kdf

Documentation

Overview

Example (Usage)

Usage example that expands one master secret into three other cryptographically secure keys using KDF2.

// Cryptographically secure master secret.
seed := []byte{0x00, 0x01, 0x02, 0x03} // i.e. NOT this.

// Non-secret context info, optional (can be nil).
other := []byte("kdf example")

// Generate three 128-bit/16-byte derived keys.
kdf, err := NewKDF2(seed, other, crypto.SHA256, 48)
if err != nil {
	panic(err)
}

var keys [][]byte
for i := 0; i < 3; i++ {
	key := make([]byte, 16)
	if _, err := io.ReadFull(kdf, key); err != nil {
		panic(err)
	}
	keys = append(keys, key)
}

for i := range keys {
	fmt.Printf("Key #%d: %v\n", i+1, !bytes.Equal(keys[i], make([]byte, 16)))
}

Output:

Key #1: true
Key #2: true
Key #3: true

Index

• Variables
• type KDF
  • func NewKDF1(seed, other []byte, hash crypto.Hash, length int) (*KDF, error)
  • func NewKDF2(seed, other []byte, hash crypto.Hash, length int) (*KDF, error)
  • func (kdf *KDF) Read(p []byte) (n int, err error)

Examples

• Package (Usage)

Variables

var (
	// ErrInvalidLengthParameter the KDF length parameter is invalid
	ErrInvalidLengthParameter = errors.New("invalid length parameter")

	// ErrInvalidSeedParameter a parameter is invalid.
	ErrInvalidSeedParameter = errors.New("invalid input parameter")
)

Types

type KDF

type KDF struct {
	// contains filtered or unexported fields
}

KDF key derivation context struct

func NewKDF1

func NewKDF1(seed, other []byte, hash crypto.Hash, length int) (*KDF, error)

NewKDF1 create a new KDF1 context.

func NewKDF2

func NewKDF2(seed, other []byte, hash crypto.Hash, length int) (*KDF, error)

NewKDF2 create a new KDF2 context.

func (*KDF) Read

func (kdf *KDF) Read(p []byte) (n int, err error)

Read read the next len(p) bytes from the KDF context.