Message digest and TLS PRF
Algorithm
This module groups HMAC, HKDF (RFC 5869), and TLS 1.2 PRF / Finished helpers used when implementing or testing TLS key schedules outside the main Connection API.
Purpose
HMAC, HKDF (SHA-256/384), TLS 1.2 PRF, Finished verify_data, and transcript helpers.
Rust API
- Crate:
noxtls-crypto - Module path (conceptual):
noxtls_crypto::hash - Primary symbols:
noxtls_hmac_sha256noxtls_hmac_sha384noxtls_hmac_sha512noxtls_hkdf_extract_sha256noxtls_hkdf_expand_sha256noxtls_hkdf_extract_sha384noxtls_hkdf_expand_sha384noxtls_tls12_prf_sha256noxtls_tls12_prf_sha384noxtls_tls12_finished_verify_data_sha256noxtls_tls12_finished_verify_data_sha384TlsTranscriptSha256TlsTranscriptSha384
Functions and types:
noxtls_hmac_sha256/noxtls_hmac_sha384/noxtls_hmac_sha512— Keyed MAC over a message; fixed tag sizes.noxtls_hkdf_extract_sha256/noxtls_hkdf_expand_sha256/noxtls_hkdf_extract_sha384/noxtls_hkdf_expand_sha384— Extract then expand key material with domain separation.noxtls_tls12_prf_sha256/noxtls_tls12_prf_sha384— TLS 1.2 PRF oversecret,label, andseed.noxtls_tls12_finished_verify_data_sha256/noxtls_tls12_finished_verify_data_sha384- Parameters: master secret, Finished label, and handshake transcript bytes. Behavior: derives TLS 1.2 Finished-message verify data for handshake validation. Returns: 12-byte verify data output.TlsTranscriptSha256/TlsTranscriptSha384— Rolling handshake transcript hashes.
Feature flags and policy
SHA-384 HKDF/PRF variants are used when the negotiated TLS profile uses SHA-384.
Examples
HKDF (SHA-256)
use noxtls_crypto::{noxtls_hkdf_extract_sha256, noxtls_hkdf_expand_sha256};
let salt = b"";
let ikm = b"input key material";
let prk = noxtls_hkdf_extract_sha256(salt, ikm);
let okm = noxtls_hkdf_expand_sha256(&prk, b"my-app-context-v1", 32)?;
assert_eq!(okm.len(), 32);
# Ok::<(), noxtls_core::Error>(())
TLS 1.2 PRF
use noxtls_crypto::noxtls_tls12_prf_sha256;
let secret = b"master-secret-bytes";
let label = b"key expansion";
let seed = b"client_randomserver_random";
let key_block = noxtls_tls12_prf_sha256(secret, label, seed, 64)?;
# Ok::<(), noxtls_core::Error>(())
Security and compatibility
Keep HKDF info and TLS labels distinct per protocol version; never reuse PRK across unrelated protocols.