Nikos Mavrogiannopoulos <n.mavrogiannopou...@gmail.com> writes: > On Mon, 2017-05-22 at 19:09 +0200, Niels Möller wrote: > >> Is it required that hkdf_extract is used in some way to produce the >> key >> for hkdf_expand? Then I think the relation between _extract and >> _expand >> needs to be clarified. Would you always have the same number of calls >> to >> _extract and _expand, or could do _extract once and _expand multiple >> times (with different info string)? > > I'm not sure what you mean. The relation is defined in HKDF document, > though upper protocols like tls 1.3 may utilize these in arbitrary > ways. Nettle provides the implementation of the primitives.
Sorry this got a bit stalled. I would like the Nettle docs to be reasonably self-contained, and explain what the primitive does, what problem it is intended to solve, and the typical way to use it. And in case terminology in the relevant RFC or other literature differs from what's used elsewhere in the Nettle manual, point of how they relate. In particuler, I found the "salt"/"key"/"secret" arguments a bit confusing, as well as the purpose of the _extract function. With your current patch to the docs, I'll have to read the HKDF spec carefully myself to be able to review the code and the docs, and I haven't yet gotten the time to do that. Clear and more self-contained documentation would make this easier. Best regards, /Niels PS. I'm currently on vacation, i.e., no work duties in the way of Nettle hacking, but I'm a bit offline and not reading email daily. -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
