Expand description
crypto/kdf.rs HKDF-based session key derivation from master key and header salt.
Supported PRFs: SHA-256, SHA-512, SHA3-256, SHA3-512, Blake3 derive_key.
Design:
- HKDF-Extract(master_key, salt) -> PRK
- HKDF-Expand(PRK, info) -> session key (32 bytes)
- HKDF-based session key derivation from master key and header salt.
- Supports SHA-256, SHA-512, SHA3-256, SHA3-512, and Blake3 derive_key.
Security notes:
- Salt must be random per stream.
- Info binds protocol identity and configuration.
- Never use master_key directly for AEAD; always derive.
Industry notes:
- Mirrors TLS 1.3/QUIC key schedules: derive traffic keys via HKDF.
- Salt must be random per stream. Info binds protocol identity.
Functionsยง
- derive_
session_ key_ 32 - Summary: Derive a 32-byte per-stream session key via HKDF from master_key + header.salt.