Key derivation

Key derivation

Example

#define CONTEXT "Examples"

uint8_t master_key[hydro_kdf_KEYBYTES];
uint8_t subkey1[32];
uint8_t subkey2[32];
uint8_t subkey3[64];

hydro_kdf_keygen(master_key);

hydro_kdf_derive_from_key(subkey1, sizeof subkey1, 1, CONTEXT, master_key);
hydro_kdf_derive_from_key(subkey2, sizeof subkey2, 2, CONTEXT, master_key);
hydro_kdf_derive_from_key(subkey3, sizeof subkey3, 3, CONTEXT, master_key);

Purpose

Multiple secret subkeys can be derived from a single, high-entropy master key.

With the master key and a key identifier, a subkey can be deterministically computed. However, given a subkey, an attacker cannot compute the master key nor any other subkeys.

The hydro_kdf API can derive up to 2^64 keys from a single master key and context, and individual subkeys can have an arbitrary length between 128 (16 bytes) and 524,280 bits (65535 bytes).

Usage

void hydro_kdf_keygen(uint8_t key[hydro_kdf_KEYBYTES]);

The hydro_kdf_keygen() function creates a master key.

int hydro_kdf_derive_from_key(uint8_t *subkey, size_t subkey_len,
    uint64_t subkey_id, const char ctx[hydro_kdf_CONTEXTBYTES],
    const uint8_t key[hydro_kdf_KEYBYTES]);

The hydro_kdf_derive_from_key() function derives a subkey_id-th subkey subkey of length subkey_len bytes using the master key key and the context ctx.

subkey_id can be any value up to (2^64)-1.

Constants

#define hydro_kdf_CONTEXTBYTES 8
#define hydro_kdf_KEYBYTES 32
#define hydro_kdf_BYTES_MAX 65535
#define hydro_kdf_BYTES_MIN 16

Notes

This function requires a high-entropy master key. It is not suitable for deriving keys from a password.