Module code_join 

Code-join wrap-key derivation.

A single-use join code lets an owner hand a room’s Megolm session key to a read-only joiner without the passphrase: the joiner sends an ephemeral X25519 public key, the owner ECDHs against it and wraps the session key under an HKDF-derived key, and the joiner derives the same key to unwrap. Both sides compute the identical wrap key from derive_wrap_key; previously this ECDH+HKDF was open-coded twice in AppHandle (the CodeJoinRequest and CodeJoinResponse handlers), so it lives here as one tested function.

Functions

derive_wrap_key

Derive the 32-byte wrap key both sides compute: HKDF-SHA256 over the raw X25519 ECDH shared secret of our_secret and their_pub. The owner uses it to passphrase::wrap the session key; the joiner uses it to unwrap.