Botan的部分翻译

Botan Reference Manual, Release 2.3.0

8.4.1 Initializing Pipe

By default, Pipe will do nothing at all; any input placed into the Pipe will be read back unchanged.

默认情况下，管道将什么都不做;在管道中输入的任何输入都将被重新读取.

Obviously, this has limited utility, and presumably you want to use one or more filters to somehow process the data.

显然，这是有限的效用，你可能想要用一个或多个过滤器来处理数据.

First, you can  choose a set of filters to initialize the Pipe via the constructor.

您可以选择一组过滤器，通过构造函数初始化管道.

 You can pass it either a set of up to four filter pointers, or a pre-defined array and a length:

你可以将它传递给4个过滤器指针，或者一个预定义的数组和一个长度.

This is by far the most common way to initialize a Pipe.

这是目前为止最常见的初始化管道的方法

 However, occasionally a more flexible initialization strategy is necessary; this is supported by 4 member functions.然而，有必要采取更灵活的初始化策略.提供4个成员函数。

These functions may only be used while the pipe in question is not in use; that is, either before calling start_msg, or after end_msg has been called (and no new calls to start_msg have been made yet).这些函数只能在不使用的管道时使用;

也就是说，要么调用startmsg，要么调用endmsg(并且没有调用新的调用

startmsg已经被制作出来了)。

void Pipe::prepend(Filter *filter)

 

Calling prepend will put the passed filter first in the list of transformations. For example, if you prepend a filter implementing encryption, and the pipe already had a filter that hex encoded the input, then the next message processed would be first encrypted, and then hex encoded.

调用prepend将首先把传递的过滤器放在转换列表中。例如，如果您预先设置了一个实现加密的过滤器，并且管道已经有了一个十六进制编码输入的过滤器，那么处理的下一个消息将首先被加密，然后是十六进制编码。

 

void Pipe::append(Filter *filter)

 

Like prepend, but places the filter at the end of the message flow. This doesn’t always do what you expect if there is a fork.

和prepend一样，但是将过滤器放在消息流的末端。如果有一个叉，这并不总是能做到你所期望的.

 

void Pipe::pop()

 

Removes the first filter in the flow.

删除流中的第一个过滤器。

 

void Pipe::reset()

 

Removes all the filters that the pipe currently holds - it is reset to an empty/no-op state. Any data that is being retained by the pipe is retained after a reset, and reset does not affect message numbers (discussed later).

移除当前管道中所有的过滤器——它被重置为一个空/无操作状态。由管道保留的任何数据都保留在重置之后，并且重置不会影响消息号(稍后讨论)。

8.4.2 Giving Data to a Pipe

 

Input to a Pipe is delimited into messages, which can be read from independently (ie, you can read 5 bytes from one message, and then all of another message, without either read affecting any other messages).

管道的输入被分隔成消息，可以独立读取(例如，您可以从一个消息读取5个字节，然后所有其他消息都可以读取，而不影响任何其他消息)。

void Pipe::start_msg()

Starts a new message; if a message was already running, an exception is thrown. After this function returns, you can call write.

开始一个新消息;如果消息已经在运行，就会抛出异常。在这个函数返回之后，您可以调用write

void Pipe::write(const byte *input, size_t length)

 

void Pipe::write(const std::vector<byte> &input)

 

void Pipe::write(const std::string &input)

 

void Pipe::write(DataSource &input)

 

void Pipe::write(byte input)

 

All versions of write write the input into the filter sequence. If a message is not currently active, an exception is thrown. 

所有版本的写入都将输入写入到过滤器序列中。如果消息当前不活跃，则抛出异常。

 

void Pipe::end_msg()

 

End the currently active message结束当前的活动消息

Sometimes, you may want to do only a single write per message. In this case, you can use the process_msg series of functions, which start a message, write their argument into the pipe, and then end the message. In this case you would not make any explicit calls to start_msg/end_msg.

有时，您可能希望只写一条消息。
在这种情况下，您可以使用processmsg系列函数，它启动一条消息，将它们的参数写入管道，然后结束消息。
在这种情况下，您不会对startmsg/endmsg进行任何显式的调用。

 

Pipes can also be used with the >> operator, and will accept a std::istream, or on Unix systems with the fd_unix module, a Unix file descriptor. In either case, the entire contents of the file will be read into the pipe.

管道也可以与操作符一起使用，它将接受std::istream，或在Unix系统上使用fdunix模块，Unix文件描述符。
在这两种情况下，文件的整个内容都将被读入管道

 

8.4.3 Getting Output from a Pipe

 

Retrieving the processed data from a pipe is a bit more complicated, for various reasons. The pipe will sepa-rate each message into a separate buffer, and you have to retrieve data from each message independently. Each of the reader functions has a final parameter that specifies what message to read from. If this parameter is set to Pipe::DEFAULT_MESSAGE, it will read the current default message (DEFAULT_MESSAGE is also the default value of this parameter).

由于各种原因，从管道中检索处理过的数据要稍微复杂一些。管道将把每个消息都发送到一个单独的缓冲区中，并且您必须独立地从每个消息中检索数据。每个阅读器函数都有一个最终参数，该参数指定要读取的消息。
如果将此参数设置为管道::defaultmessage，它将读取当前的缺省消息(defaultmessage也是该参数的默认值)。

 

Functions in Pipe related to reading include:

与读相关的管道函数包括

 

size_t Pipe::read(byte *out, size_t len)

 

Reads up to len bytes into out, and returns the number of bytes actually read.

读取到len字节，并返回实际读取的字节数。

 

size_t Pipe::peek(byte *out, size_t len)

 

Acts exactly like read, except the data is not actually read; the next read will return the same data.

行为和阅读完全一样，只是数据不是真正的阅读;下一个read将返回相同的数据。

 

secure_vector<byte> Pipe::read_all()

 

Reads the entire message into a buffer and returns it

将整个消息读入缓冲区并返回它。

std::string Pipe::read_all_as_string()

Like read_all, but it returns the data as a std::string. No encoding is done; if the message contains raw binary, so will the string.

和readall一样，但是它以std::string的形式返回数据。没有进行编码;如果消息包含原始二进制文件，那么字符串也是如此

 

size_t Pipe::remaining()

 

Returns how many bytes are left in the message

返回消息中剩余的字节数

 

Pipe::message_id Pipe::default_msg()

 

Returns the current default message number

返回当前默认的消息号。

 

Pipe::message_id Pipe::message_count()

 

Returns the total number of messages currently in the pipe

返回当前在管道中的消息总数。

 

Pipe::set_default_msg(Pipe::message_id msgno)

 

Sets the default message number (which must be a valid message number for that pipe). The ability to set the default message number is particularly important in the case of using the file output operations (<< with a std::ostream or Unix file descriptor), because there is no way to specify the message explicitly when using the output operator.

设置默认的消息号(它必须是该管道的有效消息号)。
在使用文件输出操作(带有std:ostream或Unix文件描述符)的情况下，设置默认消息号的能力特别重要，因为在使用输出操作符时，无法显式地指定消息。

 

8.4.4 Pipe I/O for Unix File Descriptors

 

This is a minor feature, but it comes in handy sometimes. In all installations of the library, Botan’s Pipe object overloads the << and >> operators for C++ iostream objects, which is usually more than sufficient for doing I/O.

这是一个小功能，但有时也很方便。
在所有的库中，Botan的管道对象都是为C++的iostream对象提供的，这通常是做输入输出的足够多的。

 

However, there are cases where the iostream hierarchy does not map well to local ‘file types’, so there is also the ability to do I/O directly with Unix file descriptors. This is most useful when you want to read from or write to something like a TCP or Unix-domain socket, or a pipe, since for simple file access it’s usually easier to just use C++’s file streams.

但是，在某些情况下，iostream层次结构不能很好地映射到本地的“文件类型”，因此也可以直接使用Unix文件描述符进行输入/输出。当您想要阅读或编写诸如TCP或unix域套接字或管道之类的东西时，这是最有用的，因为对于简单的文件访问来说，使用C++的文件流通常更容易。

 

If BOTAN_EXT_PIPE_UNIXFD_IO is defined, then you can use the overloaded I/O operators with Unix file de-scriptors. For an example of this, check out the hash_fd example, included in the Botan distribution.

 

如果定义了BOTAN_EXT_PIPE_UNIXFD_IO，那么您可以使用Unix文件删除器的重载i/o操作符。
例如，查看在Botan分发版中包含的hash_fd示例。

8.5 Filter Catalog

 

This section documents most of the useful filters included in the library.本节将记录库中包含的大多数有用的过滤器。

 

8.5.1 Keyed Filters

 

A few sections ago, it was mentioned that Pipe can process multiple messages, treating each of them the same. Well, that was a bit of a lie. There are some algorithms (in particular, block ciphers not in ECB mode, and all stream ciphers) that change their state as data is put through them.

在前面几节中，我们提到了管道可以处理多个消息，对每个消息进行处理。
好吧，这是一个谎言。有一些算法(特别是在欧洲央行模式下的区块密码，以及所有的流密码)都是通过这些算法来改变它们的状态的。

 

Naturally, you might well want to reset the keys or (in the case of block cipher modes) IVs used by such filters, so multiple messages can be processed using completely different keys, or new IVs, or new keys and IVs, or whatever. And in fact, even for a MAC or an ECB block cipher, you might well want to change the key used from message to message.

很自然，您可能希望重新设置这些筛选器使用的键或(在块密码模式的情况下)，因此可以使用多个消息进行处理
完全不同的键，或者新的IVs，新的键和IVs，等等。实际上，即使是MAC或欧洲央行的密码，你也可能想要改变
从消息到消息的键。

 

Enter Keyed_Filter, which acts as an abstract interface for any filter that is uses keys: block cipher modes, stream ciphers, MACs, and so on. It has two functions, set_key and set_iv. Calling set_key will set (or reset) the key used by the algorithm. Setting the IV only makes sense in certain algorithms – a call to set_iv on an object that doesn’t support IVs will cause an exception. You must call set_key before calling set_iv.

输入keyedfilter，它充当任何使用键的过滤器的抽象接口:块密码模式、流密码子、mac等等。它有两个
功能,set_key set_iv。调用setkey将设置(或重置)算法使用的密钥。在某些算法中设置IV是有意义的——
在不支持IVs的对象上调用setiv将会导致异常。在调用setiv之前必须调用setkey。

Here’s a example:

-----------   ---     ----  code ----  ------

There are some requirements to using Keyed_Filter that you must follow. If you call set_key or set_iv on a filter that is owned by a Pipe, you must do so while the Pipe is “unlocked”. This refers to the times when no messages are being processed by Pipe – either before Pipe’s start_msg is called, or after end_msg is called (and no new call to start_msg has happened yet). Doing otherwise will result in undefined behavior, probably silently getting invalid output.

对于使用keyedfilter，您必须遵循一些要求。如果您将setkey或setiv放在由管道所拥有的过滤器上，那么您必须这样做
而管道是“解锁”的。这指的是在没有消息通过管道进行处理的情况下——在管道的startmsg被调用之前或者之后
调用endmsg(并且还没有对startmsg的新调用)。否则就会导致未定义的行为，很可能是无声的无效输出。

 

And remember: if you’re resetting both values, reset the key first.记住:如果你重新设置了两个值，那么首先重置密钥。

8.5.2 Cipher Filters

 

Getting a hold of a Filter implementing a cipher is very easy. Make sure you’re including the header lookup. h, and then call get_cipher. You will pass the return value directly into a Pipe. There are a couple different functions which do varying levels of initialization:

获得一个实现密码的过滤器非常简单。确保您包含了头文件查找，然后调用get_cipher。你会通过的
将值直接返回到管道中。有几个不同的函数，它们的初始化程度不同。

 

Keyed_Filter *get_cipher(std::string cipher_spec, SymmetricKey key, InitializationVector iv, Cipher_Dir dir)

 

Keyed_Filter *get_cipher(std::string cipher_spec, SymmetricKey key, Cipher_Dir dir)

 

The version that doesn’t take an IV is useful for things that don’t use them, like block ciphers in ECB mode, or most stream ciphers. If you specify a cipher spec that does want a IV, and you use the version that doesn’t take one, an exception will be thrown. The dir argument can be either ENCRYPTION or DECRYPTION.

不使用IV的版本对不使用它们的东西很有用，比如在欧洲中央银行模式下的代码块，或者是大多数流密码。如果你指定一个密码规范需要一个IV，你使用的版本不需要一个，一个异常会被抛出。dir参数可以是加密，也可以是加密或解密。

8.5.3 Hashes and MACs

 

Hash functions and MACs don’t need anything special when it comes to filters. Both just take their input and produce no output until end_msg is called, at which time they complete the hash or MAC and send that as output.

在过滤器中，哈希函数和mac并不需要什么特别的东西。两者都只接受输入，直到endmsg被调用时才产生输出
它们完成哈希或MAC的时间，并将其作为输出发送.

 

These filters take a string naming the type to be used. If for some reason you name something that doesn’t exist, an exception will be thrown.这些过滤器使用一个字符串来命名要使用的类型。如果出于某种原因，您命名了一些不存在的东西，则会抛出一个异常.

 

Hash_Filter::Hash_Filter(std::string hash, size_t outlen = 0)

 

This constructor creates a filter that hashes its input with hash. When end_msg is called on the owning pipe, the hash is completed and the digest is sent on to the next filter in the pipeline. The parameter outlen specifies how many bytes of the hash output will be passed along to the next filter when end_msg is called. By default, it will pass the entire hash.这个构造函数创建一个过滤器，用散列哈希将其输入哈希。当在拥有的管道上调用endmsg时，就完成了散列，并发送了摘要
到管道的下一个过滤器。参数outlen指定当endmsg是如何传递到下一个过滤器时，该散列输出的字节数是多少调用。默认情况下，它将传递整个散列.

8.5.4 Encoders

 

Often you want your data to be in some form of text (for sending over channels that aren’t 8-bit clean, printing it, etc).通常，您希望您的数据以某种形式的文本(用于发送非8位的通道，打印它，等等)。

 

The filters Hex_Encoder and Base64_Encoder will convert arbitrary binary data into hex or base64 formats.过滤器和base64编码器将把任意二进制数据转换为十六进制或base64格式。

 

Not surprisingly, you can use Hex_Decoder and Base64_Decoder to convert it back into its original form.毫不奇怪，您可以使用十六进制和base64解码器将其转换回原来的格式

 

Both of the encoders can take a few options about how the data should be formatted (all of which have defaults). The first is a bool which says if the encoder should insert line breaks. This defaults to false. Line breaks don’t matter either way to the decoder, but it makes the output a bit more appealing to the human eye, and a few transport mechanisms (notably some email systems) limit the maximum line length.两个编码器都可以选择一些关于数据应该如何格式化的选项(所有这些都有默认值)。第一个是bool说如果编码器

应该插入换行符。这个默认值为false。对于解码器来说，换行符并不重要，但它会让输出更有吸引力。

人类的眼睛，以及一些传输机制(特别是一些电子邮件系统)限制了最大的行长度。

 

The second encoder option is an integer specifying how long such lines will be (obviously this will be ignored if line-breaking isn’t being used). The default tends to be in the range of 60-80 characters, but is not specified. If you want a specific value, set it. Otherwise the default should be fine.第二个编码器选项是一个整数，指定这样的行数会有多长(如果不使用行中断，这将被忽略)。那

默认值在60-80个字符范围内，但是没有指定。如果你想要一个特定的值，就设置它。否则，默认情况应该是好的。

 

Lastly, Hex_Encoder takes an argument of type Case, which can be Uppercase or Lowercase (default is Uppercase). This specifies what case the characters A-F should be output as. The base64 encoder has no such option, because it uses both upper and lower case letters for its output.

最后，六编码器接受类型Case的参数，它可以是大写的或小写的(默认是大写的)。这指定了字符a-f的情况应该输出。base64编码器没有这样的选项，因为它使用大写字母和小写字母表示输出

 

You can find the declarations for these types in hex_filt.h and b64_filt.h.您可以在十六进制中找到这些类型的声明hex_filt.h和b64_filt.h

-----

----

--------

10.1 Block Ciphers

 

A block cipher is a deterministic symmetric encryption algorithm, which encrypts data of a fixed length, called block size. All block ciphers classes in Botan are subclasses ofBlockCipher defined in botan/block_cipher.h. As a symmetrically keyed algorithm, it subclasses theSymmetricAlgorithm interface. Note that a block cipher by itself is only secure for plaintext with the length of a single block. When processing data larger than a single block, a block cipher mode should be used for data processing.块密码是一种确定的对称加密算法，它对固定长度的数据进行加密，称为块大小。在Botan的所有block ciphers类
是在blockcipherh中定义的block密码的子类。作为一种对称的键控算法，它是对称的对称接口。请注意,
块密码本身仅对长度为单一块的明文是安全的。当处理大于单个块的数据时，块密码模式应该用于数据处理。

-----

--------

10.3 AEAD Modes of Operation

AEAD (Authenticated Encryption with Associated Data) modes provide message encryption, message authentication, and the ability to authenticate additional data that is not included in the ciphertext (such as a sequence number or header). It is a subclass of Symmetric_Algorithm.AEAD(通过相关的数据进行身份验证的加密)模式提供消息加密、消息身份验证和对其他数据进行身份验证的能力。
这并没有包含在ciphertext中(例如一个序列号或header)。它是symmetric算法的一个子类.

The AEAD interface can be used directly, or as part of the filter system by using AEAD_Filter (a subclass of Keyed_Filter which will be returned byget_cipher if the named cipher is an AEAD mode).

AEAD接口可以直接使用，或者作为过滤器系统的一部分使用aeadfilter(keyedfilter的一个子类，它将由get密码返回
如果被命名的密码是一个AEAD模式)。

 

AEAD modes currently available include GCM, OCB, EAX, SIV and CCM. All support a 128-bit block cipher such as AES. EAX and OCB also support 256 and 512 bit block ciphers.目前可用的AEAD模式包括GCM、OCB、EAX、SIV和CCM。所有支持一个128位的块密码，例如AES。EAX和OCB也支持256和512位
块密码

10.4 Stream Ciphers

In contrast to block ciphers, stream ciphers operate on a plaintext stream instead of blocks. Thus encrypting data results in changing the internal state of the cipher and encryption of plaintext with arbitrary length is possible in one go (in byte amounts). All implemented stream ciphers derive from the base class StreamCipher (botan/stream_cipher.h), which implements theSymmetricAlgorithm interface. Note that some of the implemented stream ciphers require a fresh initialisation vector.与阻塞密码不同的是，流ciphers使用的是明文流而不是块。因此，加密数据结果改变内部状态
任意长度的明文的密码和加密在一次(字节数量)中是可能的。所有实现的流ciphers都来自于基础
类流密码(流cipher.h)，它实现了symmetricalg算术接口。注意，一些已实现的流密码需要一个
重新初始化向量

class StreamCipher

bool valid_iv_length(size_t iv_len) const

This function returns true if and only if length is a valid IV length for the stream cipher.如果长度是流密码的有效IV长度，则该函数返回true.

void set_iv(const byte *, size_t len) 

Load IV into the stream cipher state. This should happen after the key is set and before any operation (encrypt/decrypt/seek) is called.将IV加载到流密码状态。这应该在密钥被设置和在任何操作(加密/解密/查找)之前发生。

 

void seek(u64bit offset)

 

Sets the state of the stream cipher and keystream according to the passed offset. Therefore the key and the IV (if required) have to be set beforehand.根据已通过的偏移量设置流密码和密钥流的状态。因此，钥匙和IV(如果需要的话)必须事先设定。

 

void cipher(const byte *in, byte *out, size_t n)

 

Processes n bytes plain/ciphertext from in and writes the result to out.处理n个字节的数据，并将结果写入到外面

10.5 Message Authentication Codes (MAC)

A Message Authentication Code algorithm computes a tag over a message utilizing a shared secret key. Thus a valid tag confirms the authenticity and integrity of the associated data. Only entities in possesion of the shared secret key are able to verify the tag. The base class MessageAuthenticationCode (in botan/mac.h) implements the interfacesSymmetricAlgorithm andBufferedComputation (see Hash).消息身份验证代码算法使用共享密钥对消息进行计算。因此，有效的标签确认了真实性和完整性
相关的数据。只有共享密钥的所有实体才能够验证标记。基类MessageAuthenticationCode(
/mac.h实现了接口对称和buffered运算(见哈希)

class MessageAuthenticationCode

void set_key(const byte *key, size_t length)

Set the shared MAC key for the calculation. This function has to be called before the data is processed.为计算设置共享的MAC密钥。在处理数据之前，必须调用此函数

 

void start(const byte *nonce, size_t nonce_len)

Set the IV for the MAC calculation. Note that not all MAC algorithms require an IV. If an IV is required, the function has to be called before the data is processed.为MAC计算设置IV。注意，并非所有的MAC算法都需要IV。如果需要IV，则必须在数据之前调用该函数。处理

void final(byte *out)

 

Complete the MAC computation and write the calculated tag to the passed byte array.

完成MAC的计算，并将计算的标签写入到已传递的字节数组。

 

secure_vector<byte> final()

 

Complete the MAC computation and return the calculated tag.

 

bool verify_mac(const byte *mac, size_t length)

 

Finalize the current MAC computation and compare the result to the passed mac. Returns true, if the verification is successfull and false otherwise.完成当前的MAC计算，并将结果与已通过的MAC进行比较。如果验证成功或错误，则返回true

------

---------

11.5 Encryption

Safe public key encryption requires the use of a padding scheme which hides the underlying mathematical properties of the algorithm. Additionally, they will add randomness, so encrypting the same plaintext twice produces two different ciphertexts.安全的公钥加密需要使用一个填充方案，它隐藏了算法的底层数学特性。此外,他们将添加随机性，因此对相同的明文加密两次会产生两种不同的密文

The primary interface for encryption is

 

class PK_Encryptor

 

secure_vector<byte> encrypt(const byte *in, size_t length, RandomNumberGenerator &rng)const

 

secure_vector<byte> encrypt(const std::vector<byte> &in, RandomNumberGenerator &rng)

const

These encrypt a message, returning the ciphertext.这些加密消息，返回密码文本

 

size_t maximum_input_size() const

 

Returns the maximum size of the message that can be processed, in bytes. If you callPK_Encryptor::encryptwith a value larger than this the operation will fail with an exception.返回可以用字节处理的消息的最大大小。如果您调用pkencryptor::加密的值大于这个值，操作将会
失败的一个例外。

 

PK_Encryptoris only an interface - to actually encrypt you have to create an implementation, of which there are currently three available in the library,PK_Encryptor_EME,DLIES_Encryptor andECIES_Encryptor. DLIES is a hybrid encryption scheme (from IEEE 1363) that uses the DH key agreement technique in combination with a KDF, a MAC and a symmetric encryption algorithm to perform message encryption. ECIES is similar to DLIES, but uses ECDH for the key agreement. Normally, public key encryption is done using algorithms which support it directly, such as RSA or ElGamal; these use the EME class:

pkencryptor只是一个接口——实际上是对你进行加密，你必须创建一个实现，这个实现目前在库中有三个可用的实现，
PK_Encryptor_EME,DLIES_Encryptor ECIES_Encryptor。d说谎是一种混合加密方案(来自IEEE 1363)，它使用了DH密钥协议技术
结合KDF、MAC和对称加密算法来执行消息加密。ECIES与d谎相似，但使用ECDH作为关键字
协议。通常，公开密钥加密是使用直接支持它的算法完成的，比如RSA或ElGamal;这些使用

-----.......

................................

...........................................

............................................................

................................................................................

THE LOW-LEVEL INTERFACE

Botan has two different interfaces. The one documented in this section is meant more for implementing higher-level types (see the section on filters, earlier in this manual) than for use by applications. Using it safely requires a solid knowledge of encryption techniques and best practices, so unless you know, for example, what CBC mode and nonces are, and why PKCS #1 padding is important, you should avoid this interface in favor of something working at a higher level.

Botan有两个不同的界面。在本节中记录的文档更多的是用于实现更高级别的类型(请参阅前面的过滤器部分在本手册中)而不是应用程序的使用。安全地使用它需要对加密技术和最佳实践有一定的了解，所以除非您知道
例如，CBC模式和非ces是什么，以及为什么PKCS 1填充很重要，您应该避免这个接口，以支持更高级别的工作

17.2 Keys and IVs

 

Both symmetric keys and initialization values can be considered byte (or octet) strings.对称密钥和初始化值都可以看作是字节(或八位字节)字符串.These are represented by

 

class OctetString

 

Also known as SymmetricKey and InitializationVector, when you want to express intent.

 

OctetString(RandomNumberGenerator &rng, size_t length)

 

This constructor creates a new random key length bytes long using the random number generator.

 

OctetString(std::string str)

 

The argument str is assumed to be a hex string; it is converted to binary and stored. Whitespace is ignored.参数str被认为是一个十六进制字符串;它被转换为二进制并存储。空格将被忽略

............

...............

KEY DERIVATION FUNCTIONS

Key derivation functions are used to turn some amount of shared secret material into uniform random keys suitable for use with symmetric algorithms. An example of an input which is useful for a KDF is a shared secret created using Diffie-Hellman key agreement.关键的派生函数用于将一些共享的秘密材料转化成统一的随机密钥，适合于对称算法的使用。一个
一个对KDF有用的输入示例是使用缺乏自信的关键协议创建的共享秘密.