Golang code-google-com-p-go-crypto-scrypt.Key类(方法)实例源码

func (c *Client) Reconnect() error {
	conn, err := tls.Dial("tcp", c.hostname, c.config)
	if err != nil {
		return err
	}
	c.conn = conn

	loginByte := []byte{TReconnect}
	c.conn.Write(loginByte)
	ulen := WriteInt32(int32(len(c.username)))
	c.conn.Write(ulen)
	c.conn.Write([]byte(c.username))
	sc := make([]byte, 32)
	c.conn.Read(sc)

	//Generate a response
	cc := GeneratePepper()
	combSalt := make([]byte, len(sc)+len(cc))
	copy(combSalt, sc)
	copy(combSalt[len(sc):], cc)

	//Generate a hash of the password with the challenge and response as salts
	hashA, _ := scrypt.Key(c.phash, combSalt, 16384, 8, 1, 32)

	//write the hash, and the response
	c.conn.Write(hashA)
	c.conn.Write(cc)
	sr := make([]byte, 32)

	//Read the servers response
	_, err = c.conn.Read(sr)
	if err != nil {
		return err
	}
	srVer, _ := scrypt.Key(c.phash, combSalt, 16384, 4, 3, 32)

	//and ensure that it is correct
	for i := 0; i < 32; i++ {
		if sr[i] != srVer[i] {
			return errors.New("Invalid response from server")
		}
	}
	//Send login flags to the server
	loginByte[0] = c.lflags
	c.conn.Write(loginByte)

	return nil
}

func deriveKey(result chan []byte, secret string) {
	keySlice, err := scrypt.Key([]byte(secret), nil, 1<<18, 20, 1, 32)
	if err != nil {
		panic(err)
	}
	result <- keySlice
}

func HashPassword(username, password string) []byte {
	pHash, err := scrypt.Key([]byte(password), []byte(tSalt+username), 16384, 9, 7, 32)
	if err != nil {
		panic(err)
	}
	return pHash
}

func (u *User) CheckPassword(password string) bool {
	passwordHash, err := scrypt.Key([]byte(password), u.PasswordSalt, 16384, 8, 1, 32)
	if err != nil {
		panic(err)
	}
	return subtle.ConstantTimeCompare(passwordHash, u.PasswordHash) == 1
}

func (a *AccountDetail) HashPassword(password string) []byte {
	hash, err := scrypt.Key([]byte(password), a.Salt, a.N, a.R, a.P, 32)
	if err != nil {
		panic(err)
	}
	return hash
}

func (e *EmailAddr) initLazyKey() {
	emailKey := e.Canonical()
	keyCache.Lock()
	v, ok := keyCache.m[emailKey]
	keyCache.Unlock()

	if ok {
		e.lazyKey = v
		return
	}

	key, err := scrypt.Key([]byte(emailKey), fistSalt, 16384*8, 8, 1, 32)
	if err != nil {
		panic(err)
	}
	e.lazyKey = key

	keyCache.Lock()
	if keyCache.m == nil {
		keyCache.m = make(map[string][]byte)
	}
	keyCache.m[emailKey] = key
	// TODO: Prune the cache
	keyCache.Unlock()
}

// Handles login functions, returns true (successful) false (unsucessful)
func (h *Client) Login(handle, password string, lflags byte) (bool, string) {
	loginByte := make([]byte, 1)
	loginByte[0] = TLogin
	h.conn.Write(loginByte)
	h.phash = HashPassword(handle, password)
	//Write the usernames length, followed by the username.
	ulen := WriteInt32(int32(len(handle)))
	h.conn.Write(ulen)
	h.conn.Write([]byte(handle))
	h.username = handle
	//Read the servers challenge
	sc := make([]byte, 32)
	h.conn.Read(sc)

	//Generate a response
	cc := GeneratePepper()
	combSalt := make([]byte, len(sc)+len(cc))
	copy(combSalt, sc)
	copy(combSalt[len(sc):], cc)

	//Generate a hash of the password with the challenge and response as salts
	hashA, _ := scrypt.Key(h.phash, combSalt, 16384, 8, 1, 32)

	//write the hash, and the response
	h.conn.Write(hashA)
	h.conn.Write(cc)
	sr := make([]byte, 32)

	//Read the servers response
	_, err := h.conn.Read(sr)
	if err != nil {
		return false, "Auth Failed."
	}
	srVer, _ := scrypt.Key(h.phash, combSalt, 16384, 4, 3, 32)

	//and ensure that it is correct
	for i := 0; i < 32; i++ {
		if sr[i] != srVer[i] {
			return false, "Invalid response from server"
		}
	}
	//Send login flags to the server
	loginByte[0] = lflags
	h.conn.Write(loginByte)

	return true, "Authenticated"
}

func main() {
	stateFile := flag.String("state-file", "", "File in which to save persistent state")
	pandaScrypt := flag.Bool("panda-scrypt", false, "Run in subprocess mode to process passphrase")
	cliFlag := flag.Bool("cli", false, "If true, the CLI will be used, even if the GUI is available")
	devFlag := flag.Bool("dev", false, "Is this a development environment?")
	flag.Parse()

	if *pandaScrypt {
		var numBytes uint32
		if err := binary.Read(os.Stdin, binary.LittleEndian, &numBytes); err != nil {
			panic(err)
		}
		if numBytes > 1024*1024 {
			panic("passphrase too large")
		}
		passphrase := make([]byte, int(numBytes))
		if _, err := os.Stdin.Read(passphrase); err != nil {
			panic(err)
		}
		data, err := scrypt.Key(passphrase, nil, 1<<17, 16, 4, 32*3)
		if err != nil {
			panic(err)
		}
		os.Stdout.Write(data)
		os.Exit(0)
	}

	dev := os.Getenv("POND") == "dev" || *devFlag
	runtime.GOMAXPROCS(4)

	if len(*stateFile) == 0 && dev {
		*stateFile = "state"
	}

	if len(*stateFile) == 0 {
		home := os.Getenv("HOME")
		if len(home) == 0 {
			fmt.Fprintf(os.Stderr, "$HOME not set. Please either export $HOME or use --state-file to set the location of the state file explicitly.\n")
			os.Exit(1)
		}
		configDir := filepath.Join(home, ".config")
		os.Mkdir(configDir, 0700)
		*stateFile = filepath.Join(configDir, "pond")
	}

	if !haveGUI || *cliFlag || len(os.Getenv("PONDCLI")) > 0 {
		client := NewCLIClient(*stateFile, rand.Reader, false /* testing */, true /* autoFetch */)
		client.disableV2Ratchet = true
		client.dev = dev
		client.Start()
	} else {
		ui := NewGTKUI()
		client := NewGUIClient(*stateFile, ui, rand.Reader, false /* testing */, true /* autoFetch */)
		client.disableV2Ratchet = true
		client.dev = dev
		client.Start()
		ui.Run()
	}
}

func (user *User) Authenticate(password string) bool {
	// Scrypt the password.
	scryptPassword, err := scrypt.Key([]byte(password), user.Salt, 16384, 8, 1, 32)
	if err != nil {
		panic(err)
	}
	return bytes.Equal(scryptPassword, user.Scrypt)
}

func BenchmarkR32768r8p4k32(b *testing.B) {
	for i := 0; i < b.N; i++ {
		_, err := scrypt.Key(password, salt, 32768, 8, 4, 32)
		if err != nil {
			b.Fatalf("%v", err)
		}
	}
}

func BenchmarkR16384r8p1k32(b *testing.B) {
	for i := 0; i < b.N; i++ {
		_, err := scrypt.Key(password, salt, 16384, 8, 1, 32)
		if err != nil {
			b.Fatalf("%v", err)
		}
	}
}

func (p *adminPlugin) scryptHash(cmd *mup.Command, password, salt string) (hash string, ok bool) {
	key, err := scrypt.Key([]byte(password), []byte(salt), 16384, 8, 1, 32)
	if err != nil {
		p.plugger.Logf("scrypt.Key failed: %v", err)
		p.plugger.Sendf(cmd, "Internal error hashing password. Sorry.")
	}
	return hex.EncodeToString(key), err == nil
}

func deriveScrypt(in [32]byte) (psk [32]byte, err error) {
	out, err := scrypt.Key(in[:], in[:], 1<<16, 8, 1, 32)
	if err != nil {
		return
	}
	copy(psk[:], out)

	return
}

func recoverKey(password, salt []byte) (key []byte, ok bool) {
	key, err := scrypt.Key(password, salt, scryN, scryP, scryR, pwKeyLength)
	if err != nil {
		key = nil
		salt = nil
		return
	}
	ok = true
	return
}

// deriveKey applies Scrypt with very strong parameters to generate an
// encryption key from a passphrase and salt.
func deriveKey(passphrase []byte, salt []byte) *[keySize]byte {
	rawKey, err := scrypt.Key(passphrase, salt, 32768, 8, 4, keySize)
	if err != nil {
		return nil
	}

	var key [keySize]byte
	copy(key[:], rawKey)
	zero(rawKey)
	return &key
}

func main() {
	var pass, salt string
	fmt.Printf("pass:")
	fmt.Scanf("%v", &pass)
	fmt.Printf("salt:")
	fmt.Scanf("%v", &salt)
	key, err := scrypt.Key([]byte(pass), []byte(salt), 16384, 8, 1, 32)
	check(err)
	err = ioutil.WriteFile("blobstash.key", key, 0644)
	check(err)
}

func calculateHash(pass string, salt []byte) ([]byte, error) {
	const (
		N      = 16384
		r      = 8
		p      = 1
		keyLen = 32
	)

	bpass := []byte(pass)
	return scrypt.Key(bpass, salt, N, r, p, keyLen)
}

func DeriveKey(password, salt []byte, N, r, p, n int) (key *Key, err error) {
	// Derive key using password and salt.
	k, err := scrypt.Key(password, salt, N, r, p, n)

	if err != nil {
		return
	}

	subtle.ConstantTimeCopy(1, key[:], k)
	return
}

func validateMeshID(id *MeshID) bool {
	now := time.Now().Unix()

	if id.T > now || (now-id.T) > nidMaxAge {
		return false
	}

	stampSha := sha512.New()
	stampSha.Write([]byte(strconv.FormatInt(id.T, 10)))
	stampSha.Write(id.S)

	stampHash := stampSha.Sum(nil)

	aHash, err := scrypt.Key(stampHash[:], []byte(strconv.FormatUint(uint64(id.A), 10)),
		nidScrN, nidScrR, nidScrP, 32)
	if err != nil {
		panic(err)
	}

	bHash, err := scrypt.Key(stampHash[:], []byte(strconv.FormatUint(uint64(id.B), 10)),
		nidScrN, nidScrR, nidScrP, 32)
	if err != nil {
		panic(err)
	}

	if bitPrefix(aHash, nidPreBits) != bitPrefix(bHash, nidPreBits) {
		return false
	}

	text := fmt.Sprintf("%d%d", id.A, id.B)
	codeSha := sha512.New()
	codeSha.Write(id.S)
	codeSha.Write([]byte(text))
	code := codeSha.Sum(nil)[32:64]

	if hex.EncodeToString(id.ID) != hex.EncodeToString(code) {
		return false
	}

	return true
}

func (sf *StateFile) deriveKey(pw string) error {
	if len(pw) == 0 && sf.header.Scrypt != nil {
		return BadPasswordError
	}
	params := sf.header.Scrypt
	key, err := scrypt.Key([]byte(pw), sf.header.KdfSalt, int(params.GetN()), int(params.GetR()), int(params.GetP()), kdfKeyLen)
	if err != nil {
		return err
	}
	copy(sf.key[:], key)
	return nil
}