From 94e3891f674c5ec3d6462ddabf91f176af0cbb7f Mon Sep 17 00:00:00 2001 From: Emil Bay Date: Wed, 7 Jun 2017 22:38:40 +0200 Subject: [PATCH] Added crypto_kdf --- crypto_kdf.js | 37 +++++++++++++++++++++++++++++++++++++ index.js | 1 + package.json | 2 +- 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 crypto_kdf.js diff --git a/crypto_kdf.js b/crypto_kdf.js new file mode 100644 index 0000000..1536250 --- /dev/null +++ b/crypto_kdf.js @@ -0,0 +1,37 @@ +var assert = require('assert') +var randombytes_buf = require('.').randombytes_buf +var blake2b = require('blake2b') + +module.exports.crypto_kdf_PRIMITIVE = 'blake2b' +module.exports.crypto_kdf_BYTES_MIN = 16 +module.exports.crypto_kdf_BYTES_MAX = 64 +module.exports.crypto_kdf_CONTEXTBYTES = 8 +module.exports.crypto_kdf_KEYBYTES = 64 + +function STORE64_LE(dest, int) { + var mul = 1 + var i = 0 + dest[0] = int & 0xFF + while (++i < 8 && (mul *= 0x100)) { + dest[i] = (int / mul) & 0xFF + } +} + +module.exports.crypto_kdf_derive_from_key = function crypto_kdf_derive_from_key (subkey, subkey_id, ctx, key) { + assert(subkey.length >= module.exports.crypto_kdf_BYTES_MIN, 'subkey must be') + assert(ctx.length >= module.exports.crypto_kdf_CONTEXTBYTES, 'context must be') + + var ctx_padded = new Uint8Array(blake2b.PERSONALBYTES) + var salt = new Uint8Array(blake2b.SALTBYTES) + + ctx_padded.set(ctx, 0, module.exports.crypto_kdf_CONTEXTBYTES) + + STORE64_LE(salt, subkey_id) + + blake2b(subkey.slice(0, Math.min(subkey.length, module.exports.crypto_kdf_BYTES_MAX)), [], key, salt, ctx_padded, true) +} + +module.exports.crypto_kdf_keygen = function crypto_kdf_keygen (out) { + assert(out.length >= module.exports.crypto_kdf_KEYBYTES) + randombytes_buf(out, module.exports.crypto_kdf_KEYBYTES) +} diff --git a/index.js b/index.js index 9e7624c..98b818f 100644 --- a/index.js +++ b/index.js @@ -2198,6 +2198,7 @@ sodium.crypto_sign_detached = crypto_sign_detached sodium.crypto_sign_verify_detached = crypto_sign_verify_detached forward(require('./crypto_generichash')) +forward(require('./crypto_kdf')) sodium.crypto_stream_KEYBYTES = 32 sodium.crypto_stream_NONCEBYTES = 24 diff --git a/package.json b/package.json index dfb00de..27b279a 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,7 @@ "blake2b": "^1.2.0" }, "devDependencies": { - "sodium-test": "^0.2.0" + "sodium-test": "^0.3.0" }, "repository": { "type": "git",