This is used to derive a secure encryption key from a mostly-secure shared
secret.
This is a partial implementation of HKDF tailored to our specific purposes.
In particular, for us the value of N will always be 1, and thus T always
equals HMAC-Hash(PRK, info | 0x01).
See {@link https://www.rfc-editor.org/rfc/rfc5869.txt}
From {@link https://github.com/GoogleChrome/push-encryption-node/blob/master/src/encrypt.js}