From 76a254f29e730bee2d8254cfa7acab312d0ab0fb Mon Sep 17 00:00:00 2001
From: Awn Umar <awn@spacetime.dev>
Date: Sat, 10 Jan 2026 13:01:45 +0000
Subject: [PATCH] Use crypto/hkdf instead of old x/crypto API

---
 hybrid.go | 8 +++-----
 x25519.go | 8 +++-----
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/hybrid.go b/hybrid.go
index d886f2e..c0c8de9 100644
--- a/hybrid.go
+++ b/hybrid.go
@@ -1,24 +1,22 @@
 package agekd
 
 import (
+	"crypto/hkdf"
 	"crypto/sha256"
 	"fmt"
-	"io"
 
 	"filippo.io/age"
 	"filippo.io/hpke"
 	"github.com/awnumar/agekd/bech32"
 	"golang.org/x/crypto/argon2"
-	"golang.org/x/crypto/hkdf"
 )
 
 // HybridIdentityFromKey derives a hybrid age MLKEM768X25519 identity from a high-entropy key. Callers are responsible for
 // ensuring that the provided key is suitably generated, e.g. 32 bytes read from crypto/rand.
 func HybridIdentityFromKey(key, salt []byte) (*age.HybridIdentity, error) {
 	uniformSalt := sha256.Sum256(salt)
-	kdf := hkdf.New(sha256.New, key, uniformSalt[:], []byte(kdfLabelHybrid))
-	secretKey := make([]byte, hybridSecretKeySize)
-	if _, err := io.ReadFull(kdf, secretKey); err != nil {
+	secretKey, err := hkdf.Key(sha256.New, key, uniformSalt[:], kdfLabelHybrid, hybridSecretKeySize)
+	if err != nil {
 		return nil, fmt.Errorf("failed to read randomness from hkdf: %w", err)
 	}
 	return newHybridIdentityFromSecretKey(secretKey)
diff --git a/x25519.go b/x25519.go
index ee29c25..22ee8fe 100644
--- a/x25519.go
+++ b/x25519.go
@@ -1,16 +1,15 @@
 package agekd
 
 import (
+	"crypto/hkdf"
 	"crypto/sha256"
 	"fmt"
-	"io"
 	"strings"
 
 	"filippo.io/age"
 	"github.com/awnumar/agekd/bech32"
 	"golang.org/x/crypto/argon2"
 	"golang.org/x/crypto/curve25519"
-	"golang.org/x/crypto/hkdf"
 )
 
 // X25519IdentityFromKey derives an age X25519 identity from a high-entropy key. Callers are responsible for
@@ -18,9 +17,8 @@ import (
 //
 // For post-quantum security, use HybridIdentityFromKey instead.
 func X25519IdentityFromKey(key, salt []byte) (*age.X25519Identity, error) {
-	kdf := hkdf.New(sha256.New, key, salt, []byte(kdfLabelX25519))
-	secretKey := make([]byte, curve25519.ScalarSize)
-	if _, err := io.ReadFull(kdf, secretKey); err != nil {
+	secretKey, err := hkdf.Key(sha256.New, key, salt, kdfLabelX25519, curve25519.ScalarSize)
+	if err != nil {
 		return nil, fmt.Errorf("failed to read randomness from hkdf: %w", err)
 	}
 	return newX25519IdentityFromScalar(secretKey)