Made it a bit cleaner :)

2025-12-19 16:57:47 -07:00
parent 302979b01a
commit 3822b1813c
7 changed files with 217 additions and 137 deletions
--- a/pkg/engine/kdf.go
+++ b/pkg/engine/kdf.go
@@ -0,0 +1,28 @@
+package engine
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"io"
+
+	"golang.org/x/crypto/hkdf"
+)
+
+// deriveKey derives a symmetric key from two shared secrets using HKDF-SHA256
+func deriveKey(ss1, ss2, salt []byte) ([]byte, error) {
+	ikm := append(ss1, ss2...)
+	kdf := hkdf.New(sha256.New, ikm, salt, []byte(HKDFInfo))
+	symmetricKey := make([]byte, KeySize)
+	if _, err := io.ReadFull(kdf, symmetricKey); err != nil {
+		return nil, fmt.Errorf("key derivation failed: %w", err)
+	}
+	return symmetricKey, nil
+}
+
+// buildAAD constructs the associated authenticated data from public keys
+func buildAAD(ephemeralPubBytes, senderPubBytes []byte) []byte {
+	aad := make([]byte, 0, len(ephemeralPubBytes)+len(senderPubBytes))
+	aad = append(aad, ephemeralPubBytes...)
+	aad = append(aad, senderPubBytes...)
+	return aad
+}