handshake: validate HKDF-Expand-Label against crypto/tls implementation (#4311)

* handshake: validate HKDF-Expand-Label against crypto/tls implementation * handshake: add a benchmark for HKDF-Expand-Label
2024-02-05 12:27:21 +07:00
parent dc49f5673b
commit c22a3c8e6f
3 changed files with 59 additions and 20 deletions
--- a/internal/handshake/hkdf.go
+++ b/internal/handshake/hkdf.go
@@ -7,7 +7,7 @@ import (
 	"golang.org/x/crypto/hkdf"
 )

-// hkdfExpandLabel HKDF expands a label.
+// hkdfExpandLabel HKDF expands a label as defined in RFC 8446, section 7.1.
 // Since this implementation avoids using a cryptobyte.Builder, it is about 15% faster than the
 // hkdfExpandLabel in the standard library.
 func hkdfExpandLabel(hash crypto.Hash, secret, context []byte, label string, length int) []byte {