github.com/icodeface/tls@v0.0.0-20230910023335-34df9250cd12/internal/x/crypto/hkdf/example_test.go

github.com/icodeface/tls@v0.0.0-20230910023335-34df9250cd12/internal/x/crypto/hkdf/example_test.go (about)

     1  // Copyright 2014 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package hkdf_test
     6  
     7  import (
     8  	"bytes"
     9  	"crypto/rand"
    10  	"crypto/sha256"
    11  	"fmt"
    12  	"io"
    13  
    14  	"github.com/icodeface/tls/internal/x/crypto/hkdf"
    15  )
    16  
    17  // Usage example that expands one master secret into three other
    18  // cryptographically secure keys.
    19  func Example_usage() {
    20  	// Underlying hash function for HMAC.
    21  	hash := sha256.New
    22  
    23  	// Cryptographically secure master secret.
    24  	secret := []byte{0x00, 0x01, 0x02, 0x03} // i.e. NOT this.
    25  
    26  	// Non-secret salt, optional (can be nil).
    27  	// Recommended: hash-length random value.
    28  	salt := make([]byte, hash().Size())
    29  	if _, err := rand.Read(salt); err != nil {
    30  		panic(err)
    31  	}
    32  
    33  	// Non-secret context info, optional (can be nil).
    34  	info := []byte("hkdf example")
    35  
    36  	// Generate three 128-bit derived keys.
    37  	hkdf := hkdf.New(hash, secret, salt, info)
    38  
    39  	var keys [][]byte
    40  	for i := 0; i < 3; i++ {
    41  		key := make([]byte, 16)
    42  		if _, err := io.ReadFull(hkdf, key); err != nil {
    43  			panic(err)
    44  		}
    45  		keys = append(keys, key)
    46  	}
    47  
    48  	for i := range keys {
    49  		fmt.Printf("Key #%d: %v\n", i+1, !bytes.Equal(keys[i], make([]byte, 16)))
    50  	}
    51  
    52  	// Output:
    53  	// Key #1: true
    54  	// Key #2: true
    55  	// Key #3: true
    56  }