Module: kdf_separate_hmacs

class doubleratchet.recommended.kdf_separate_hmacs.KDF[source]

Bases: KDF

This implementation uses HMAC with SHA-256 or SHA-512 to derive multiple outputs from a single KDF key. These outputs are concatenated and returned as a whole. The KDF key is used as the HMAC key, the KDF data is split into single bytes and one HMAC is calculated for each byte. For example, passing b"\x01\x02" as the KDF data results in two HMACs being calculated, one using b"\x01" as the HMAC input and the other using b"\x02". The two HMAC outputs are concatenated and returned. Note that the length of the output is fixed to a multiple of the HMAC digest size, based on the length of the KDF data.

https://signal.org/docs/specifications/doubleratchet/#recommended-cryptographic-algorithms

abstractmethod static _get_hash_function()[source]

Return type:: HashFunction

async classmethod derive(key, data, length)[source]

Parameters:

key (bytes) – The KDF key.
data (bytes) – The input data.
length (int) – The desired size of the output data, in bytes.

Return type:

bytes

Returns:

length bytes of output data, derived from the KDF key and the input data.