kdf

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 7, 2019 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	SCRYPT = "SCRYPT"
	PBKDF2 = "PBKDF2"
)

supported Key Derivation Functions

Variables

View Source
var DefaultPbkdf2Iteration = "10000000"

Default PBKDF2 iteration count NIST recommended this should be large as verification server performance will allow references https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf

View Source
var DefaultPbkdf2Params = map[string]string{
	"iteration": DefaultPbkdf2Iteration,
	"hashOpt":   hashing.SHA384,
}
View Source
var DefaultSaltSize = 8

Default Salt Size (byte)

View Source
var DefaultScryptN = "1048576" // 1 << 20 (2^20)

Default scrypt Parameters references https://media.readthedocs.org/pdf/cryptography/stable/cryptography.pdf https://godoc.org/golang.org/x/crypto/scrypt https://blog.filippo.io/the-scrypt-parameters/ N is CPU/Memory cost parameter. It should highest power of 2 that key derived in 100ms.

View Source
var DefaultScryptP = "1"

P(Parallelization parameter) : a positive integer satisfying p ≤ (232− 1) * hLen / MFLen.

View Source
var DefaultScryptParams = map[string]string{
	"N": DefaultScryptN,
	"R": DefaultScryptR,
	"P": DefaultScryptP,
}
View Source
var DefaultScryptR = "8"

R(blocksize parameter) : fine-tune sequential memory read size and performance. (8 is commonly used)

View Source
var ErrKdfNotSupported = errors.New("kdf not supported")

Errors

View Source
var ErrPbkdf2HashOptValueNotExist = errors.New("input parameters have no [hashOpt], pbkdf2 parameters should have [hashOpt]")
View Source
var ErrPbkdf2HashOptValueZeroOrNegative = errors.New("invalid hash option [hashOpt]")
View Source
var ErrPbkdf2IterationValueNotExist = errors.New("input parameters have no [iteration], pbkdf2 parameters should have [iteration]")
View Source
var ErrPbkdf2IterationValueZeroOrNegative = errors.New("pbkdf2 [iteration] should be non-zero and positive value")
View Source
var ErrPbkdf2ParamsNumber = errors.New("number of pbkdf2 parameters should be 2")
View Source
var ErrScryptNValueNotExist = errors.New("input parameters have no [N], scrypt parameters should have [N]")
View Source
var ErrScryptNValueZeroOrNegative = errors.New("scrypt [N] should be non-zero and positive value")
View Source
var ErrScryptPValueNotExist = errors.New("input parameters have no [P], scrypt parameters should have [P]")
View Source
var ErrScryptPValueZeroOrNegative = errors.New("scrypt [P] should be non-zero and positive value")
View Source
var ErrScryptParamsNumber = errors.New("number of scrypt parameters should be 3")
View Source
var ErrScryptRValueNotExist = errors.New("input parameters have no [R], scrypt parameters should have [R]")
View Source
var ErrScryptRValueZeroOrNegative = errors.New("scrypt [R] should be non-zero and positive value")
View Source
var TestSalt = []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}

Note: salt have to be unique, so do not use this for real implementation.

Functions

func DeriveKey

func DeriveKey(pwd []byte, salt []byte, keyLen int, kdfOpt *Opts) (dKey []byte, err error)

Types

type Opts

type Opts struct {
	KdfName   string
	KdfParams map[string]string
}

func NewOpts

func NewOpts(kdfName string, kdfParams map[string]string) (*Opts, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL