HpkeLabeledExpand Method

Compute the output of the LabeledExpand function as defined in RFC9180.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.30549 (23.1.0.0)

Syntax

public static byte[] LabeledExpand(
	int numBytes,
	byte[] prk,
	string label,
	byte[] info,
	HpkeCurveName curveName,
	HpkeAeadAlg aeadAlg = HpkeAeadAlg.None
)

Public Shared Function LabeledExpand ( 
	numBytes As Integer,
	prk As Byte(),
	label As String,
	info As Byte(),
	curveName As HpkeCurveName,
	Optional aeadAlg As HpkeAeadAlg = HpkeAeadAlg.None
) As Byte()

Parameters

numBytes Int32: Required number of bytes (L) of output keying material.
prk Byte: Pseudorandom key (prk)
label String: Label string
info Byte: Byte string info
curveName HpkeCurveName: ECDH curve used in scheme
aeadAlg HpkeAeadAlg (Optional): AEAD encryption algorithm used in the scheme or 0 (default) to indicate KDF is being used inside a KEM algorithm.

Return Value

Byte
L bytes of output keying material.

Remarks

The LabeledExpand function is defined in section 4 of [RFC9180]. It uses the "expand" stage of the HKDF function [RFC5869]. The ECDH curve group used in the scheme must be specified, which automatically fixes the KDF and associated HMAC algorithm to be used.

Example

Copy

int Nk = 16;
// key = LabeledExpand(secret, 'key', key_schedule_context, Nk)
byte[] key = Hpke.LabeledExpand(Nk, Cnv.FromHex("12fff91991e93b48de37e7daddb52981084bd8aa64289c3788471d9a9712f397"), "key",
   Cnv.FromHex("00725611c9d98c07c03f60095cd32d400d8347d45ed67097bbad50fc56da742d07cb6cffde367bb0565ba28bb02c90744a20f5ef37f30523526106f637abb05449"),
   Hpke.CurveName.X25519, Hpke.AeadAlg.Aes_128_Gcm);
// 4531685d41d65f03dc48f6b8302c05b0

Reference

Hpke Class

CryptoSysPKI Namespace