Function hpke::Context_Export

source · [−]

pub fn Context_Export(
    config: HPKEConfig, 
    context: &(Key, Nonce, u32, ByteSeq), 
    exporter_context: &ByteSeq, 
    L: usize
) -> HpkeByteSeqResult

Expand description

Secret Export

HPKE provides an interface for exporting secrets from the encryption context using a variable-length PRF, similar to the TLS 1.3 exporter interface (see RFC8446, Section 7.5). This interface takes as input a context string exporter_context and a desired length L in bytes, and produces a secret derived from the internal exporter secret using the corresponding KDF Expand function. For the KDFs defined in this specification, L has a maximum value of 255*Nh. Future specifications which define new KDFs MUST specify a bound for L.

The exporter_context field has a maximum length that depends on the KDF itself, on the definition of LabeledExpand(), and on the constant labels used together with them. See KDF Input Length for precise limits on this length.

def Context.Export(exporter_context, L):
  return LabeledExpand(self.exporter_secret, "sec",
                       exporter_context, L)

Applications that do not use the encryption API in ContextS_Seal can use the export-only AEAD ID 0xFFFF when computing the key schedule. Such applications can avoid computing the key and base_nonce values in the key schedule, as they are not used by the Export interface described above.