forked from TrueCloudLab/restic
Move KDF() to kdf.go
This commit is contained in:
Alexander Neumann
parent
7e6fc15ece
commit
11098d6eb0
2 changed files with 35 additions and 29 deletions
|
|
@ -9,7 +9,6 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"golang.org/x/crypto/poly1305"
|
"golang.org/x/crypto/poly1305"
|
||||||
"golang.org/x/crypto/scrypt"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
@ -315,34 +314,6 @@ func Decrypt(ks *Key, plaintext []byte, ciphertextWithMac []byte) ([]byte, error
|
||||||
return plaintext, nil
|
return plaintext, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// KDF derives encryption and message authentication keys from the password
|
|
||||||
// using the supplied parameters N, R and P and the Salt.
|
|
||||||
func KDF(N, R, P int, salt []byte, password string) (*Key, error) {
|
|
||||||
if len(salt) == 0 {
|
|
||||||
return nil, fmt.Errorf("scrypt() called with empty salt")
|
|
||||||
}
|
|
||||||
|
|
||||||
derKeys := &Key{}
|
|
||||||
|
|
||||||
keybytes := macKeySize + aesKeySize
|
|
||||||
scryptKeys, err := scrypt.Key([]byte(password), salt, N, R, P, keybytes)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("error deriving keys from password: %v", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(scryptKeys) != keybytes {
|
|
||||||
return nil, fmt.Errorf("invalid numbers of bytes expanded from scrypt(): %d", len(scryptKeys))
|
|
||||||
}
|
|
||||||
|
|
||||||
// first 32 byte of scrypt output is the encryption key
|
|
||||||
copy(derKeys.Encrypt[:], scryptKeys[:aesKeySize])
|
|
||||||
|
|
||||||
// next 32 byte of scrypt output is the mac key, in the form k||r
|
|
||||||
macKeyFromSlice(&derKeys.MAC, scryptKeys[aesKeySize:])
|
|
||||||
|
|
||||||
return derKeys, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// Valid tests if the key is valid.
|
// Valid tests if the key is valid.
|
||||||
func (k *Key) Valid() bool {
|
func (k *Key) Valid() bool {
|
||||||
return k.Encrypt.Valid() && k.MAC.Valid()
|
return k.Encrypt.Valid() && k.MAC.Valid()
|
||||||
|
|
|
||||||
35
src/restic/crypto/kdf.go
Normal file
35
src/restic/crypto/kdf.go
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
package crypto
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"golang.org/x/crypto/scrypt"
|
||||||
|
)
|
||||||
|
|
||||||
|
// KDF derives encryption and message authentication keys from the password
|
||||||
|
// using the supplied parameters N, R and P and the Salt.
|
||||||
|
func KDF(N, R, P int, salt []byte, password string) (*Key, error) {
|
||||||
|
if len(salt) == 0 {
|
||||||
|
return nil, fmt.Errorf("scrypt() called with empty salt")
|
||||||
|
}
|
||||||
|
|
||||||
|
derKeys := &Key{}
|
||||||
|
|
||||||
|
keybytes := macKeySize + aesKeySize
|
||||||
|
scryptKeys, err := scrypt.Key([]byte(password), salt, N, R, P, keybytes)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("error deriving keys from password: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(scryptKeys) != keybytes {
|
||||||
|
return nil, fmt.Errorf("invalid numbers of bytes expanded from scrypt(): %d", len(scryptKeys))
|
||||||
|
}
|
||||||
|
|
||||||
|
// first 32 byte of scrypt output is the encryption key
|
||||||
|
copy(derKeys.Encrypt[:], scryptKeys[:aesKeySize])
|
||||||
|
|
||||||
|
// next 32 byte of scrypt output is the mac key, in the form k||r
|
||||||
|
macKeyFromSlice(&derKeys.MAC, scryptKeys[aesKeySize:])
|
||||||
|
|
||||||
|
return derKeys, nil
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue