2
2
mirror of https://github.com/octoleo/restic.git synced 2024-12-23 03:18:55 +00:00

Move KDF() to kdf.go

This commit is contained in:
Alexander Neumann 2016-08-21 11:33:46 +02:00
parent 7e6fc15ece
commit 11098d6eb0
2 changed files with 35 additions and 29 deletions

View File

@ -9,7 +9,6 @@ import (
"fmt"
"golang.org/x/crypto/poly1305"
"golang.org/x/crypto/scrypt"
)
const (
@ -315,34 +314,6 @@ func Decrypt(ks *Key, plaintext []byte, ciphertextWithMac []byte) ([]byte, error
return plaintext, nil
}
// KDF derives encryption and message authentication keys from the password
// using the supplied parameters N, R and P and the Salt.
func KDF(N, R, P int, salt []byte, password string) (*Key, error) {
if len(salt) == 0 {
return nil, fmt.Errorf("scrypt() called with empty salt")
}
derKeys := &Key{}
keybytes := macKeySize + aesKeySize
scryptKeys, err := scrypt.Key([]byte(password), salt, N, R, P, keybytes)
if err != nil {
return nil, fmt.Errorf("error deriving keys from password: %v", err)
}
if len(scryptKeys) != keybytes {
return nil, fmt.Errorf("invalid numbers of bytes expanded from scrypt(): %d", len(scryptKeys))
}
// first 32 byte of scrypt output is the encryption key
copy(derKeys.Encrypt[:], scryptKeys[:aesKeySize])
// next 32 byte of scrypt output is the mac key, in the form k||r
macKeyFromSlice(&derKeys.MAC, scryptKeys[aesKeySize:])
return derKeys, nil
}
// Valid tests if the key is valid.
func (k *Key) Valid() bool {
return k.Encrypt.Valid() && k.MAC.Valid()

35
src/restic/crypto/kdf.go Normal file
View File

@ -0,0 +1,35 @@
package crypto
import (
"fmt"
"golang.org/x/crypto/scrypt"
)
// KDF derives encryption and message authentication keys from the password
// using the supplied parameters N, R and P and the Salt.
func KDF(N, R, P int, salt []byte, password string) (*Key, error) {
if len(salt) == 0 {
return nil, fmt.Errorf("scrypt() called with empty salt")
}
derKeys := &Key{}
keybytes := macKeySize + aesKeySize
scryptKeys, err := scrypt.Key([]byte(password), salt, N, R, P, keybytes)
if err != nil {
return nil, fmt.Errorf("error deriving keys from password: %v", err)
}
if len(scryptKeys) != keybytes {
return nil, fmt.Errorf("invalid numbers of bytes expanded from scrypt(): %d", len(scryptKeys))
}
// first 32 byte of scrypt output is the encryption key
copy(derKeys.Encrypt[:], scryptKeys[:aesKeySize])
// next 32 byte of scrypt output is the mac key, in the form k||r
macKeyFromSlice(&derKeys.MAC, scryptKeys[aesKeySize:])
return derKeys, nil
}