MatterEx.Crypto.KDF (matter_ex v0.3.0)

Copy Markdown View Source

Key derivation functions for Matter cryptography.

  • HKDF-SHA256 (RFC 5869) — used for session key derivation
  • PBKDF2-HMAC-SHA256 (RFC 2898) — used for SPAKE2+ verifier computation

Summary

Functions

hkdf(salt, ikm, info, length)

HKDF extract + expand in one call.

hkdf_expand(prk, info, length)

HKDF-Expand: derive length bytes from PRK and info.

hkdf_extract(ikm, salt \\ <<>>)

HKDF-Extract: PRK = HMAC-SHA256(salt, IKM)

pbkdf2_sha256(password, salt, iterations, dk_length)

PBKDF2-HMAC-SHA256.

Functions

hkdf(salt, ikm, info, length)

@spec hkdf(binary(), binary(), binary(), pos_integer()) :: binary()

HKDF extract + expand in one call.

Derives length bytes of key material from input keying material.

hkdf_expand(prk, info, length)

@spec hkdf_expand(binary(), binary(), pos_integer()) :: binary()

HKDF-Expand: derive length bytes from PRK and info.

OKM = T(1) || T(2) || ... where T(i) = HMAC(PRK, T(i-1) || info || i)

hkdf_extract(ikm, salt \\ <<>>)

@spec hkdf_extract(binary(), binary()) :: binary()

HKDF-Extract: PRK = HMAC-SHA256(salt, IKM)

If salt is empty, uses a zero-filled string of hash length.

pbkdf2_sha256(password, salt, iterations, dk_length)

@spec pbkdf2_sha256(binary(), binary(), pos_integer(), pos_integer()) :: binary()

PBKDF2-HMAC-SHA256.

Derives dk_length bytes from password, salt, and iteration count.