Affected by GO-2022-0618 and 11 other vulnerabilities

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

kdf

package

v0.5.0-rc2 Latest Latest Go to latest Published: Feb 4, 2016 License: MPL-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/hashicorp/vault

Documentation ¶

Overview ¶

This package is used to implement Key Derivation Functions (KDF) based on the recommendations of NIST SP 800-108. These are useful for generating unique-per-transaction keys, or situations in which a key hierarchy may be useful.

Index ¶

Constants
func CounterMode(prf PRF, prfLen uint32, key []byte, context []byte, bits uint32) ([]byte, error)
func HMACSHA256PRF(key []byte, data []byte) ([]byte, error)
type PRF

Constants ¶

View Source

const (
	// HMACSHA256PRFLen is the length of output from HMACSHA256PRF
	HMACSHA256PRFLen uint32 = 256
)

Variables ¶

This section is empty.

Functions ¶

func CounterMode ¶

func CounterMode(prf PRF, prfLen uint32, key []byte, context []byte, bits uint32) ([]byte, error)

CounterMode implements the counter mode KDF that uses a psuedo-random-function (PRF) along with a counter to generate derived keys. The KDF takes a base key a derivation context, and the requried number of output bits.

func HMACSHA256PRF ¶

func HMACSHA256PRF(key []byte, data []byte) ([]byte, error)

HMACSHA256PRF is a pseudo-random-function (PRF) that uses an HMAC-SHA256

Types ¶

type PRF ¶

type PRF func([]byte, []byte) ([]byte, error)

PRF is a psuedo-random function that takes a key or seed, as well as additional binary data and generates output that is indistinguishable from random. Examples are cryptographic hash functions or block ciphers.

Source Files ¶

View all Source files

kdf.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL