1 |
|
2 | const assert = require('nanoassert')
|
3 | const randombytes_buf = require('./randombytes').randombytes_buf
|
4 | const blake2b = require('blake2b')
|
5 |
|
6 | module.exports.crypto_kdf_PRIMITIVE = 'blake2b'
|
7 | module.exports.crypto_kdf_BYTES_MIN = 16
|
8 | module.exports.crypto_kdf_BYTES_MAX = 64
|
9 | module.exports.crypto_kdf_CONTEXTBYTES = 8
|
10 | module.exports.crypto_kdf_KEYBYTES = 32
|
11 |
|
12 | function STORE64_LE (dest, int) {
|
13 | var mul = 1
|
14 | var i = 0
|
15 | dest[0] = int & 0xFF
|
16 | while (++i < 8 && (mul *= 0x100)) {
|
17 | dest[i] = (int / mul) & 0xFF
|
18 | }
|
19 | }
|
20 |
|
21 | module.exports.crypto_kdf_derive_from_key = function crypto_kdf_derive_from_key (subkey, subkey_id, ctx, key) {
|
22 | assert(subkey.length >= module.exports.crypto_kdf_BYTES_MIN, 'subkey must be at least crypto_kdf_BYTES_MIN')
|
23 | assert(subkey_id >= 0 && subkey_id <= 0x1fffffffffffff, 'subkey_id must be safe integer')
|
24 | assert(ctx.length >= module.exports.crypto_kdf_CONTEXTBYTES, 'context must be at least crypto_kdf_CONTEXTBYTES')
|
25 |
|
26 | var ctx_padded = new Uint8Array(blake2b.PERSONALBYTES)
|
27 | var salt = new Uint8Array(blake2b.SALTBYTES)
|
28 |
|
29 | ctx_padded.set(ctx, 0, module.exports.crypto_kdf_CONTEXTBYTES)
|
30 | STORE64_LE(salt, subkey_id)
|
31 |
|
32 | var outlen = Math.min(subkey.length, module.exports.crypto_kdf_BYTES_MAX)
|
33 | blake2b(outlen, key.subarray(0, module.exports.crypto_kdf_KEYBYTES), salt, ctx_padded, true)
|
34 | .final(subkey)
|
35 | }
|
36 |
|
37 | module.exports.crypto_kdf_keygen = function crypto_kdf_keygen (out) {
|
38 | assert(out.length >= module.exports.crypto_kdf_KEYBYTES, 'out.length must be crypto_kdf_KEYBYTES')
|
39 | randombytes_buf(out.subarray(0, module.exports.crypto_kdf_KEYBYTES))
|
40 | }
|