From 762d45d92db53b32deae43fb593e1fe977ece3b7 Mon Sep 17 00:00:00 2001 From: Reinaldy Rafli Date: Thu, 1 Jul 2021 10:26:38 +0700 Subject: [PATCH] feat: salt length option --- argon2/README.md | 3 ++- argon2/argon2.go | 14 ++++++++++---- pbkdf2/README.md | 3 ++- pbkdf2/pbkdf2.go | 12 +++++++++--- phc-crypto.go | 1 + scrypt/README.md | 3 ++- scrypt/scrypt.go | 8 +++++++- 7 files changed, 33 insertions(+), 11 deletions(-) diff --git a/argon2/README.md b/argon2/README.md index 163e4a2..865a79e 100644 --- a/argon2/README.md +++ b/argon2/README.md @@ -23,8 +23,9 @@ All three modes allow specification by three parameters that control: | Time | `int` | 32768 | Number of iterations to perform | | Memory | `int` | 8 | Amount of memory (in kilobytes) to use | | Parallelism | `int` | 4 | Parallelism factor (threads to run in parallel). | +| Variant | `Variant` | `argon2.ID` | Argon2 variant to be used (`argon2.ID` or `argon2.I`)| | KeyLen | `int` | 64 | How many bytes to generate as output. | -| Variant | `string` | id | Argon2 variant to be used (`id` or `i`)| +| SaltLen | `int` | 16 | Salt length in bytes | ## Usage with PHC Crypto diff --git a/argon2/argon2.go b/argon2/argon2.go index fa4d4b9..e7ec533 100644 --- a/argon2/argon2.go +++ b/argon2/argon2.go @@ -19,6 +19,7 @@ type Config struct { Memory int Parallelism int KeyLen int + SaltLen int Variant Variant } @@ -33,8 +34,8 @@ const ( ) const ( - // KEYLEN is the desired number of returned bytes - KEYLEN = 64 + // KEY_LENGTH is the desired number of returned bytes + KEY_LENGTH = 64 // TIME is the number of iterations to perform TIME = 16 // MEMORY is the a mount of memory (in kilobytes) to use @@ -43,12 +44,14 @@ const ( PARALLELISM = 4 // DEFAULT_VARIANT combines the Argon2d and Argon2i DEFAULT_VARIANT = ID + // SALT_LENGTH is the default salth length in bytes. + SALT_LENGTH = 32 ) // Hash creates a PHC-formatted hash with config provided func Hash(plain string, config Config) (string, error) { if config.KeyLen == 0 { - config.KeyLen = KEYLEN + config.KeyLen = KEY_LENGTH } if config.Time == 0 { config.Time = TIME @@ -62,9 +65,12 @@ func Hash(plain string, config Config) (string, error) { if config.Variant == -1 { config.Variant = DEFAULT_VARIANT } + if config.SaltLen == 0 { + config.SaltLen = SALT_LENGTH + } // random-generated salt (16 bytes recommended for password hashing) - salt := make([]byte, 32) + salt := make([]byte, config.SaltLen) io.ReadFull(rand.Reader, salt) var hash []byte diff --git a/pbkdf2/README.md b/pbkdf2/README.md index 1ace28d..79b16bb 100644 --- a/pbkdf2/README.md +++ b/pbkdf2/README.md @@ -10,9 +10,10 @@ In cryptography, PBKDF1 and PBKDF2 (Password-Based Key Derivation Function 1 and | Key | Type | Default | Notes |---|---|---|---| -| KeyLen | `int` | 32 | How many bytes to generate as output. | | Rounds | `int` | 4096 | Iteration counts. | | HashFunc | `string` | `sha256` | For calculating HMAC | +| KeyLen | `int` | 32 | How many bytes to generate as output. | +| SaltLen | `int` | 16 | Salt length in bytes | ## Usage with PHC Crypto diff --git a/pbkdf2/pbkdf2.go b/pbkdf2/pbkdf2.go index cf27a9f..a41205b 100644 --- a/pbkdf2/pbkdf2.go +++ b/pbkdf2/pbkdf2.go @@ -22,15 +22,18 @@ type Config struct { Rounds int KeyLen int HashFunc string + SaltLen int } const ( // ROUNDS is the iteration counts. ROUNDS = 4096 // KEYLEN is how many bytes to generate as output. - KEYLEN = 32 + KEY_LENGTH = 32 // DEFAULT_HASHFUNCTION is for calculating HMAC. Defaulting to sha256. DEFAULT_HASHFUNCTION = "sha256" + // SALT_LENGTH is the default salth length in bytes. + SALT_LENGTH = 16 ) // Hash creates a PHC-formatted hash with config provided @@ -39,14 +42,17 @@ func Hash(plain string, config Config) (string, error) { config.Rounds = ROUNDS } if config.KeyLen == 0 { - config.KeyLen = KEYLEN + config.KeyLen = KEY_LENGTH } if config.HashFunc == "" { config.HashFunc = DEFAULT_HASHFUNCTION } + if config.SaltLen == 0 { + config.SaltLen = SALT_LENGTH + } // minimum 64 bits, 128 bits is recommended - salt := make([]byte, 16) + salt := make([]byte, config.SaltLen) io.ReadFull(rand.Reader, salt) var hash []byte diff --git a/phc-crypto.go b/phc-crypto.go index ec1c063..82157a3 100644 --- a/phc-crypto.go +++ b/phc-crypto.go @@ -30,6 +30,7 @@ type Config struct { Rounds int Parallelism int KeyLen int + SaltLen int Variant argon2.Variant HashFunc string } diff --git a/scrypt/README.md b/scrypt/README.md index 8d5b937..f9bda71 100644 --- a/scrypt/README.md +++ b/scrypt/README.md @@ -13,7 +13,8 @@ scrypt (pronounced "ess crypt") is a password-based key derivation function crea | Cost | `int` | 32768 | Iterations count (affects memory and CPU usage) | | Rounds | `int` | 8 | Block size (affects memory and CPU usage) | | Parallelism | `int` | 1 | Parallelism factor (threads to run in parallel - affects the memory, CPU usage). | -| KeyLen | `int` | 32 | How many bytes to generate as output. | +| KeyLen | `int` | 32 | How many bytes to generate as output. | +| SaltLen | `int` | 16 | Salt length in bytes | ## Usage with PHC Crypto diff --git a/scrypt/scrypt.go b/scrypt/scrypt.go index 8363df2..29f8b7e 100644 --- a/scrypt/scrypt.go +++ b/scrypt/scrypt.go @@ -19,6 +19,7 @@ type Config struct { Rounds int Parallelism int KeyLen int + SaltLen int } const ( @@ -32,6 +33,8 @@ const ( ROUNDS = 8 // PARALLELISM is the parallelism factor (threads to run in parallel - affects the memory, CPU usage). PARALLELISM = 1 + // SALT_LENGTH is the default salth length in bytes. + SALT_LENGTH = 16 ) // Hash creates a PHC-formatted hash with config provided @@ -48,8 +51,11 @@ func Hash(plain string, config Config) (string, error) { if config.Parallelism == 0 { config.Parallelism = PARALLELISM } + if config.SaltLen == 0 { + config.SaltLen = SALT_LENGTH + } - salt := make([]byte, 16) + salt := make([]byte, config.SaltLen) io.ReadFull(rand.Reader, salt) hash, err := scrypt.Key([]byte(plain), salt, config.Cost, config.Rounds, config.Parallelism, config.KeyLen)