,
+    private val outputSize: BinarySize,
+    private val salt: ByteArray,
+    private val info: ByteArray,
+) : SecretDerivation {
+    override fun deriveSecretToByteArrayBlocking(input: ByteArray): ByteArray {
+        return input.useNSData { ikm ->
+            salt.useNSData { salt ->
+                info.useNSData { info ->
+                    SwiftHkdf.derive(
+                        algorithm,
+                        ikm,
+                        salt,
+                        info,
+                        outputSize.inBytes.convert()
+                    ).toByteArray()
+                }
+            }
+        }
+    }
+}

cryptography-providers/cryptokit/src/commonMain/swift/SwiftHash.swift

@@ -33,12 +33,12 @@ import Foundation
 
     @objc public init(algorithm: SwiftHashAlgorithm) {
         self.algorithm = algorithm
-        switch algorithm {
-            case .md5:    function = Insecure.MD5()
-            case .sha1:   function = Insecure.SHA1()
-            case .sha256: function = SHA256()
-            case .sha384: function = SHA384()
-            case .sha512: function = SHA512()
+        self.function = switch algorithm {
+            case .md5:    Insecure.MD5()
+            case .sha1:   Insecure.SHA1()
+            case .sha256: SHA256()
+            case .sha384: SHA384()
+            case .sha512: SHA512()
         }
         super.init()
     }

cryptography-providers/cryptokit/src/commonMain/swift/SwiftHkdf.swift

@@ -0,0 +1,57 @@
+import CryptoKit
+import Foundation
+
+@objc public class SwiftHkdf: NSObject {
+
+    @objc(derive:::::) public static func derive(
+        algorithm: SwiftHashAlgorithm,
+        inputKey: NSData,
+        salt: NSData,
+        info: NSData,
+        outputSize: Int
+    ) -> Data {
+        let ikm = SymmetricKey(data: inputKey as Data)
+        let outputKey = switch algorithm {
+            case .md5:
+                HKDF<Insecure.MD5>.deriveKey(
+                    inputKeyMaterial: ikm,
+                    salt: salt,
+                    info: info,
+                    outputByteCount: outputSize
+                )
+
+            case .sha1:
+                HKDF<Insecure.SHA1>.deriveKey(
+                    inputKeyMaterial: ikm,
+                    salt: salt,
+                    info: info,
+                    outputByteCount: outputSize
+                )
+
+            case .sha256:
+                HKDF<SHA256>.deriveKey(
+                    inputKeyMaterial: ikm,
+                    salt: salt,
+                    info: info,
+                    outputByteCount: outputSize
+                )
+
+            case .sha384:
+                HKDF<SHA384>.deriveKey(
+                    inputKeyMaterial: ikm,
+                    salt: salt,
+                    info: info,
+                    outputByteCount: outputSize
+                )
+
+            case .sha512:
+                HKDF<SHA512>.deriveKey(
+                    inputKeyMaterial: ikm,
+                    salt: salt,
+                    info: info,
+                    outputByteCount: outputSize
+                )
+        }
+        return outputKey.withUnsafeBytes { Data($0) }
+    }
+}

cryptography-providers/cryptokit/src/commonMain/swift/SwiftHmac.swift

@@ -6,12 +6,12 @@ import Foundation
 
     @objc public init(algorithm: SwiftHashAlgorithm, key: NSData) {
         let secretKey = SymmetricKey(data: key as Data)
-        switch algorithm {
-            case .md5:    wrapper = HmacWrapper<Insecure.MD5>(key: secretKey)
-            case .sha1:   wrapper = HmacWrapper<Insecure.SHA1>(key: secretKey)
-            case .sha256: wrapper = HmacWrapper<SHA256>(key: secretKey)
-            case .sha384: wrapper = HmacWrapper<SHA384>(key: secretKey)
-            case .sha512: wrapper = HmacWrapper<SHA512>(key: secretKey)
+        self.wrapper = switch algorithm {
+            case .md5:    HmacWrapper<Insecure.MD5>(key: secretKey)
+            case .sha1:   HmacWrapper<Insecure.SHA1>(key: secretKey)
+            case .sha256: HmacWrapper<SHA256>(key: secretKey)
+            case .sha384: HmacWrapper<SHA384>(key: secretKey)
+            case .sha512: HmacWrapper<SHA512>(key: secretKey)
         }
         super.init()
     }