-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
hkdf.go
55 lines (47 loc) · 1.26 KB
/
hkdf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package encrypt
import (
"crypto/rand"
"crypto/sha256"
"io"
"github.com/Laisky/errors"
"golang.org/x/crypto/hkdf"
)
// HKDFWithSHA256 derivative keys by HKDF with sha256.
// same key & salt will derivative same keys
//
// # Example
//
// derivative multiple keys:
//
// results := make([][]byte, 10)
// for i := range results {
// results[i] = make([]byte, 20)
// }
// HKDFWithSHA256([]byte("your key"), nil, nil, results)
func HKDFWithSHA256(secret, salt, info []byte, results [][]byte) error {
h := hkdf.New(sha256.New, secret, salt, info)
for i := range results {
if _, err := io.ReadFull(h, results[i]); err != nil {
return errors.Wrap(err, "read from hkdf reader")
}
}
return nil
}
// Salt generate random salt with specifiec length
func Salt(length int) ([]byte, error) {
salt := make([]byte, length)
_, err := rand.Read(salt)
if err != nil {
return nil, errors.Wrap(err, "generate salt")
}
return salt, nil
}
// ExpandSecret expand secret to specified length
func ExpandSecret(secret []byte, expectLen int) ([]byte, error) {
results := make([][]byte, 1)
results[0] = make([]byte, expectLen)
if err := HKDFWithSHA256(secret, nil, nil, results); err != nil {
return nil, errors.Wrap(err, "derivative key by hkdf")
}
return results[0], nil
}