example_test.go

     1  // Copyright 2014 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package hkdf_test
     6  
     7  import (
     8  	"bytes"
     9  	"crypto/hkdf"
    10  	"crypto/rand"
    11  	"crypto/sha256"
    12  	"fmt"
    13  	"strconv"
    14  )
    15  
    16  // Usage example that expands one master secret into three other
    17  // cryptographically secure keys.
    18  func Example_usage() {
    19  	// Underlying hash function for HMAC.
    20  	hash := sha256.New
    21  	keyLen := hash().Size() / 2
    22  
    23  	// Cryptographically secure master secret.
    24  	secret := []byte{0x00, 0x01, 0x02, 0x03} // i.e. NOT this.
    25  
    26  	// Non-secret salt, optional (can be nil).
    27  	// Recommended: hash-length random value.
    28  	salt := make([]byte, hash().Size())
    29  	if _, err := rand.Read(salt); err != nil {
    30  		panic(err)
    31  	}
    32  
    33  	// Non-secret context info, optional (can be nil).
    34  	info := "hkdf example"
    35  
    36  	// Generate three 128-bit derived keys.
    37  	var keys [][]byte
    38  	for i := range 3 {
    39  		key, err := hkdf.Key(hash, secret, salt, info+strconv.Itoa(i), keyLen)
    40  		if err != nil {
    41  			panic(err)
    42  		}
    43  		keys = append(keys, key)
    44  	}
    45  
    46  	for i := range keys {
    47  		fmt.Printf("Key #%d: %v\n", i+1, !bytes.Equal(keys[i], make([]byte, 16)))
    48  	}
    49  
    50  	// Output:
    51  	// Key #1: true
    52  	// Key #2: true
    53  	// Key #3: true
    54  }
    55
View as plain text