Key creates all the internal keys from the password passed in using scrypt. If salt is "" we use a fixed salt just to make attackers lives slightly harder than using no salt. Note that empty password makes all 0x00 keys which is used in the tests.
(password, salt string)
| 229 | // Note that empty password makes all 0x00 keys which is used in the |
| 230 | // tests. |
| 231 | func (c *Cipher) Key(password, salt string) (err error) { |
| 232 | const keySize = len(c.dataKey) + len(c.nameKey) + len(c.nameTweak) |
| 233 | var saltBytes = defaultSalt |
| 234 | if salt != "" { |
| 235 | saltBytes = []byte(salt) |
| 236 | } |
| 237 | var key []byte |
| 238 | if password == "" { |
| 239 | key = make([]byte, keySize) |
| 240 | } else { |
| 241 | key, err = scrypt.Key([]byte(password), saltBytes, 16384, 8, 1, keySize) |
| 242 | if err != nil { |
| 243 | return err |
| 244 | } |
| 245 | } |
| 246 | copy(c.dataKey[:], key) |
| 247 | copy(c.nameKey[:], key[len(c.dataKey):]) |
| 248 | copy(c.nameTweak[:], key[len(c.dataKey)+len(c.nameKey):]) |
| 249 | // Key the name cipher |
| 250 | c.block, err = aes.NewCipher(c.nameKey[:]) |
| 251 | return err |
| 252 | } |
| 253 | |
| 254 | // getBlock gets a block from the pool of size blockSize |
| 255 | func (c *Cipher) getBlock() *[blockSize]byte { |