session: expose derive_keys

iqlusioninc · Feb 12, 2025 · 77a1405 · 77a1405
1 parent 8456e87
commit 77a1405
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/src/session/securechannel.rs b/src/session/securechannel.rs
@@ -176,15 +176,7 @@ impl SecureChannel {
         card_challenge: Challenge,
     ) -> Self {
         let context = Context::from_challenges(host_challenge, card_challenge);
-        let enc_key = derive_key(authentication_key.enc_key(), 0b100, &context);
-        let mac_key = derive_key(authentication_key.mac_key(), 0b110, &context);
-        let rmac_key = derive_key(authentication_key.mac_key(), 0b111, &context);
-
-        let session_keys = SessionKeys {
-            enc_key,
-            mac_key,
-            rmac_key,
-        };
+        let session_keys = context.derive_keys(authentication_key);
         Self::with_session_keys(id, context, session_keys)
     }
 

diff --git a/src/session/securechannel/context.rs b/src/session/securechannel/context.rs
@@ -1,6 +1,7 @@
 //! Derivation context (i.e. concatenated challenges)
 
-use super::{Challenge, CHALLENGE_SIZE};
+use super::{derive_key, Challenge, SessionKeys, CHALLENGE_SIZE};
+use crate::authentication;
 
 /// Size of a session context
 const CONTEXT_SIZE: usize = CHALLENGE_SIZE * 2;
@@ -21,6 +22,19 @@ impl Context {
     pub fn as_slice(&self) -> &[u8] {
         &self.0
     }
+
+    /// Derive session keys from context and authentication key
+    pub fn derive_keys(&self, authentication_key: &authentication::Key) -> SessionKeys {
+        let enc_key = derive_key(authentication_key.enc_key(), 0b100, self);
+        let mac_key = derive_key(authentication_key.mac_key(), 0b110, self);
+        let rmac_key = derive_key(authentication_key.mac_key(), 0b111, self);
+
+        SessionKeys {
+            enc_key,
+            mac_key,
+            rmac_key,
+        }
+    }
 }
 
 #[cfg(feature = "yubihsm-auth")]