Struct KDF 

pub struct KDF {
    pub key_hash: [u8; 20],
    pub forward_digest: [u8; 20],
    pub backward_digest: [u8; 20],
    pub forward_key: [u8; 16],
    pub backward_key: [u8; 16],
}

KDF-TOR derived key material.

Contains the cryptographic keys and digests derived from shared key material during circuit creation. This implements the KDF-TOR key derivation function as defined in tor-spec section 5.2.1.

The derivation uses SHA-1 in a counter mode:

K = H(K0 | [00]) | H(K0 | [01]) | H(K0 | [02]) | ...

Where K0 is the input key material and H is SHA-1.

Fields

The derived key material is split into five parts:

Field	Size	Purpose
key_hash	20 bytes	Proves knowledge of shared key
forward_digest	20 bytes	Forward digest hash seed
backward_digest	20 bytes	Backward digest hash seed
forward_key	16 bytes	Forward encryption key (AES-128)
backward_key	16 bytes	Backward encryption key (AES-128)

Example

use stem_rs::client::datatype::KDF;

// Derive keys from shared secret (e.g., from CREATE_FAST handshake)
let key_material = b"shared_secret_from_handshake____";
let kdf = KDF::from_value(key_material);

// Use the derived keys for encryption
assert_eq!(kdf.forward_key.len(), 16);
assert_eq!(kdf.backward_key.len(), 16);

Security

This KDF is used with the TAP and CREATE_FAST handshakes. Modern Tor circuits use the ntor handshake with a different KDF (HKDF-SHA256).

Fields

key_hash: [u8; 20]

Hash that proves knowledge of the shared key.

This is compared with the value sent by the relay to verify both parties derived the same key material.

forward_digest: [u8; 20]

Forward digest hash seed.

Used to initialize the running digest for cells sent from client to relay.

backward_digest: [u8; 20]

Backward digest hash seed.

Used to initialize the running digest for cells sent from relay to client.

forward_key: [u8; 16]

Forward encryption key (AES-128-CTR).

Used to encrypt relay cells sent from client to relay.

backward_key: [u8; 16]

Backward encryption key (AES-128-CTR).

Used to decrypt relay cells received from relay.

Implementations

impl KDF

pub fn from_value(key_material: &[u8]) -> Self

Derives key material from a shared secret.

Implements the KDF-TOR key derivation function from tor-spec section 5.2.1. The input key material is expanded using SHA-1 in counter mode to produce the required key material.

Arguments

• key_material - The shared secret from the circuit handshake

Returns

A KDF struct containing all derived keys and digests.

Algorithm

derived = H(key_material | 0x00) | H(key_material | 0x01) | ...
key_hash       = derived[0..20]
forward_digest = derived[20..40]
backward_digest= derived[40..60]
forward_key    = derived[60..76]
backward_key   = derived[76..92]

Example

use stem_rs::client::datatype::KDF;

let shared_secret = b"example_shared_secret___________";
let kdf = KDF::from_value(shared_secret);

// All fields are populated
assert_eq!(kdf.key_hash.len(), 20);
assert_eq!(kdf.forward_key.len(), 16);

Trait Implementations

impl Clone for KDF

fn clone(&self) -> KDF

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for KDF

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl PartialEq for KDF

fn eq(&self, other: &KDF) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Eq for KDF

impl StructuralPartialEq for KDF