factor out HKDF

src/wormhole/_dilation/connector.py

@@ -11,11 +11,11 @@ from twisted.internet.defer import DeferredList
 from twisted.internet.endpoints import serverFromString
 from twisted.internet.protocol import ClientFactory, ServerFactory
 from twisted.python import log
-from hkdf import Hkdf
 from .. import ipaddrs  # TODO: move into _dilation/
 from .._interfaces import IDilationConnector, IDilationManager
 from ..timing import DebugTiming
 from ..observer import EmptyableSet
+from ..util import HKDF
 from .connection import DilatedConnectionProtocol, KCM
 from .roles import LEADER
 
@@ -24,11 +24,6 @@ from .._hints import (DirectTCPV1Hint, TorTCPV1Hint, RelayV1Hint,
                       encode_hint)
 
 
-
-def HKDF(skm, outlen, salt=None, CTXinfo=b""):
-    return Hkdf(salt, skm).expand(CTXinfo, outlen)
-
-
 def build_sided_relay_handshake(key, side):
     assert isinstance(side, type(u""))
     assert len(side) == 8 * 2

src/wormhole/_key.py

@@ -6,7 +6,6 @@ import six
 from attr import attrib, attrs
 from attr.validators import instance_of, provides
 from automat import MethodicalMachine
-from hkdf import Hkdf
 from nacl import utils
 from nacl.exceptions import CryptoError
 from nacl.secret import SecretBox
@@ -15,16 +14,12 @@ from zope.interface import implementer
 
 from . import _interfaces
 from .util import (bytes_to_dict, bytes_to_hexstr, dict_to_bytes,
-                   hexstr_to_bytes, to_bytes)
+                   hexstr_to_bytes, to_bytes, HKDF)
 
 CryptoError
 __all__ = ["derive_key", "derive_phase_key", "CryptoError", "Key"]
 
 
-def HKDF(skm, outlen, salt=None, CTXinfo=b""):
-    return Hkdf(salt, skm).expand(CTXinfo, outlen)
-
-
 def derive_key(key, purpose, length=SecretBox.KEY_SIZE):
     if not isinstance(key, type(b"")):
         raise TypeError(type(key))

src/wormhole/test/test_transit.py

@@ -19,6 +19,7 @@ from wormhole_transit_relay import transit_server
 from .. import transit
 from .._hints import DirectTCPV1Hint
 from ..errors import InternalError
+from ..util import HKDF
 from .common import ServerBase
 
 
@@ -1526,7 +1527,7 @@ class Transit(unittest.TestCase):
 
 class RelayHandshake(unittest.TestCase):
     def old_build_relay_handshake(self, key):
-        token = transit.HKDF(key, 32, CTXinfo=b"transit_relay_token")
+        token = HKDF(key, 32, CTXinfo=b"transit_relay_token")
         return (token, b"please relay " + hexlify(token) + b"\n")
 
     def test_old(self):

src/wormhole/transit.py

@@ -9,7 +9,6 @@ from binascii import hexlify, unhexlify
 from collections import deque
 
 import six
-from hkdf import Hkdf
 from nacl.secret import SecretBox
 from twisted.internet import (address, defer, endpoints, error, interfaces,
                               protocol, reactor, task)
@@ -22,16 +21,12 @@ from zope.interface import implementer
 from . import ipaddrs
 from .errors import InternalError
 from .timing import DebugTiming
-from .util import bytes_to_hexstr
+from .util import bytes_to_hexstr, HKDF
 from ._hints import (DirectTCPV1Hint, RelayV1Hint,
                      parse_hint_argv, describe_hint_obj, endpoint_from_hint_obj,
                      parse_tcp_v1_hint)
 
 
-def HKDF(skm, outlen, salt=None, CTXinfo=b""):
-    return Hkdf(salt, skm).expand(CTXinfo, outlen)
-
-
 class TransitError(Exception):
     pass
 

src/wormhole/util.py

@@ -3,8 +3,12 @@ import json
 import os
 import unicodedata
 from binascii import hexlify, unhexlify
+from hkdf import Hkdf
 
 
+def HKDF(skm, outlen, salt=None, CTXinfo=b""):
+    return Hkdf(salt, skm).expand(CTXinfo, outlen)
+
 def to_bytes(u):
     return unicodedata.normalize("NFC", u).encode("utf-8")