Refactor HKDF support and provide vectors for tests.

1 files changed, 17 insertions, 8 deletions

diff --git a/cryptography/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index 9665ce57..8d36c80b 100644
--- a/cryptography/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -1,15 +1,24 @@
-from cryptography.hazmat.backends import default_backend
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 from cryptography.hazmat.primitives import hmac
 from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives import constant_time
 
-def hkdf_derive(input_key, key_length, salt=None, info=None, hash=None, backend=None):
+def hkdf_derive(input_key, key_length, salt, info, hash, backend):
     if hash is None:
         hash = hashes.SHA256()
 
-    if backend is None:
-        backend = default_backend()
-
     if info is None:
         info = b""
 
@@ -34,10 +43,10 @@ def hkdf_derive(input_key, key_length, salt=None, info=None, hash=None, backend=
     return b"".join(output)[:key_length]
 
 
-def hkdf_verify(expected, input_key, key_length, salt=None, info=None,
-                hash=None, backend=None):
+def hkdf_verify(expected, input_key, key_length, salt, info, hash, backend):
     derived = hkdf_derive(input_key, key_length, salt=salt, info=info,
                            hash=hash, backend=backend)
 
-    return constant_time.bytes_eq(expected, derived)
+    if not constant_time.bytes_eq(expected, derived):
+        raise ValueError("")