Lib.rs

Cryptography
#kdf #nist

no-std one-step-kdf

One-Step Key Derivation Function as defined in NIST SP 800-56C R2

Owned by Tony Arcieri, RustCrypto.

2 releases

Uses new Rust 2024

0.1.0-rc.1 Feb 2, 2026
0.1.0-rc.0 Nov 5, 2025

#2964 in Cryptography

Download history 115/week @ 2025-11-02 5/week @ 2025-11-09 59/week @ 2025-11-16 32/week @ 2025-11-23 8/week @ 2025-11-30 36/week @ 2025-12-07 55/week @ 2025-12-14 2/week @ 2025-12-21 7/week @ 2025-12-28 425/week @ 2026-01-04 318/week @ 2026-01-11 356/week @ 2026-01-18 52/week @ 2026-01-25 1/week @ 2026-02-01 9/week @ 2026-02-08 2/week @ 2026-02-15

64 downloads per month

MIT/Apache

13KB
51 lines

RustCrypto: One-Step KDF

crate Docs Build Status Apache2/MIT licensed Rust Version Project Chat

Pure Rust implementation of the One-Step Key Derivation Function (formerly known as Concat KDF) implemented generically over the underlying hash function.

This KDF is described in the section 4 of NIST SP 800-56C: Recommendation for Key-Derivation Methods in Key-Establishment Schemes.

Usage

The most common way to use One-Step KDF is as follows: you generate a shared secret with other party (e.g. via Diffie-Hellman algorithm) and use key derivation function to derive a shared key.

use hex_literal::hex;
use sha2::Sha256;

let mut key = [0u8; 16];
one_step_kdf::derive_key_into::<Sha256>(b"secret", b"shared-info", &mut key).unwrap();
assert_eq!(key, hex!("960db2c549ab16d71a7b008e005c2bdc"));

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~660KB
~17K SLoC