doc: document HKDF length invariant in mix_key - bolt8 - Encrypted and authenticated transport, per BOLT #8.

commit 4934458985c631128ddf96b891ca609a415fd4b6
parent c3040f68303ff39e02a8b61074f02074662315d6
Author: Jared Tobin <jared@jtobin.io>
Date:   Sun, 25 Jan 2026 09:34:57 +0400

doc: document HKDF length invariant in mix_key

Explain why the Nothing case from HKDF.derive is impossible:
HKDF limits output to 255 * hashlen (8160 bytes for SHA256),
well above the 64 bytes requested.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Diffstat:
M lib/Lightning/Protocol/BOLT8.hs  | 3 +++

1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/lib/Lightning/Protocol/BOLT8.hs b/lib/Lightning/Protocol/BOLT8.hs
@@ -218,6 +218,9 @@ mix_hash :: BS.ByteString -> BS.ByteString -> BS.ByteString
 mix_hash h dat = SHA256.hash (h <> dat)
 
 -- Mix key: (ck', k) = HKDF(ck, input_key_material)
+--
+-- NB HKDF limits output to 255 * hashlen bytes. For SHA256 that's 8160,
+-- well above the 64 bytes requested here, so 'Nothing' is impossible.
 mix_key :: BS.ByteString -> BS.ByteString -> (BS.ByteString, BS.ByteString)
 mix_key ck ikm = case HKDF.derive hmac ck mempty 64 ikm of
     Nothing -> error "ppad-bolt8: internal error, please report a bug!"

	bolt8 Encrypted and authenticated transport, per BOLT #8.
	git clone git://git.ppad.tech/bolt8.git
	Log \| Files \| Refs \| README \| LICENSE