deriveSharedSecret(for:method:context:)
Derive a unique, high-entropy shared secret for this network connection, which can be used to pair and setup security for higher layer network protocols like TLS or IPSec without additional user action or entropy input.
Declaration
func deriveSharedSecret(for protocolName: WASharedSecret.ProtocolName, method: WASharedSecret.DerivationMethod, context: WASharedSecret.Context = .bundleID) async -> WASharedSecret?Parameters
- protocolName:
The protocol that will be setup, such as TLS, IPSec, or a custom protocol.
- method:
The method to use to derive the shared secret.
- context:
A unique value that is specific to your App and the use case this connection will perform, which diversifies the generated secret. Defaults to the
Bundle IDof the calling app.
Return Value
A shared secret unique to the protocol, connection, and context supplied, or nil if a secret could not be derived using the provided method.
Discussion
The shared secret can be used to authenticate a PAKE like SPAKE2, which is then used to pair and derive long-term asymmetric keys for authentication and encryption of the upper-layer network protocol.
Both sides of a connection will derive the same shared secret value if the same connection and input parameters are used:
Your app and a remote app can derive the same shared secret value by calling this function on the same connection, with the same parameters.
Devices and accessories can derive the same value as your app by using the derivation specified in the Wi-Fi Aware 5.0 standard, and providing the same parameters as used by your app.
Example Usage:
let secret = await connection.wifiAware?.deriveSharedSecret(for: .tlsPSK, method: .kdfHash256)