/
kdf.go
45 lines (35 loc) · 1.27 KB
/
kdf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Package kdf incorporates three KDFs (https://en.wikipedia.org/wiki/Key_derivation_function) used by Crypt4GH
package kdf
import (
"crypto/sha512"
// package is old but corresponds to "golang.org/x/crypto/ssh/internal/bcrypt_pbkdf"
"github.com/dchest/bcrypt_pbkdf"
"golang.org/x/crypto/chacha20poly1305"
"golang.org/x/crypto/pbkdf2"
"golang.org/x/crypto/scrypt"
)
// KDFS is a map of KDF names to implementations.
var KDFS = map[string]KDF{
"scrypt": sCrypt{},
"bcrypt": bCrypt{},
"pbkdf2_hmac_sha256": pbkdf2sha512{},
}
// KDF interface holding "Derive" method.
type KDF interface {
Derive(rounds int, password []byte, salt []byte) (derivedKey []byte, err error)
}
type sCrypt struct {
}
func (sCrypt) Derive(_ int, password, salt []byte) (derivedKey []byte, err error) {
return scrypt.Key(password, salt, 1<<14, 8, 1, chacha20poly1305.KeySize)
}
type bCrypt struct {
}
func (bCrypt) Derive(rounds int, password, salt []byte) (derivedKey []byte, err error) {
return bcrypt_pbkdf.Key(password, salt, rounds, chacha20poly1305.KeySize)
}
type pbkdf2sha512 struct {
}
func (pbkdf2sha512) Derive(rounds int, password, salt []byte) (derivedKey []byte, err error) {
return pbkdf2.Key(password, salt, rounds, chacha20poly1305.KeySize, sha512.New), nil
}