github.com/hyperledger/aries-framework-go@v0.3.2/pkg/secretlock/local/masterlock/hkdf/hkdf.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 SPDX-License-Identifier: Apache-2.0 4 */ 5 6 // Package hkdf provides an hkdf implementation of secretlock as a masterlock. 7 // See golang.org/x/crypto/hkdf/hkdf.go for IETF reference. 8 // The IETF RFC in question is RFC 5869. It mentions the following paragraph in the introduction about NIST documents: 9 // 10 // "Note that some existing KDF specifications, such as NIST Special 11 // Publication 800-56A [800-56A], NIST Special Publication 800-108 12 // [800-108] and IEEE Standard 1363a-2004 [1363a], either only consider 13 // the second stage (expanding a pseudorandom key), or do not explicitly 14 // differentiate between the "extract" and "expand" stages, often 15 // resulting in design shortcomings. The goal of this specification is 16 // to accommodate a wide range of KDF requirements while minimizing the 17 // assumptions about the underlying hash function. The "extract-then- 18 // expand" paradigm supports well this goal (see [HKDF-paper] for more 19 // information about the design rationale)." 20 package hkdf 21 22 import ( 23 "hash" 24 25 "github.com/hyperledger/aries-framework-go/component/kmscrypto/secretlock/local/masterlock/hkdf" 26 27 "github.com/hyperledger/aries-framework-go/pkg/secretlock" 28 ) 29 30 // NewMasterLock is responsible for encrypting/decrypting with a master key expanded from a passphrase using HKDF 31 // using `passphrase`, hash function `h`, `salt`. 32 // The salt is optional and can be set to nil. 33 // This implementation must not be used directly in Aries framework. It should be passed in 34 // as the second argument to local secret lock service constructor: 35 // `local.NewService(masterKeyReader io.Reader, secLock secretlock.Service)`. 36 func NewMasterLock(passphrase string, h func() hash.Hash, salt []byte) (secretlock.Service, error) { 37 return hkdf.NewMasterLock(passphrase, h, salt) 38 }