MCPcopy
hub / github.com/XTLS/REALITY / ExpandLabel

Function ExpandLabel

tls13/tls13.go:20–41  ·  view source on GitHub ↗

We don't set the service indicator in this package but we delegate that to the underlying functions because the TLS 1.3 KDF does not have a standard of its own. ExpandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.

(hash func() H, secret []byte, label string, context []byte, length int)

Source from the content-addressed store, hash-verified

18
19// ExpandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.
20func ExpandLabel[H hash.Hash](hash func() H, secret []byte, label string, context []byte, length int) []byte {
21 if len("tls13 ")+len(label) > 255 || len(context) > 255 {
22 // It should be impossible for this to panic: labels are fixed strings,
23 // and context is either a fixed-length computed hash, or parsed from a
24 // field which has the same length limitation.
25 //
26 // Another reasonable approach might be to return a randomized slice if
27 // we encounter an error, which would break the connection, but avoid
28 // panicking. This would perhaps be safer but significantly more
29 // confusing to users.
30 panic("tls13: label or context too long")
31 }
32 hkdfLabel := make([]byte, 0, 2+1+len("tls13 ")+len(label)+1+len(context))
33 hkdfLabel = binary.BigEndian.AppendUint16(hkdfLabel, uint16(length))
34 hkdfLabel = append(hkdfLabel, byte(len("tls13 ")+len(label)))
35 hkdfLabel = append(hkdfLabel, "tls13 "...)
36 hkdfLabel = append(hkdfLabel, label...)
37 hkdfLabel = append(hkdfLabel, byte(len(context)))
38 hkdfLabel = append(hkdfLabel, context...)
39 b, _ := hkdf.Expand(hash, secret, string(hkdfLabel), length)
40 return b
41}
42
43func extract[H hash.Hash](hash func() H, newSecret, currentSecret []byte) []byte {
44 if newSecret == nil {

Callers 11

handshakeMethod · 0.92
doHelloRetryRequestMethod · 0.92
sendServerParametersMethod · 0.92
sendSessionTicketMethod · 0.92
nextTrafficSecretMethod · 0.92
trafficKeyMethod · 0.92
finishedHashMethod · 0.92
deriveSecretFunction · 0.85
ExporterMethod · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…