Add logic to derive ente login key
This commit is contained in:
parent
82f5960973
commit
edd1af6699
|
@ -11,7 +11,13 @@ import (
|
||||||
"golang.org/x/crypto/argon2"
|
"golang.org/x/crypto/argon2"
|
||||||
)
|
)
|
||||||
|
|
||||||
// deriveArgonKey generates a 32-bit cryptographic key using the Argon2id algorithm.
|
const (
|
||||||
|
loginSubKeyLen = 32
|
||||||
|
loginSubKeyId = 1
|
||||||
|
loginSubKeyContext = "loginctx"
|
||||||
|
)
|
||||||
|
|
||||||
|
// DeriveArgonKey generates a 32-bit cryptographic key using the Argon2id algorithm.
|
||||||
// Parameters:
|
// Parameters:
|
||||||
// - password: The plaintext password to be hashed.
|
// - password: The plaintext password to be hashed.
|
||||||
// - salt: The salt as a base64 encoded string.
|
// - salt: The salt as a base64 encoded string.
|
||||||
|
@ -68,3 +74,10 @@ func decryptChaCha20poly1305(data []byte, key []byte, nonce []byte) ([]byte, err
|
||||||
}
|
}
|
||||||
return decryptedData[:n], nil
|
return decryptedData[:n], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func DeriveLoginKey(keyEncKey []byte) []byte {
|
||||||
|
mainKey := sodium.MasterKey{Bytes: keyEncKey}
|
||||||
|
subKey := mainKey.Derive(loginSubKeyLen, loginSubKeyId, loginSubKeyContext).Bytes
|
||||||
|
// return the first 16 bytes of the derived key
|
||||||
|
return subKey[:16]
|
||||||
|
}
|
||||||
|
|
|
@ -17,7 +17,7 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestDeriveArgonKey(t *testing.T) {
|
func TestDeriveArgonKey(t *testing.T) {
|
||||||
derivedKey, err := deriveArgonKey(password, kdfSalt, memLimit, opsLimit)
|
derivedKey, err := DeriveArgonKey(password, kdfSalt, memLimit, opsLimit)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to derive key: %v", err)
|
t.Fatalf("Failed to derive key: %v", err)
|
||||||
}
|
}
|
||||||
|
@ -28,7 +28,7 @@ func TestDeriveArgonKey(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestDecryptChaCha20poly1305(t *testing.T) {
|
func TestDecryptChaCha20poly1305(t *testing.T) {
|
||||||
derivedKey, err := deriveArgonKey(password, kdfSalt, memLimit, opsLimit)
|
derivedKey, err := DeriveArgonKey(password, kdfSalt, memLimit, opsLimit)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to derive key: %v", err)
|
t.Fatalf("Failed to derive key: %v", err)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue