derive static method

Uint8List derive({
  1. required Uint8List macKey,
  2. required int window,
  3. required Uint8List nonce,
})

Derives a 16-byte IV using: HMAC_SHA256(macKey, "iv" || u64be(window) || nonce):16

macKey 32-byte key used for HMAC. window integer time window. nonce 8-byte random nonce (validated).

RETURNS: 16-byte IV for AES-256-CBC.

Throws ArgumentError if inputs are malformed.

Implementation

static Uint8List derive({
  required Uint8List macKey,
  required int window,
  required Uint8List nonce,
}) {
  if (macKey.isEmpty) {
    throw ArgumentError('macKey must not be empty.');
  }
  // Enforce 8-byte nonce (wire contract).
  NonceGenerator.validate(nonce);

  // Prepare input = "iv" || u64be(window) || nonce
  final wBytes = Bytes.u64beInt(window);
  final tagInputParts = <Uint8List>[
    Bytes.ivLabel,
    wBytes,
    nonce,
  ];

  // Compute HMAC and truncate to 16 bytes (AES-CBC IV length).
  final full = HmacSha256.computeParts(macKey, tagInputParts);
  final iv = Uint8List.sublistView(full, 0, 16);

  // Defensive copy to detach from `full` and then wipe `full`.
  final ivCopy = Uint8List.fromList(iv);
  Bytes.secureZero(full);

  return ivCopy;
}