Add HKDF funcs for Key Scheduling - DTLS v1.3

[philipch07]

Description

This adds the HKDF related functions for the key scheduling feature in accordance with DTLS v1.3 section 5.9. Note that it links to TLS 1.3 section 7.1.

This aims to add:

• HKDF-Expand-Label
• HKDF-Extract
• Derive-Secret

Note that the architecture is still a WIP (see #738) so the current file structures are subject to change.

Reference issue

Closes #740

[codecov]

Codecov Report

❌ Patch coverage is 81.25000% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.07%. Comparing base (6ff535f) to head (2ba5321).
⚠️ Report is 20 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/crypto/keyschedule/keyschedule.go	81.25%	3 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #737      +/-   ##
==========================================
+ Coverage   78.55%   81.07%   +2.51%     
==========================================
  Files         102      102              
  Lines        6916     5622    -1294     
==========================================
- Hits         5433     4558     -875     
+ Misses       1103      683     -420     
- Partials      380      381       +1     

Flag	Coverage Δ
go	81.07% <81.25%> (+2.49%)	⬆️
wasm	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[theodorsm]

Thanks for starting on this!

I think this PR should be scoped to implement the HKDF functions: HKDF-Expand-Label and Derive-Secret as you have started on. This will be one part of multiple to complete issue #736.

[philipch07]

Thanks for starting on this!

I think this PR should be scoped down to adding the HKDF functions HKDF-Expand-Label and Derive-Secret as you have started on. This will be one part of multiple to complete issue #736.

No problem! I agree, this seems to be a rather large thing and due to the current block that you mentioned #736 (comment), I think it would make sense to tackle #736 in multiple parts. Just to clarify, I should still include hkdfExtract though, correct?

[theodorsm]

@philipch07, yes we should also export a HkdfExtract function, good catch.

[theodorsm]

I have made some changes to the draft to make better use of the standard crypto library and should be more in-line with the TLS 1.3 implementation.

I also think we should add some tests that verify the byte output of Expand/Derive functions.

Note: the crypto/hkdf library requires go version 1.24, which is a higher minimum version than we currently have. I think the usage of this library justifies the bump in minimum version, but I am unsure of how much this would break for our users. Looking for input on this!

[JoTurk]

@theodorsm

Note: the crypto/hkdf library requires go version 1.24, which is a higher minimum version than we currently have. I think the usage of this library justifies the bump in minimum version,

Sadly we can't upgrade to 1.24, unless we're shipping dtls 1.3 now. many users are still on 1.22, 1.23, And upgrading dtls to 1.24 will force to upgrade pion/webrtc too and many other libraries.

Maybe we can keep this in a branch until we upgrade? we should upgrade to 1.24 before dtls 1.3 is ready anyway.

[theodorsm]

@joeturki, I agree that we should wait to merge this until we are closer to a WIP for DTLS 1.3. Unfortunately, this blocks much of the implementation, so we should provide a similar mock API meanwhile.