(p string, salt []byte, params ScryptParams)
| 255 | } |
| 256 | |
| 257 | func scryptHash(p string, salt []byte, params ScryptParams) (hash []byte, err error) { |
| 258 | if salt == nil { |
| 259 | salt = make([]byte, 8) |
| 260 | if _, err := io.ReadFull(rand.Reader, salt); err != nil { |
| 261 | panic("rand salt failure") |
| 262 | } |
| 263 | } |
| 264 | err = validateParams(params) |
| 265 | if err != nil { |
| 266 | return nil, err |
| 267 | } |
| 268 | // 1) The plaintext password is transformed into a hash value using Blake2b |
| 269 | hashedPass := blake2b.Sum512([]byte(p)) |
| 270 | |
| 271 | // 2) Blake2b hash is hashed again using scrypt with high defaults plus supplied 8 byte salt, generating 56 byte output with salt appended for 64 byte total |
| 272 | scryptHash, err := scrypt.Key([]byte(hashedPass[:]), salt, params.N, params.R, params.P, 56) |
| 273 | if err != nil { |
| 274 | return nil, err |
| 275 | } |
| 276 | output := make([]byte, 64) |
| 277 | copy(output, scryptHash) |
| 278 | copy(output[56:], salt) |
| 279 | return output, err |
| 280 | } |
| 281 | func getParams(parts []string) (userparams, masterparams ScryptParams, err error) { |
| 282 | // Get Scrypt parameters |
| 283 | userparams.N, err = strconv.Atoi(parts[4]) |
no test coverage detected