use hkdf

core/lib/Cargo.toml

@@ -75,6 +75,8 @@ cookie = { version = "0.18", features = ["percent-encode"] }
 futures = { version = "0.3.30", default-features = false, features = ["std"] }
 state = "0.6"
 chacha20poly1305 = "0.10.1"
+hkdf = "0.12.4"
+sha2 = "0.10.8"
 
 # tracing
 tracing = { version = "0.1.40", default-features = false, features = ["std", "attributes"] }

core/lib/src/config/secret_key.rs

@@ -1,16 +1,17 @@
 use std::fmt;
 
 use chacha20poly1305::{
-    aead::{Aead, AeadCore, KeyInit, OsRng, generic_array::GenericArray},
+    aead::{generic_array::typenum::Unsigned, Aead, AeadCore, KeyInit, OsRng},
-    XChaCha20Poly1305, XNonce,
+    XChaCha20Poly1305, XNonce
 };
+use hkdf::Hkdf;
+use sha2::Sha256;
 use cookie::Key;
 use serde::{de, ser, Deserialize, Serialize};
 
 use crate::request::{Outcome, Request, FromRequest};
 
-const NONCE_LEN: usize = 24; // 192-bit
+const INFO_STRING: &[u8] = b"secret_key_data_encryption";
-const KEY_LEN: usize = 32;
 
 #[derive(Debug)]
 pub enum Error {
@@ -212,21 +213,18 @@ impl SecretKey {
     /// assert_eq!(decrypted, plaintext);
     /// ```
     pub fn encrypt<T: AsRef<[u8]>>(&self, value: T) -> Result<Vec<u8>, Error> {
-        // Convert the encryption key to a fixed-length array
-        let key: [u8; KEY_LEN] = self.key
-            .encryption()
-            .try_into()
-            .map_err(|_| Error::KeyLengthError)?;
-
-        let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
         let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng);
 
+        let (mut prk, hk) = Hkdf::<Sha256>::extract(Some(&nonce), self.key.encryption());
+        hk.expand(INFO_STRING, &mut prk).map_err(|_| Error::KeyLengthError)?;
+        let cipher = XChaCha20Poly1305::new(&prk);
+
         let ciphertext = cipher
             .encrypt(&nonce, value.as_ref())
             .map_err(|_| Error::EncryptionError)?;
 
         // Prepare a vector to hold the nonce and ciphertext
-        let mut encrypted_data = Vec::with_capacity(NONCE_LEN + ciphertext.len());
+        let mut encrypted_data = Vec::with_capacity(nonce.len() + ciphertext.len());
         encrypted_data.extend_from_slice(nonce.as_slice());
         encrypted_data.extend_from_slice(&ciphertext);
 
@@ -240,21 +238,18 @@ impl SecretKey {
         let encrypted = encrypted.as_ref();
 
         // Check if the length of decoded data is at least the length of the nonce
-        if encrypted.len() <= NONCE_LEN {
+        let nonce_len = <XChaCha20Poly1305 as AeadCore>::NonceSize::USIZE;
+        if encrypted.len() <= nonce_len {
             return Err(Error::EncryptedDataLengthError);
         }
 
         // Split the decoded data into nonce and ciphertext
-        let (nonce, ciphertext) = encrypted.split_at(NONCE_LEN);
+        let (nonce, ciphertext) = encrypted.split_at(nonce_len);
         let nonce = XNonce::from_slice(nonce);
 
-        // Convert the encryption key to a fixed-length array
+        let (mut prk, hk) = Hkdf::<Sha256>::extract(Some(&nonce), self.key.encryption());
-        let key: [u8; KEY_LEN] = self.key
+        hk.expand(INFO_STRING, &mut prk).map_err(|_| Error::KeyLengthError)?;
-            .encryption()
+        let cipher = XChaCha20Poly1305::new(&prk);
-            .try_into()
-            .map_err(|_| Error::KeyLengthError)?;
-
-        let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
 
         // Decrypt the ciphertext using the nonce
         let decrypted = cipher.decrypt(nonce, ciphertext)