oqs-safe 0.4.1

Safe Rust wrapper over libOQS for ML-KEM and ML-DSA with mock fallback.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

use hkdf::Hkdf;
use sha2::Sha256;
use zeroize::Zeroizing;

pub struct SecureSession {
    master: Zeroizing<Vec<u8>>,
}

impl SecureSession {
    pub fn new(master: Vec<u8>) -> Self {
        Self {
            master: Zeroizing::new(master),
        }
    }

    pub fn derive_key(&self, label: &[u8], len: usize) -> Vec<u8> {
        let hk = Hkdf::<Sha256>::new(None, &self.master);

        let mut out = vec![0u8; len];
        hk.expand(label, &mut out).unwrap();

        out
    }

    pub fn derive_client_server_keys(&self) -> (Vec<u8>, Vec<u8>) {
        (
            self.derive_key(b"client", 32),
            self.derive_key(b"server", 32),
        )
    }
}