// Copyright 2014 The Go Authors. All rights reserved.// Use of this source code is governed by a BSD-style// license that can be found in the LICENSE file.
// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation// Function (HKDF) as defined in RFC 5869.//// HKDF is a cryptographic key derivation function (KDF) with the goal of// expanding limited input keying material into one or more cryptographically// strong secret keys.
package hkdf // import "golang.org/x/crypto/hkdf"import ()// Extract generates a pseudorandom key for use with Expand from an input secret// and an optional independent salt.//// Only use this function if you need to reuse the extracted key with multiple// Expand invocations and different context values. Most common scenarios,// including the generation of multiple keys, should use New instead.func ( func() hash.Hash, , []byte) []byte {if == nil { = make([]byte, ().Size()) } := hmac.New(, ) .Write()return .Sum(nil)}type hkdf struct { expander hash.Hash size int info []byte counter byte prev []byte buf []byte}func ( *hkdf) ( []byte) (int, error) {// Check whether enough data can be generated := len() := len(.buf) + int(255-.counter+1)*.sizeif < {return0, errors.New("hkdf: entropy limit reached") }// Read any leftover from the buffer := copy(, .buf) = [:]// Fill the rest of the bufferforlen() > 0 {if .counter > 1 { .expander.Reset() } .expander.Write(.prev) .expander.Write(.info) .expander.Write([]byte{.counter}) .prev = .expander.Sum(.prev[:0]) .counter++// Copy the new batch into p .buf = .prev = copy(, .buf) = [:] }// Save leftovers for next run .buf = .buf[:]return , nil}// Expand returns a Reader, from which keys can be read, using the given// pseudorandom key and optional context info, skipping the extraction step.//// The pseudorandomKey should have been generated by Extract, or be a uniformly// random or pseudorandom cryptographically strong key. See RFC 5869, Section// 3.3. Most common scenarios will want to use New instead.func ( func() hash.Hash, , []byte) io.Reader { := hmac.New(, )return &hkdf{, .Size(), , 1, nil, nil}}// New returns a Reader, from which keys can be read, using the given hash,// secret, salt and context info. Salt and info can be nil.func ( func() hash.Hash, , , []byte) io.Reader { := Extract(, , )returnExpand(, , )}
The pages are generated with Goldsv0.7.0-preview. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.