kdf

Documentation

Index

• Constants
• Variables
• func DeriveKey(pwd []byte, salt []byte, keyLen int, kdfOpt *Opts) (dKey []byte, err error)
• type Opts
  • func NewOpts(kdfName string, kdfParams map[string]string) (*Opts, error)

Constants

const (
	SCRYPT = "SCRYPT"
	PBKDF2 = "PBKDF2"
)

supported Key Derivation Functions

Variables

var DefaultPbkdf2Iteration = "10000000"

Default PBKDF2 iteration count NIST recommended this should be large as verification server performance will allow references https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf

var DefaultPbkdf2Params = map[string]string{
	"iteration": DefaultPbkdf2Iteration,
	"hashOpt":   hashing.SHA384,
}

var DefaultSaltSize = 8

Default Salt Size (byte)

var DefaultScryptN = "1048576" // 1 << 20 (2^20)

Default scrypt Parameters references https://media.readthedocs.org/pdf/cryptography/stable/cryptography.pdf https://godoc.org/golang.org/x/crypto/scrypt https://blog.filippo.io/the-scrypt-parameters/ N is CPU/Memory cost parameter. It should highest power of 2 that key derived in 100ms.

var DefaultScryptP = "1"

P(Parallelization parameter) : a positive integer satisfying p ≤ (232− 1) * hLen / MFLen.

var DefaultScryptParams = map[string]string{
	"N": DefaultScryptN,
	"R": DefaultScryptR,
	"P": DefaultScryptP,
}

var DefaultScryptR = "8"

R(blocksize parameter) : fine-tune sequential memory read size and performance. (8 is commonly used)

var ErrKdfNotSupported = errors.New("kdf not supported")

Errors

var ErrPbkdf2HashOptValueNotExist = errors.New("input parameters have no [hashOpt], pbkdf2 parameters should have [hashOpt]")

var ErrPbkdf2HashOptValueZeroOrNegative = errors.New("invalid hash option [hashOpt]")

var ErrPbkdf2IterationValueNotExist = errors.New("input parameters have no [iteration], pbkdf2 parameters should have [iteration]")

var ErrPbkdf2IterationValueZeroOrNegative = errors.New("pbkdf2 [iteration] should be non-zero and positive value")

var ErrPbkdf2ParamsNumber = errors.New("number of pbkdf2 parameters should be 2")

var ErrScryptNValueNotExist = errors.New("input parameters have no [N], scrypt parameters should have [N]")

var ErrScryptNValueZeroOrNegative = errors.New("scrypt [N] should be non-zero and positive value")

var ErrScryptPValueNotExist = errors.New("input parameters have no [P], scrypt parameters should have [P]")

var ErrScryptPValueZeroOrNegative = errors.New("scrypt [P] should be non-zero and positive value")

var ErrScryptParamsNumber = errors.New("number of scrypt parameters should be 3")

var ErrScryptRValueNotExist = errors.New("input parameters have no [R], scrypt parameters should have [R]")

var ErrScryptRValueZeroOrNegative = errors.New("scrypt [R] should be non-zero and positive value")

var TestSalt = []byte{0xc8, 0x28, 0xf2, 0x58, 0xa7, 0x6a, 0xad, 0x7b}

Note: salt have to be unique, so do not use this for real implementation.

Functions

func DeriveKey

func DeriveKey(pwd []byte, salt []byte, keyLen int, kdfOpt *Opts) (dKey []byte, err error)

Types

type Opts

type Opts struct {
	KdfName   string
	KdfParams map[string]string
}

func NewOpts

func NewOpts(kdfName string, kdfParams map[string]string) (*Opts, error)