diversify

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2026 License: GPL-3.0 Imports: 3 Imported by: 0

README

pki/diversify

Import path: github.com/InsideGallery/core/pki/diversify

diversify derives AES keys using the AN10922-style AES-CMAC diversification flow used elsewhere in the PKI packages. It supports 128-bit, 192-bit, and 256-bit master keys.

Main API

  • Key(masterKey, diversificationData) returns a diversified key with the same length as the master key.
  • DiversifyKey(masterKey, diversificationData) is the deprecated compatibility name for Key.
  • ErrWrongKeyLen reports master keys that are not 16, 24, or 32 bytes long.
  • DiversityConstant128, DiversityConstant192_1, DiversityConstant192_2, DiversityConstant256_1, and DiversityConstant256_2 expose the constants used by the derivation.

The diversificationData argument should not include the diversity constant. It should include the remaining caller-specific data, such as UID, application ID, and system identifier.

Usage

package example

import "github.com/InsideGallery/core/pki/diversify"

func derive(masterKey, applicationID, systemID []byte) ([]byte, error) {
	data := make([]byte, 0, len(applicationID)+len(systemID))
	data = append(data, applicationID...)
	data = append(data, systemID...)

	return diversify.Key(masterKey, data)
}

Security Notes

The function is deterministic for the same master key and diversification data. Keep master keys secret and pass the diversification data in the exact byte order expected by the external protocol you are interoperating with.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	DiversityConstant128   = []byte{0x01}
	DiversityConstant192_1 = []byte{0x11}
	DiversityConstant192_2 = []byte{0x12}
	DiversityConstant256_1 = []byte{0x41}
	DiversityConstant256_2 = []byte{0x42}
)
View Source 
var ErrWrongKeyLen = errors.New("key must be 16, 24, or 32 bytes long")

Functions

func DiversifyKey deprecated 

func DiversifyKey(masterKey, diversificationData []byte) ([]byte, error)

DiversifyKey diversifies keys according to the AES standards in AN10922 for 128, 196, and 256 bit keys.

Deprecated: use Key.

func Key 

func Key(masterKey, diversificationData []byte) ([]byte, error)

Key diversifies keys according to the AES standards in AN10922 for 128, 196, and 256 bit keys. A wrong-sized key will throw and IllegalArgumentException. The diversificationData should *not* include the diversity constant, but should include everything else (uid, application id, and system identifier).

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.