TODO: tests: Add hkdf::Salt::derive.

src/hkdf.rs

@@ -42,6 +42,16 @@ use crate::{digest, error, hmac};
 pub struct Salt(hmac::Key);
 
 impl Salt {
+    /// The [HKDF-Expand] operation, specialized for deriving a new salt.
+    ///
+    /// The new `Salt` will have a length equal to the digest algorithm's output
+    /// length.
+    ///
+    /// [HKDF-Expand]: https://tools.ietf.org/html/rfc5869#section-2.3
+    pub fn derive(digest_algorithm: &'static digest::Algorithm, okm: Okm) -> Self {
+        Self(hmac::Key::derive(digest_algorithm, okm))
+    }
+
     /// Constructs a new `Salt` with the given value based on the given digest
     /// algorithm.
     ///
@@ -73,6 +83,8 @@ pub struct Prk(hmac::Key);
 
 impl Prk {
     /// The [HKDF-Expand] operation.
+    ///
+    /// [HKDF-Expand]: https://tools.ietf.org/html/rfc5869#section-2.3
     #[inline]
     pub fn expand<'a>(&'a self, info: &'a [u8]) -> Okm<'a> { Okm { prk: self, info } }
 }

src/hmac.rs

@@ -124,6 +124,7 @@
 //!     https://github.com/briansmith/ring/blob/master/src/hkdf.rs
 
 use crate::{constant_time, digest, error, rand};
+use crate::hkdf;
 
 /// A deprecated alias for `Tag`.
 #[deprecated(note = "`Signature` was renamed to `Tag`. This alias will be removed soon.")]
@@ -164,6 +165,18 @@ impl core::fmt::Debug for Key {
 }
 
 impl Key {
+    /// Derive an HMAC key from the output of an `HKDF-Expand` operation.
+    ///
+    /// The key will be `digest_alg.output_len` bytes long, based on the
+    /// recommendation in https://tools.ietf.org/html/rfc2104#section-3.
+    pub fn derive(
+        digest_alg: &'static digest::Algorithm, okm: hkdf::Okm) -> Self {
+        let mut key_bytes = [0; digest::MAX_OUTPUT_LEN];
+        let key_bytes = &mut key_bytes[..digest_alg.output_len];
+        okm.fill(key_bytes).unwrap();
+        Self::new(digest_alg, key_bytes)
+    }
+
     /// Generate an HMAC signing key using the given digest algorithm with a
     /// random value generated from `rng`.
     ///