Add logic to derive ente login key
This commit is contained in:
parent
82f5960973
commit
edd1af6699
|
@ -11,7 +11,13 @@ import (
|
|||
"golang.org/x/crypto/argon2"
|
||||
)
|
||||
|
||||
// deriveArgonKey generates a 32-bit cryptographic key using the Argon2id algorithm.
|
||||
const (
|
||||
loginSubKeyLen = 32
|
||||
loginSubKeyId = 1
|
||||
loginSubKeyContext = "loginctx"
|
||||
)
|
||||
|
||||
// DeriveArgonKey generates a 32-bit cryptographic key using the Argon2id algorithm.
|
||||
// Parameters:
|
||||
// - password: The plaintext password to be hashed.
|
||||
// - salt: The salt as a base64 encoded string.
|
||||
|
@ -68,3 +74,10 @@ func decryptChaCha20poly1305(data []byte, key []byte, nonce []byte) ([]byte, err
|
|||
}
|
||||
return decryptedData[:n], nil
|
||||
}
|
||||
|
||||
func DeriveLoginKey(keyEncKey []byte) []byte {
|
||||
mainKey := sodium.MasterKey{Bytes: keyEncKey}
|
||||
subKey := mainKey.Derive(loginSubKeyLen, loginSubKeyId, loginSubKeyContext).Bytes
|
||||
// return the first 16 bytes of the derived key
|
||||
return subKey[:16]
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@ const (
|
|||
)
|
||||
|
||||
func TestDeriveArgonKey(t *testing.T) {
|
||||
derivedKey, err := deriveArgonKey(password, kdfSalt, memLimit, opsLimit)
|
||||
derivedKey, err := DeriveArgonKey(password, kdfSalt, memLimit, opsLimit)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to derive key: %v", err)
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ func TestDeriveArgonKey(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDecryptChaCha20poly1305(t *testing.T) {
|
||||
derivedKey, err := deriveArgonKey(password, kdfSalt, memLimit, opsLimit)
|
||||
derivedKey, err := DeriveArgonKey(password, kdfSalt, memLimit, opsLimit)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to derive key: %v", err)
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue