kdf

package

v1.17.28 Latest Latest Go to latest Published: Dec 31, 2025 License: BSD-3-Clause Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/luxfi/crypto

Links

Open Source Insights

Documentation ¶

Overview ¶

Package kdf provides key derivation functions and schedules

Index ¶

Variables
type Budgets
- func NewBudgets(maxMsgs uint32, maxBytes uint64, maxAge int) *Budgets
- func (b *Budgets) CheckAndUpdate(msgSize int, now int64) bool
- func (b *Budgets) Reset(now int64)
type HandshakeKeys
type HashID
type KeySchedule
- func NewKeySchedule(suite Suite) *KeySchedule
type Suite

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrNoHandshakeKeys = &keyScheduleError{"no handshake keys derived"}
)

Error types

Functions ¶

This section is empty.

Types ¶

type Budgets ¶

type Budgets struct {
	MaxMessages uint32
	MaxBytes    uint64
	MaxAge      int // seconds
	// contains filtered or unexported fields
}

Budgets tracks key usage limits

func NewBudgets ¶

func NewBudgets(maxMsgs uint32, maxBytes uint64, maxAge int) *Budgets

NewBudgets creates new key usage budgets

func (*Budgets) CheckAndUpdate ¶

func (b *Budgets) CheckAndUpdate(msgSize int, now int64) bool

CheckAndUpdate checks if key update is needed

func (*Budgets) Reset ¶

func (b *Budgets) Reset(now int64)

Reset resets the budgets after key update

type HandshakeKeys ¶

type HandshakeKeys struct {
	ClientKey      []byte
	ServerKey      []byte
	ClientIV       []byte
	ServerIV       []byte
	ExporterSecret []byte
	KeyID          uint32
}

HandshakeKeys contains derived keys for handshake

type HashID ¶

type HashID string

HashID identifies a hash algorithm

const (
	SHA256 HashID = "sha256"
	SHA384 HashID = "sha384"
)

type KeySchedule ¶

type KeySchedule struct {
	// contains filtered or unexported fields
}

KeySchedule manages key derivation for QZMQ

func NewKeySchedule ¶

func NewKeySchedule(suite Suite) *KeySchedule

NewKeySchedule creates a new key schedule

func (*KeySchedule) DeriveEarlyDataKeys ¶

func (ks *KeySchedule) DeriveEarlyDataKeys(psk []byte, transcript []byte) (*HandshakeKeys, error)

EarlyData derives keys for 0-RTT data

func (*KeySchedule) DeriveHandshakeKeys ¶

func (ks *KeySchedule) DeriveHandshakeKeys(kemSecret, ecdheSecret []byte, transcript []byte) (*HandshakeKeys, error)

DeriveHandshakeKeys derives keys from KEM and ECDHE secrets

func (*KeySchedule) Export ¶

func (ks *KeySchedule) Export(context []byte, length int) ([]byte, error)

Export derives an exported value for channel binding

func (*KeySchedule) KeyUpdate ¶

func (ks *KeySchedule) KeyUpdate() (*HandshakeKeys, error)

KeyUpdate performs key ratcheting

func (*KeySchedule) ResumptionSecret ¶

func (ks *KeySchedule) ResumptionSecret(transcript []byte) ([]byte, error)

ResumptionSecret derives a resumption PSK

type Suite ¶

type Suite struct {
	Kem  string
	Sig  string
	Aead string
	Hash HashID
}

Suite defines the cryptographic suite

Source Files ¶

View all Source files

schedule.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL