hkdf

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 20, 2024 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package hkdf implements key derivation function HKDF for COSE as defined in RFC9053. https://datatracker.ietf.org/doc/html/rfc9053#name-key-derivation-functions-kd

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func HKDF256

func HKDF256(secret, salt, info []byte, keySize int) ([]byte, error)

HKDF256 derives a key from the given secret, salt, info and key size, using HKDF-SHA-256.

Example
package main

import (
	"fmt"

	"github.com/ldclabs/cose/cose"
	"github.com/ldclabs/cose/iana"
	"github.com/ldclabs/cose/key"

	"github.com/ldclabs/cose/key/hkdf"
)

func main() {
	// Create a KDF Context
	kdfContext := cose.KDFContext{
		AlgorithmID: iana.AlgorithmA128GCM,
		SuppPubInfo: cose.SuppPubInfo{
			KeyDataLength: 128,
			Protected: cose.Headers{
				iana.HeaderParameterAlg: iana.AlgorithmECDH_ES_HKDF_256,
			},
		},
	}
	ctxData, err := key.MarshalCBOR(kdfContext)
	if err != nil {
		panic(err)
	}

	// Derive a key
	secret := key.HexBytesify("4B31712E096E5F20B4ECF9790FD8CC7C8B7E2C8AD90BDA81CB224F62C0E7B9A6")
	k, err := hkdf.HKDF256(secret, nil, ctxData, 128/8)
	if err != nil {
		panic(err)
	}
	fmt.Printf("key: %X\n", k)
	// key: 56074D506729CA40C4B4FE50C6439893

}
Output:

key: 56074D506729CA40C4B4FE50C6439893

func HKDF512

func HKDF512(secret, salt, info []byte, keySize int) ([]byte, error)

HKDF512 derives a key from the given secret, salt, info and key size, using HKDF-SHA-512.

func HKDFAES

func HKDFAES(secret, info []byte, keySize int) ([]byte, error)

HKDFAES derives a key from the given secret, info and key size. The secret should be the AES key, either 16, or 32 bytes to select HKDF-AES-128, or HKDF-AES-256.

Example
package main

import (
	"fmt"

	"github.com/ldclabs/cose/cose"
	"github.com/ldclabs/cose/iana"
	"github.com/ldclabs/cose/key"

	"github.com/ldclabs/cose/key/hkdf"
)

func main() {
	// Create a KDF Context
	kdfContext := cose.KDFContext{
		AlgorithmID: iana.AlgorithmAES_CCM_16_64_128,
		SuppPubInfo: cose.SuppPubInfo{
			KeyDataLength: 128,
			Protected: cose.Headers{
				iana.HeaderParameterAlg: iana.AlgorithmDirect_HKDF_AES_128,
			},
		},
	}
	ctxData, err := key.MarshalCBOR(kdfContext)
	if err != nil {
		panic(err)
	}

	// Derive a key
	secret := key.Base64Bytesify("hJtXIZ2uSN5kbQfbtTNWbg")
	k, err := hkdf.HKDFAES(secret, ctxData, 128/8)
	if err != nil {
		panic(err)
	}
	fmt.Printf("key: %X\n", k)
	// key: F0CCBAF836D73DA63ED8508EF966EEC9

}
Output:

key: F0CCBAF836D73DA63ED8508EF966EEC9

func NewAES

func NewAES(block cipher.Block, info []byte) io.Reader

NewAES returns a Reader, from which keys can be read, using the given cipher.Block (as AES-CBC-MAC PRF) and context info. Context info can be nil.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL