github.com/sagernet/quic-go@v0.43.1-beta.1/internal/handshake_ech/hkdf.go

github.com/sagernet/quic-go@v0.43.1-beta.1/internal/handshake_ech/hkdf.go (about)

     1  package handshake
     2  
     3  import (
     4  	"crypto"
     5  	"encoding/binary"
     6  
     7  	"golang.org/x/crypto/hkdf"
     8  )
     9  
    10  // hkdfExpandLabel HKDF expands a label as defined in RFC 8446, section 7.1.
    11  // Since this implementation avoids using a cryptobyte.Builder, it is about 15% faster than the
    12  // hkdfExpandLabel in the standard library.
    13  func hkdfExpandLabel(hash crypto.Hash, secret, context []byte, label string, length int) []byte {
    14  	b := make([]byte, 3, 3+6+len(label)+1+len(context))
    15  	binary.BigEndian.PutUint16(b, uint16(length))
    16  	b[2] = uint8(6 + len(label))
    17  	b = append(b, []byte("tls13 ")...)
    18  	b = append(b, []byte(label)...)
    19  	b = b[:3+6+len(label)+1]
    20  	b[3+6+len(label)] = uint8(len(context))
    21  	b = append(b, context...)
    22  
    23  	out := make([]byte, length)
    24  	n, err := hkdf.Expand(hash.New, secret, b).Read(out)
    25  	if err != nil || n != length {
    26  		panic("quic: HKDF-Expand-Label invocation failed unexpectedly")
    27  	}
    28  	return out
    29  }