// Copyright 2024 The Go Authors. All rights reserved.// Use of this source code is governed by a BSD-style// license that can be found in the LICENSE file.
// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation// Function (HKDF) as defined in RFC 5869.//// HKDF is a cryptographic key derivation function (KDF) with the goal of// expanding limited input keying material into one or more cryptographically// strong secret keys.
package hkdfimport ()// Extract generates a pseudorandom key for use with [Expand] from an input// secret and an optional independent salt.//// Only use this function if you need to reuse the extracted key with multiple// Expand invocations and different context values. Most common scenarios,// including the generation of multiple keys, should use [Key] instead.func [ hash.Hash]( func() , , []byte) ([]byte, error) {if := checkFIPS140Only(, ); != nil {returnnil, }returnhkdf.Extract(, , ), nil}// Expand derives a key from the given hash, key, and optional context info,// returning a []byte of length keyLength that can be used as cryptographic key.// The extraction step is skipped.//// The key should have been generated by [Extract], or be a uniformly// random or pseudorandom cryptographically strong key. See RFC 5869, Section// 3.3. Most common scenarios will want to use [Key] instead.func [ hash.Hash]( func() , []byte, string, int) ([]byte, error) {if := checkFIPS140Only(, ); != nil {returnnil, } := ().Size() * 255if > {returnnil, errors.New("hkdf: requested key length too large") }returnhkdf.Expand(, , , ), nil}// Key derives a key from the given hash, secret, salt and context info,// returning a []byte of length keyLength that can be used as cryptographic key.// Salt and info can be nil.func [ hash.Hash]( func() , , []byte, string, int) ([]byte, error) {if := checkFIPS140Only(, ); != nil {returnnil, } := ().Size() * 255if > {returnnil, errors.New("hkdf: requested key length too large") }returnhkdf.Key(, , , , ), nil}func checkFIPS140Only[ hash.Hash]( func() , []byte) error {if !fips140only.Enabled {returnnil }iflen() < 112/8 {returnerrors.New("crypto/hkdf: use of keys shorter than 112 bits is not allowed in FIPS 140-only mode") }if !fips140only.ApprovedHash(()) {returnerrors.New("crypto/hkdf: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") }returnnil}
The pages are generated with Goldsv0.7.3. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.