Extend HMAC metadata and builders to expose recommended key sizes and
enable safe derived-key injection without duplicating algorithm
configuration.
Key changes:
- Add HybridDerived utility for expanding hybrid KEX output and
injecting purpose-separated keys, IVs/nonces and optional AAD into
existing DataContent builders (AES-GCM, ChaCha, HMAC)
- Improve HmacSpec and HmacDataContentBuilder to expose recommended key
material characteristics for derived use
- Refine HybridKexContexts to better support exporter-based derived
workflows
- Add comprehensive unit tests for hybrid-derived functionality
- Add documented demo showing hybrid-derived AES-GCM encryption,
including local (self-recipient) hybrid usage
- Introduce top-level sdk.hybrid package documentation and derived
subpackage Javadoc
All changes are additive at the SDK layer; core cryptographic contracts
remain unchanged.
Signed-off-by: Leo Galambos <lg@hq.egothor.org>
Leo Galambos
300f40c283
