bolt8

Encrypted and authenticated transport, per BOLT #8.
git clone git://git.ppad.tech/bolt8.git
Log | Files | Refs | README | LICENSE
commit 81aae98a5edd7607f0f1074101fb1d16b5e7bcae
parent c3040f68303ff39e02a8b61074f02074662315d6
Author: Jared Tobin <jared@jtobin.io>
Date:   Sun, 25 Jan 2026 09:35:53 +0400

(IMPL2): Document HKDF invariant

Add comment near mix_key explaining why HKDF.derive cannot return
Nothing: the limit is 255 * hashlen (8160 bytes for SHA256), well
above the 64 bytes requested.

No behavioral changes.

Diffstat:

Mlib/Lightning/Protocol/BOLT8.hs | 3+++


1 file changed, 3 insertions(+), 0 deletions(-)

diff --git a/lib/Lightning/Protocol/BOLT8.hs b/lib/Lightning/Protocol/BOLT8.hs
@@ -218,6 +218,9 @@ mix_hash :: BS.ByteString -> BS.ByteString -> BS.ByteString
 mix_hash h dat = SHA256.hash (h <> dat)
 
 -- Mix key: (ck', k) = HKDF(ck, input_key_material)
+--
+-- NB HKDF limits output to 255 * hashlen bytes. For SHA256 that's 8160,
+-- well above the 64 bytes requested here, so 'Nothing' is impossible.
 mix_key :: BS.ByteString -> BS.ByteString -> (BS.ByteString, BS.ByteString)
 mix_key ck ikm = case HKDF.derive hmac ck mempty 64 ikm of
     Nothing -> error "ppad-bolt8: internal error, please report a bug!"