diff --git a/internal/crypto/kdf.go b/internal/crypto/kdf.go index a0d98e748..a63f3064a 100644 --- a/internal/crypto/kdf.go +++ b/internal/crypto/kdf.go @@ -12,22 +12,22 @@ import ( const saltLength = 64 -// KDFParams are the default parameters used for the key derivation function KDF(). -type KDFParams struct { +// Params are the default parameters used for the key derivation function KDF(). +type Params struct { N int R int P int } // DefaultKDFParams are the default parameters used for Calibrate and KDF(). -var DefaultKDFParams = KDFParams{ +var DefaultKDFParams = Params{ N: sscrypt.DefaultParams.N, R: sscrypt.DefaultParams.R, P: sscrypt.DefaultParams.P, } // Calibrate determines new KDF parameters for the current hardware. -func Calibrate(timeout time.Duration, memory int) (KDFParams, error) { +func Calibrate(timeout time.Duration, memory int) (Params, error) { defaultParams := sscrypt.Params{ N: DefaultKDFParams.N, R: DefaultKDFParams.R, @@ -41,7 +41,7 @@ func Calibrate(timeout time.Duration, memory int) (KDFParams, error) { return DefaultKDFParams, errors.Wrap(err, "scrypt.Calibrate") } - return KDFParams{ + return Params{ N: params.N, R: params.R, P: params.P, @@ -50,7 +50,7 @@ func Calibrate(timeout time.Duration, memory int) (KDFParams, error) { // KDF derives encryption and message authentication keys from the password // using the supplied parameters N, R and P and the Salt. -func KDF(p KDFParams, salt []byte, password string) (*Key, error) { +func KDF(p Params, salt []byte, password string) (*Key, error) { if len(salt) != saltLength { return nil, errors.Errorf("scrypt() called with invalid salt bytes (len %d)", len(salt)) } diff --git a/internal/repository/key.go b/internal/repository/key.go index 29198eced..e378991cb 100644 --- a/internal/repository/key.go +++ b/internal/repository/key.go @@ -44,9 +44,9 @@ type Key struct { name string } -// KDFParams tracks the parameters used for the KDF. If not set, it will be +// Params tracks the parameters used for the KDF. If not set, it will be // calibrated on the first run of AddKey(). -var KDFParams *crypto.KDFParams +var Params *crypto.Params var ( // KDFTimeout specifies the maximum runtime for the KDF. @@ -76,7 +76,7 @@ func OpenKey(ctx context.Context, s *Repository, name string, password string) ( } // derive user key - params := crypto.KDFParams{ + params := crypto.Params{ N: k.N, R: k.R, P: k.P, @@ -166,13 +166,13 @@ func LoadKey(ctx context.Context, s *Repository, name string) (k *Key, err error // AddKey adds a new key to an already existing repository. func AddKey(ctx context.Context, s *Repository, password string, template *crypto.Key) (*Key, error) { // make sure we have valid KDF parameters - if KDFParams == nil { + if Params == nil { p, err := crypto.Calibrate(KDFTimeout, KDFMemory) if err != nil { return nil, errors.Wrap(err, "Calibrate") } - KDFParams = &p + Params = &p debug.Log("calibrated KDF parameters are %v", p) } @@ -180,9 +180,9 @@ func AddKey(ctx context.Context, s *Repository, password string, template *crypt newkey := &Key{ Created: time.Now(), KDF: "scrypt", - N: KDFParams.N, - R: KDFParams.R, - P: KDFParams.P, + N: Params.N, + R: Params.R, + P: Params.P, } hn, err := os.Hostname() @@ -202,7 +202,7 @@ func AddKey(ctx context.Context, s *Repository, password string, template *crypt } // call KDF to derive user key - newkey.user, err = crypto.KDF(*KDFParams, newkey.Salt, password) + newkey.user, err = crypto.KDF(*Params, newkey.Salt, password) if err != nil { return nil, err } diff --git a/internal/repository/testing.go b/internal/repository/testing.go index 903971138..7b76762dd 100644 --- a/internal/repository/testing.go +++ b/internal/repository/testing.go @@ -15,7 +15,7 @@ import ( ) // testKDFParams are the parameters for the KDF to be used during testing. -var testKDFParams = crypto.KDFParams{ +var testKDFParams = crypto.Params{ N: 128, R: 1, P: 1, @@ -28,7 +28,7 @@ type logger interface { // TestUseLowSecurityKDFParameters configures low-security KDF parameters for testing. func TestUseLowSecurityKDFParameters(t logger) { t.Logf("using low-security KDF parameters for test") - KDFParams = &testKDFParams + Params = &testKDFParams } // TestBackend returns a fully configured in-memory backend.