Hkdf function requires a salt/nonce #176
Description
According to the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) standard RFC 5869 (https://www.rfc-editor.org/rfc/rfc5869)
salt optional salt value (a non-secret random value);
if not provided, it is set to a string of HashLen zeros.
With cryptography version 2.7.0, the salt or nonce is required, even though the parameter is defined as optional with a default value of an empty list.
This code:
final hkdf = Hkdf(hmac: Hmac.sha256(), outputLength: 32);
final keyData = await hkdf.deriveKey(secretKey: secretKey);
will emit the following error:
Invalid argument (secretKey): Secret key must be non-empty: Instance of 'SecretKeyData'
This is because on line 44 of HKDF.dart, the nonce is used as the secretKey in a call to the Mac.calculateMac function:
final nonceAsSecretKey = SecretKey(nonce);
final prkMac = await Mac.calculateMac(
secretKeyBytes,
secretKey: nonceAsSecretKey,
nonce: nonce
);
This eventually causes an exception due to the following code in Mac.dart, line 123:
if (secretKey.bytes.empty) {
throw ArgumentError.noValue(
secretKey,
'secretKey',
'secretKey must be non-empty',
)
}
A workaround is to manually do what the spec suggests: "if not provided, it is set to a string of HashLen zeros".
nonce: List<int>.filled(32, 0)
My testing indicates the latter successfully cross-tests with Botan and CryptoKit.