hkdf

package

v0.6.1 Latest Latest Go to latest Published: Dec 20, 2022 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in https://datatracker.ietf.org/doc/html/rfc9053#name-key-derivation-functions-kd.

HKDF is a cryptographic key derivation function (KDF) with the goal of expanding limited input keying material into one or more cryptographically strong secret keys.

Index ¶

func HKDF256(secret, salt, info []byte, keySize int) ([]byte, error)
func HKDF512(secret, salt, info []byte, keySize int) ([]byte, error)
func HKDFAES(secret, info []byte, keySize int) ([]byte, error)
func NewAES(block cipher.Block, info []byte) io.Reader

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HKDF256 ¶

func HKDF256(secret, salt, info []byte, keySize int) ([]byte, error)

HKDF256 derives a key from the given secret, salt, info and key size, using HKDF-SHA-256.

Example ¶

package main

import (
	"fmt"

	"github.com/ldclabs/cose/cose"
	"github.com/ldclabs/cose/iana"
	"github.com/ldclabs/cose/key"

	"github.com/ldclabs/cose/key/hkdf"
)

func main() {
	// Create a KDF Context
	kdfContext := cose.KDFContext{
		AlgorithmID: iana.AlgorithmA128GCM,
		SuppPubInfo: cose.SuppPubInfo{
			KeyDataLength: 128,
			Protected: cose.Headers{
				iana.HeaderParameterAlg: iana.AlgorithmECDH_ES_HKDF_256,
			},
		},
	}
	ctxData, err := key.MarshalCBOR(kdfContext)
	if err != nil {
		panic(err)
	}

	// Derive a key
	secret := key.HexBytesify("4B31712E096E5F20B4ECF9790FD8CC7C8B7E2C8AD90BDA81CB224F62C0E7B9A6")
	k, err := hkdf.HKDF256(secret, nil, ctxData, 128/8)
	if err != nil {
		panic(err)
	}
	fmt.Printf("key: %X\n", k)
	// key: 56074D506729CA40C4B4FE50C6439893

}

Output:

key: 56074D506729CA40C4B4FE50C6439893

func HKDF512 ¶

func HKDF512(secret, salt, info []byte, keySize int) ([]byte, error)

HKDF512 derives a key from the given secret, salt, info and key size, using HKDF-SHA-512.

func HKDFAES ¶

func HKDFAES(secret, info []byte, keySize int) ([]byte, error)

HKDFAES derives a key from the given secret, info and key size. The secret should be the AES key, either 16, or 32 bytes to select HKDF-AES-128, or HKDF-AES-256.

Example ¶

package main

import (
	"fmt"

	"github.com/ldclabs/cose/cose"
	"github.com/ldclabs/cose/iana"
	"github.com/ldclabs/cose/key"

	"github.com/ldclabs/cose/key/hkdf"
)

func main() {
	// Create a KDF Context
	kdfContext := cose.KDFContext{
		AlgorithmID: iana.AlgorithmAES_CCM_16_64_128,
		SuppPubInfo: cose.SuppPubInfo{
			KeyDataLength: 128,
			Protected: cose.Headers{
				iana.HeaderParameterAlg: iana.AlgorithmDirect_HKDF_AES_128,
			},
		},
	}
	ctxData, err := key.MarshalCBOR(kdfContext)
	if err != nil {
		panic(err)
	}

	// Derive a key
	secret := key.Base64Bytesify("hJtXIZ2uSN5kbQfbtTNWbg")
	k, err := hkdf.HKDFAES(secret, ctxData, 128/8)
	if err != nil {
		panic(err)
	}
	fmt.Printf("key: %X\n", k)
	// key: F0CCBAF836D73DA63ED8508EF966EEC9

}

Output:

key: F0CCBAF836D73DA63ED8508EF966EEC9

func NewAES ¶

func NewAES(block cipher.Block, info []byte) io.Reader

NewAES returns a Reader, from which keys can be read, using the given cipher.Block as AES-CBC-MAC PRF, and context info. Context info can be nil.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL