Refactor KeyDerivation and add IMediator interface

Refactored `KeyDerivation` to use HKDF (RFC 5869) for secure
and flexible key derivation. Introduced `HkdfExtract` and
`HkdfExpand` methods, added optional `salt` support, and
improved memory safety with `CryptographicOperations.ZeroMemory`.
Legacy `EasyExtensions.Crypto.KeyDerivation` was removed.

Updated unit tests to validate the new implementation, ensuring
deterministic outputs and proper handling of varying lengths.
Assertions were improved for readability and consistency.

Enhanced documentation with detailed XML comments for the
`KeyDerivation` class and methods.

Added the `IMediator` interface to support the mediator pattern,
enabling decoupled communication between components. Documented
its role and usage.

Refactored code to use modern C# features, improving readability,
maintainability, and thread safety.

Author: bvdcode

Sources/EasyExtensions.Crypto.Tests/KeyDerivationTests.cs

@@ -15,9 +15,9 @@ public class KeyDerivationTests
     [Test]
     public void DeriveSubkey_Returns_Requested_Length([Values(0, 1, 16, 32, 48, 64, 100)] int len)
     {
-        var bytes = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, len);
+        var bytes = KeyDerivation.DeriveSubkey(Master1, PurposeA, len);
         Assert.That(bytes, Is.Not.Null);
-        Assert.That(bytes.Length, Is.EqualTo(len));
+        Assert.That(bytes, Has.Length.EqualTo(len));
         if (len > 0)
         {
             // Not all zeros
@@ -28,31 +28,31 @@ public void DeriveSubkey_Returns_Requested_Length([Values(0, 1, 16, 32, 48, 64,
     [Test]
     public void Deterministic_For_Same_Inputs()
     {
-        var a1 = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 48);
-        var a2 = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 48);
+        var a1 = KeyDerivation.DeriveSubkey(Master1, PurposeA, 48);
+        var a2 = KeyDerivation.DeriveSubkey(Master1, PurposeA, 48);
         Assert.That(a1, Is.EqualTo(a2));
     }
 
     [Test]
     public void Different_Master_Produces_Different_Key()
     {
-        var a = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 48);
-        var b = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master2, PurposeA, 48);
+        var a = KeyDerivation.DeriveSubkey(Master1, PurposeA, 48);
+        var b = KeyDerivation.DeriveSubkey(Master2, PurposeA, 48);
         Assert.That(a, Is.Not.EqualTo(b));
     }
 
     [Test]
     public void Different_Purpose_Produces_Different_Key()
     {
-        var a = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 48);
-        var b = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeB, 48);
+        var a = KeyDerivation.DeriveSubkey(Master1, PurposeA, 48);
+        var b = KeyDerivation.DeriveSubkey(Master1, PurposeB, 48);
         Assert.That(a, Is.Not.EqualTo(b));
     }
 
     [Test]
     public void Base64_Matches_Raw_Encoding()
     {
-        var bytes = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 32);
+        var bytes = KeyDerivation.DeriveSubkey(Master1, PurposeA, 32);
         var b64A = EasyExtensions.Crypto.KeyDerivation.DeriveSubkeyBase64(Master1, PurposeA, 32);
         var b64B = Convert.ToBase64String(bytes);
         Assert.That(b64A, Is.EqualTo(b64B));
@@ -62,9 +62,9 @@ public void Base64_Matches_Raw_Encoding()
     public void Length32_Vs_Length64_Prefixes_Differ_By_Design()
     {
         // length 32 uses HMAC(purpose) directly
-        var l32 = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 32);
+        var l32 = KeyDerivation.DeriveSubkey(Master1, PurposeA, 32);
         // length 64 uses HMAC(purpose||1) + HMAC(purpose||2)
-        var l64 = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 64);
+        var l64 = KeyDerivation.DeriveSubkey(Master1, PurposeA, 64);
         Assert.That(l32, Is.Not.EqualTo(l64.Take(32).ToArray()));
     }
 
@@ -73,8 +73,8 @@ public void Longer_Length_Extends_With_Deterministic_Blocks()
     {
         // For lengths > 32, result is concatenation of counter-based blocks starting at 1,
         // so prefix of 64 should match prefix of 96.
-        var l64 = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 64);
-        var l96 = EasyExtensions.Crypto.KeyDerivation.DeriveSubkey(Master1, PurposeA, 96);
+        var l64 = KeyDerivation.DeriveSubkey(Master1, PurposeA, 64);
+        var l96 = KeyDerivation.DeriveSubkey(Master1, PurposeA, 96);
         Assert.That(l96.Take(64).ToArray(), Is.EqualTo(l64));
     }
 }

Sources/EasyExtensions.Crypto/KeyDerivation.cs

@@ -1,83 +1,137 @@
 using System;
-using System.Linq;
 using System.Text;
 using System.Security.Cryptography;
 
 namespace EasyExtensions.Crypto
 {
     /// <summary>
-    /// Provides methods for deriving cryptographic subkeys from a master key and a specified purpose using HMAC-SHA256.
+    /// Key derivation using HKDF (RFC 5869) over HMAC-SHA256.
+    /// Provides deterministic subkeys from a master key and context info (purpose), with optional salt.
     /// </summary>
-    /// <remarks>The KeyDerivation class enables deterministic generation of subkeys for different application
-    /// scenarios, such as per-user or per-purpose secrets, by combining a master key with a unique purpose string. This
-    /// approach helps ensure that derived keys are unique and isolated for each intended use. All members are static
-    /// and thread-safe.</remarks>
     public static class KeyDerivation
     {
+        private const int HmacOutputLength = 32; // HMAC-SHA256 output size
+
         /// <summary>
-        /// Derives a deterministic subkey from the specified master key and purpose using HMAC-SHA256.
-        /// Do not use this method for password hashing or storage.
+        /// HKDF (RFC 5869) over HMAC-SHA256: masterKey + info (+ optional salt) -> subkey.
         /// </summary>
-        /// <remarks>This method uses HMAC-SHA256 to derive a subkey that is unique to the given purpose
-        /// and master key. If the requested length exceeds 32 bytes, additional HMAC blocks are concatenated to reach
-        /// the desired length. The method is suitable for generating cryptographic keys for different contexts from a
-        /// single master key. The caller is responsible for ensuring that the master key and purpose are chosen
-        /// appropriately for their security requirements.</remarks>
-        /// <param name="masterKey">The master key as a UTF-8 encoded string. Cannot be null.</param>
-        /// <param name="purpose">A string that specifies the intended purpose of the derived subkey. This value differentiates subkeys
-        /// derived from the same master key. Cannot be null.</param>
-        /// <param name="lengthBytes">The desired length, in bytes, of the derived subkey. Must be a positive integer.</param>
-        /// <returns>A byte array containing the derived subkey of the specified length. The same inputs will always produce the
-        /// same output.</returns>
-        public static byte[] DeriveSubkey(string masterKey, string purpose, int lengthBytes)
+        public static byte[] DeriveSubkey(
+            ReadOnlySpan<byte> masterKey,
+            ReadOnlySpan<byte> info,
+            int lengthBytes,
+            ReadOnlySpan<byte> salt = default)
         {
-            // masterKey + purpose -> HMAC-SHA256 -> target length
-            var masterBytes = Encoding.UTF8.GetBytes(masterKey);
-            var purposeBytes = Encoding.UTF8.GetBytes(purpose);
+            ArgumentOutOfRangeException.ThrowIfNegativeOrZero(lengthBytes);
 
-            using var hmac = new HMACSHA256(masterBytes);
-            var hash = hmac.ComputeHash(purposeBytes);
+            // RFC 5869: Extract
+            var prk = HkdfExtract(masterKey, salt);
+            try
+            {
+                // RFC 5869: Expand
+                return HkdfExpand(prk, info, lengthBytes);
+            }
+            finally
+            {
+                CryptographicOperations.ZeroMemory(prk);
+            }
+        }
 
-            if (lengthBytes <= hash.Length)
+        private static byte[] HkdfExtract(ReadOnlySpan<byte> ikm, ReadOnlySpan<byte> salt)
+        {
+            // If salt is not provided, use zeros of HashLen bytes (RFC 5869 §2.2).
+            byte[] saltKey = salt.IsEmpty ? new byte[HmacOutputLength] : salt.ToArray();
+            try
+            {
+                using var hmac = new HMACSHA256(saltKey);
+                // ComputeHash allocates; we pass a copy of ikm to avoid pinning external span
+                return hmac.ComputeHash(ikm.ToArray());
+            }
+            finally
+            {
+                CryptographicOperations.ZeroMemory(saltKey);
+            }
+        }
+
+        private static byte[] HkdfExpand(byte[] prk, ReadOnlySpan<byte> info, int lengthBytes)
+        {
+            int n = (int)Math.Ceiling(lengthBytes / (double)HmacOutputLength);
+            if (n <= 0 || n > 255)
             {
-                var result = new byte[lengthBytes];
-                Array.Copy(hash, result, lengthBytes);
-                return result;
+                throw new ArgumentOutOfRangeException(nameof(lengthBytes), "HKDF length is too large.");
             }
 
-            // If you need more than 32 bytes, you can simply "pull" more blocks
-            // with different counters. This allows for generating longer keys
-            // while still being deterministic and tied to the master key and purpose.
-            var buffer = new byte[lengthBytes];
+            var okm = new byte[lengthBytes];
+            var infoBytes = info.ToArray();
+            var t = Array.Empty<byte>();
             int offset = 0;
-            int counter = 1;
 
-            while (offset < lengthBytes)
+            using var hmac = new HMACSHA256(prk);
+
+            for (int i = 1; i <= n; i++)
             {
-                var counterBytes = BitConverter.GetBytes(counter++);
-                var blockInput = purposeBytes.Concat(counterBytes).ToArray();
-                var block = hmac.ComputeHash(blockInput);
+                // T(i) = HMAC(PRK, T(i-1) || info || i)
+                var data = new byte[t.Length + infoBytes.Length + 1];
+                Buffer.BlockCopy(t, 0, data, 0, t.Length);
+                Buffer.BlockCopy(infoBytes, 0, data, t.Length, infoBytes.Length);
+                data[^1] = (byte)i;
+
+                t = hmac.ComputeHash(data);
 
-                int toCopy = Math.Min(block.Length, lengthBytes - offset);
-                Array.Copy(block, 0, buffer, offset, toCopy);
+                int toCopy = Math.Min(HmacOutputLength, lengthBytes - offset);
+                Buffer.BlockCopy(t, 0, okm, offset, toCopy);
                 offset += toCopy;
             }
 
-            return buffer;
+            CryptographicOperations.ZeroMemory(t);
+            CryptographicOperations.ZeroMemory(infoBytes);
+            return okm;
+        }
+
+        /// <summary>
+        /// String-based wrapper for compatibility: masterKey + purpose -> subkey.
+        /// </summary>
+        public static byte[] DeriveSubkey(
+            string masterKey,
+            string purpose,
+            int lengthBytes,
+            string? salt = null)
+        {
+            ArgumentNullException.ThrowIfNull(masterKey);
+            ArgumentNullException.ThrowIfNull(purpose);
+
+            var masterBytes = Encoding.UTF8.GetBytes(masterKey);
+            var infoBytes = Encoding.UTF8.GetBytes(purpose);
+            byte[]? saltBytes = salt is null ? null : Encoding.UTF8.GetBytes(salt);
+
+            try
+            {
+                return DeriveSubkey(
+                    masterBytes,
+                    infoBytes,
+                    lengthBytes,
+                    saltBytes is null ? [] : saltBytes);
+            }
+            finally
+            {
+                CryptographicOperations.ZeroMemory(masterBytes);
+                CryptographicOperations.ZeroMemory(infoBytes);
+                if (saltBytes is not null)
+                {
+                    CryptographicOperations.ZeroMemory(saltBytes);
+                }
+            }
         }
 
         /// <summary>
-        /// Derives a subkey from the specified master key and purpose, and returns the result as a Base64-encoded
-        /// string.
+        /// Base64 helper.
         /// </summary>
-        /// <param name="masterKey">The master key used as the basis for subkey derivation. Cannot be null or empty.</param>
-        /// <param name="purpose">A string that specifies the intended purpose of the derived subkey. Used to ensure subkeys are unique for
-        /// different purposes. Cannot be null or empty.</param>
-        /// <param name="lengthBytes">The desired length, in bytes, of the derived subkey. Must be a positive integer.</param>
-        /// <returns>A Base64-encoded string representing the derived subkey.</returns>
-        public static string DeriveSubkeyBase64(string masterKey, string purpose, int lengthBytes)
+        public static string DeriveSubkeyBase64(
+            string masterKey,
+            string purpose,
+            int lengthBytes,
+            string? salt = null)
         {
-            var bytes = DeriveSubkey(masterKey, purpose, lengthBytes);
+            var bytes = DeriveSubkey(masterKey, purpose, lengthBytes, salt);
             return Convert.ToBase64String(bytes);
         }
     }

Sources/EasyExtensions.Mediator/Contracts/IMediator.cs

@@ -1,4 +1,11 @@
 namespace EasyExtensions.Mediator.Contracts
 {
+    /// <summary>
+    /// Defines a mediator that coordinates sending requests and publishing notifications between components.
+    /// </summary>
+    /// <remarks>Implementations of this interface typically provide a central point for handling commands,
+    /// queries, and events, decoupling the sender from the receiver. IMediator combines the capabilities of ISender and
+    /// IPublisher, allowing both request/response and publish/subscribe patterns. Thread safety and lifetime management
+    /// depend on the specific implementation.</remarks>
     public interface IMediator : ISender, IPublisher { }
 }