From 69d16c2c6e0fb6a90ac392cc09cae0baa0c5b692 Mon Sep 17 00:00:00 2001
From: David Reid <dreid@dreid.org>
Date: Tue, 28 Jan 2014 13:33:23 -0800
Subject: Expand, extract, verify.

---
 cryptography/hazmat/primitives/kdf/hkdf.py | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/cryptography/hazmat/primitives/kdf/hkdf.py b/cryptography/hazmat/primitives/kdf/hkdf.py
index c7999f10..71c277f4 100644
--- a/cryptography/hazmat/primitives/kdf/hkdf.py
+++ b/cryptography/hazmat/primitives/kdf/hkdf.py
@@ -15,6 +15,7 @@ import six
 
 from cryptography import exceptions
 from cryptography.hazmat.primitives import hmac
+from cryptography.hazmat.primitives import constant_time
 
 
 class HKDF(object):
@@ -44,11 +45,27 @@ class HKDF(object):
 
         self._used = False
 
+    def extract(self, key_material):
+        if self._used:
+            raise exceptions.AlreadyFinalized
+
+        self._used = True
+
+        return self._extract(key_material)
+
     def _extract(self, key_material):
         h = hmac.HMAC(self._salt, self._algorithm, backend=self._backend)
         h.update(key_material)
         return h.finalize()
 
+    def expand(self, key_material):
+        if self._used:
+            raise exceptions.AlreadyFinalized
+
+        self._used = True
+
+        return self._expand(key_material)
+
     def _expand(self, key_material):
         output = [b'']
         counter = 1
@@ -71,7 +88,5 @@ class HKDF(object):
         return self._expand(self._extract(key_material))
 
     def verify(self, key_material, expected_key):
-        if self._used:
-            raise exceptions.AlreadyFinalized
-
-        self._used = True
+        if not constant_time.bytes_eq(self.derive(key_material), expected_key):
+            raise exceptions.InvalidKey
-- 
cgit v1.2.3