Check how the HPKE spec generates ephemeral material

wenjing / rust-tsp

Rust implementation of the Trust Spanning Protocol

2 stars 2 forks source link

Closed squell closed 6 months ago

squell commented 6 months ago

E.g. to see what a secure construction is.

squell commented 6 months ago

RFC 9180 essentially uses a KDF:

the nonce for each encryption is the XOR of a base_nonce together with a sequence number
the base_nonce is generated using LabeledExpand, which calls Expand:

Expand(prk, info, L): Expand a pseudorandom key prk using optional string info into L bytes of output keying material.

Which is specified by the KDF.