Skip to content
This repository has been archived by the owner on Sep 6, 2022. It is now read-only.

Commit

Permalink
remove deprecated key stretching struct / function
Browse files Browse the repository at this point in the history
This was needed for secio.
  • Loading branch information
marten-seemann committed Jul 22, 2021
1 parent ef6e277 commit bef17ef
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 127 deletions.
105 changes: 0 additions & 105 deletions crypto/key.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,21 +5,16 @@ package crypto

import (
"crypto/elliptic"
"crypto/hmac"
"crypto/rand"
"crypto/sha1"
"crypto/sha512"
"crypto/subtle"
"encoding/base64"
"errors"
"fmt"
"hash"
"io"

pb "github.com/libp2p/go-libp2p-core/crypto/pb"

"github.com/gogo/protobuf/proto"
sha256 "github.com/minio/sha256-simd"
)

const (
Expand Down Expand Up @@ -174,106 +169,6 @@ func GenerateEKeyPair(curveName string) ([]byte, GenSharedKey, error) {
return pubKey, done, nil
}

// StretchedKeys ...
type StretchedKeys struct {
IV []byte
MacKey []byte
CipherKey []byte
}

// PENDING DEPRECATION: KeyStretcher() will be deprecated with secio; for new
// code, please use PBKDF2 (golang.org/x/crypto/pbkdf2) instead.
// KeyStretcher returns a set of keys for each party by stretching the shared key.
// (myIV, theirIV, myCipherKey, theirCipherKey, myMACKey, theirMACKey).
// This function accepts the following cipher types:
// - AES-128
// - AES-256
// The function will panic upon receiving an unknown cipherType
func KeyStretcher(cipherType string, hashType string, secret []byte) (StretchedKeys, StretchedKeys) {
var cipherKeySize int
var ivSize int
switch cipherType {
case "AES-128":
ivSize = 16
cipherKeySize = 16
case "AES-256":
ivSize = 16
cipherKeySize = 32
default:
panic("Unrecognized cipher, programmer error?")
}

hmacKeySize := 20

seed := []byte("key expansion")

result := make([]byte, 2*(ivSize+cipherKeySize+hmacKeySize))

var h func() hash.Hash

switch hashType {
case "SHA1":
h = sha1.New
case "SHA256":
h = sha256.New
case "SHA512":
h = sha512.New
default:
panic("Unrecognized hash function, programmer error?")
}

m := hmac.New(h, secret)
// note: guaranteed to never return an error
m.Write(seed)

a := m.Sum(nil)

j := 0
for j < len(result) {
m.Reset()

// note: guaranteed to never return an error.
m.Write(a)
m.Write(seed)

b := m.Sum(nil)

todo := len(b)

if j+todo > len(result) {
todo = len(result) - j
}

copy(result[j:j+todo], b)

j += todo

m.Reset()

// note: guaranteed to never return an error.
m.Write(a)

a = m.Sum(nil)
}

half := len(result) / 2
r1 := result[:half]
r2 := result[half:]

var k1 StretchedKeys
var k2 StretchedKeys

k1.IV = r1[0:ivSize]
k1.CipherKey = r1[ivSize : ivSize+cipherKeySize]
k1.MacKey = r1[ivSize+cipherKeySize:]

k2.IV = r2[0:ivSize]
k2.CipherKey = r2[ivSize : ivSize+cipherKeySize]
k2.MacKey = r2[ivSize+cipherKeySize:]

return k1, k2
}

// UnmarshalPublicKey converts a protobuf serialized public key into its
// representative object
func UnmarshalPublicKey(data []byte) (PubKey, error) {
Expand Down
24 changes: 2 additions & 22 deletions crypto/key_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ import (
"reflect"
"testing"

btcec "github.com/btcsuite/btcd/btcec"
"github.com/btcsuite/btcd/btcec"
. "github.com/libp2p/go-libp2p-core/crypto"
pb "github.com/libp2p/go-libp2p-core/crypto/pb"
"github.com/libp2p/go-libp2p-core/test"
sha256 "github.com/minio/sha256-simd"
"github.com/minio/sha256-simd"
)

func TestKeys(t *testing.T) {
Expand Down Expand Up @@ -304,23 +304,3 @@ func TestUnknownCurveErrors(t *testing.T) {
t.Fatal("expected invalid key type to error")
}
}

func TestPanicOnUnknownCipherType(t *testing.T) {
passed := false
defer func() {
if !passed {
t.Fatal("expected known cipher and hash to succeed")
}
err := recover()
errStr, ok := err.(string)
if !ok {
t.Fatal("expected string in panic")
}
if errStr != "Unrecognized cipher, programmer error?" {
t.Fatal("expected \"Unrecognized cipher, programmer error?\"")
}
}()
KeyStretcher("AES-256", "SHA1", []byte("foo"))
passed = true
KeyStretcher("Fooba", "SHA1", []byte("foo"))
}

0 comments on commit bef17ef

Please sign in to comment.