SessionKeys

nomad_protocol::crypto

Struct SessionKeys 

Source 
pub struct SessionKeys {
    pub initiator_key: SessionKey,
    pub responder_key: SessionKey,
    pub handshake_hash: [u8; 32],
    pub rekey_auth_key: [u8; 32],
}
Available on crate feature crypto only.
Expand description

Session keys derived from the Noise handshake.

Per 1-SECURITY.md:

(initiator_key, responder_key) = HKDF-Expand(
    handshake_hash,
    "nomad v1 session keys",
    64
)

Additionally, for PCS (Post-Compromise Security), we derive:

rekey_auth_key = HKDF-Expand(
    static_dh_secret,   // DH(s_initiator, S_responder)
    "nomad v1 rekey auth",
    32
)

Fields§

§initiator_key: SessionKey

Key for initiator → responder messages

§responder_key: SessionKey

Key for responder → initiator messages

§handshake_hash: [u8; 32]

The handshake hash (stored for rekeying)

§rekey_auth_key: [u8; 32]

Rekey authentication key for PCS (derived from static DH)

Implementations§

Source§

impl SessionKeys

Source

pub fn derive( result: &HandshakeResult, static_dh_secret: &[u8; 32], ) -> Result<Self, CryptoError>

Derive session keys from the handshake result and static DH secret.

Uses SHA-256 HKDF-Expand with the handshake hash as PRK for session keys, and the static DH secret for the rekey authentication key (PCS).

§Arguments
  • result - The handshake result containing the handshake hash
  • static_dh_secret - The DH(s_initiator, S_responder) shared secret
Source§

impl SessionKeys

Source

pub fn send_key(&self, role: Role) -> &SessionKey

Get the send key for the given role.

Source

pub fn recv_key(&self, role: Role) -> &SessionKey

Get the receive key for the given role.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V