kdf

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 24, 2025 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Argon2id 

func Argon2id(secret, salt []byte, time, memoryKiB, threads uint32, length int) ([]byte, error)

Argon2id is a single-shot helper mirroring Argon2idDeriver.

func CheckParams 

func CheckParams(params DeriveParams, minIter, minSalt int) error

CheckParams validates PBKDF2 derivation parameters against the supplied minimums.

func HKDF 

func HKDF(newHash func() stdhash.Hash, ikm, salt, info []byte, outLen int) ([]byte, error)

HKDF derives key material of length outLen using HKDF with the provided hash.

func HKDFBlake2b 

func HKDFBlake2b(ikm, salt, info []byte, outLen int) ([]byte, error)

HKDFBlake2b derives key material using HKDF with BLAKE2b (64-byte digest).

func HKDFExpandWith 

func HKDFExpandWith(newHash func() stdhash.Hash, prk, info []byte, length int) ([]byte, error)

HKDFExpandWith derives key material from the PRK for the provided hash constructor.

func HKDFExtractWith 

func HKDFExtractWith(newHash func() stdhash.Hash, salt, ikm []byte) []byte

HKDFExtractWith returns the pseudorandom key (PRK) for the supplied hash constructor.

func HKDFSHA256 

func HKDFSHA256(ikm, salt, info []byte, outLen int) ([]byte, error)

HKDFSHA256 derives key material of length outLen using HKDF (RFC 5869) with SHA-256.

func HKDFSHA256Expand 

func HKDFSHA256Expand(prk, info []byte, outLen int) ([]byte, error)

HKDFSHA256Expand derives key material from the PRK for HKDF-SHA256.

func HKDFSHA256Extract 

func HKDFSHA256Extract(salt, ikm []byte) []byte

HKDFSHA256Extract returns the pseudorandom key (PRK) for HKDF-SHA256.

func PBKDF2SHA1 

func PBKDF2SHA1(password, salt []byte, iterations, keyLen int) ([]byte, error)

PBKDF2SHA1 derives key material using PBKDF2-HMAC-SHA1 (RFC 2898).

func PBKDF2SHA1Into 

func PBKDF2SHA1Into(password, salt []byte, iterations int, dst []byte) ([]byte, error)

PBKDF2SHA1Into derives key material into dst using PBKDF2-HMAC-SHA1.

func PBKDF2SHA256 

func PBKDF2SHA256(password, salt []byte, iterations, keyLen int) ([]byte, error)

PBKDF2SHA256 derives key material using PBKDF2-HMAC-SHA256.

func PBKDF2SHA256Into 

func PBKDF2SHA256Into(password, salt []byte, iterations int, dst []byte) ([]byte, error)

PBKDF2SHA256Into derives key material into dst using PBKDF2-HMAC-SHA256.

func Scrypt 

func Scrypt(password, salt []byte, N, r, p, keyLen int) ([]byte, error)

Scrypt derives keyLen bytes from password and salt using the scrypt KDF as specified by RFC 7914.

Types

type Argon2idDeriver 

type Argon2idDeriver struct {
	MemoryKiB uint32 // total memory in KiB (default 64 MiB)
	Time      uint32 // number of passes (default 1)
	Threads   uint32 // lanes/parallelism (default 1)
}

Argon2idDeriver implements the Deriver interface for Argon2id.

func (Argon2idDeriver) Derive 

func (a Argon2idDeriver) Derive(params DeriveParams) ([]byte, error)

Derive implements Deriver for Argon2id.

type DeriveParams 

type DeriveParams struct {
	// Secret holds the primary secret/input keying material (IKM/password).
	Secret []byte
	// Salt supplies optional diversification data.
	Salt []byte
	// Info carries optional context for HKDF-style constructions.
	Info []byte
	// Iterations controls the number of rounds for iterative KDFs such as PBKDF2.
	Iterations int
	// Length specifies how many bytes of key material to output.
	Length int
}

DeriveParams captures the inputs required by the various key-derivation helpers exposed by the library. Individual schemes may interpret fields differently and ignore those they do not require.

type Deriver 

type Deriver interface {
	Derive(params DeriveParams) ([]byte, error)
}

Deriver defines the minimal API implemented by each KDF helper in the package, offering a consistent single-shot derivation entrypoint.

func NewArgon2id 

func NewArgon2id() Deriver

NewArgon2id returns a Deriver configured with RFC 9106's interactive defaults (time=1, memory=64 MiB, threads=1).

func NewArgon2idWithParams 

func NewArgon2idWithParams(time, memoryKiB, threads uint32) Deriver

NewArgon2idWithParams allows callers to customise the Argon2id cost factors. Memory is expressed in KiB; threads controls the number of lanes processed.

func NewHKDF 

func NewHKDF(newHash func() stdhash.Hash) Deriver

NewHKDF constructs a Deriver backed by the provided hash constructor.

func NewHKDFBlake2b 

func NewHKDFBlake2b() Deriver

NewHKDFBlake2b returns a Deriver that computes HKDF using BLAKE2b as the underlying hash.

func NewHKDFSHA256 

func NewHKDFSHA256() Deriver

NewHKDFSHA256 returns a Deriver instance that computes HKDF-SHA256 (RFC 5869).

func NewPBKDF2SHA1 

func NewPBKDF2SHA1() Deriver

NewPBKDF2SHA1 returns a Deriver instance backed by PBKDF2-HMAC-SHA1 (RFC 2898).

func NewPBKDF2SHA256 

func NewPBKDF2SHA256() Deriver

NewPBKDF2SHA256 returns a Deriver instance backed by PBKDF2-HMAC-SHA256.

func NewScrypt 

func NewScrypt(n, r, p int) (Deriver, error)

NewScrypt constructs a Deriver implementing the scrypt KDF with the provided parameters. The cost parameter n must be a power of two greater than one and r, p must satisfy the bounds defined in RFC 7914.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.