github.com/opentofu/opentofu@v1.7.1/internal/encryption/keyprovider/pbkdf2/descriptor.go (about) 1 // Copyright (c) The OpenTofu Authors 2 // SPDX-License-Identifier: MPL-2.0 3 // Copyright (c) 2023 HashiCorp, Inc. 4 // SPDX-License-Identifier: MPL-2.0 5 6 package pbkdf2 7 8 import ( 9 "crypto/rand" 10 "io" 11 12 "github.com/opentofu/opentofu/internal/encryption/keyprovider" 13 ) 14 15 const ( 16 // DefaultSaltLength specifies the default salt length in bytes. 17 DefaultSaltLength int = 32 18 // DefaultIterations contains the default iterations to use. The number is set to the current recommendations 19 // outlined here: 20 // https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2 21 DefaultIterations int = 600000 22 // DefaultKeyLength is the default output length. We set it to the key length required by AES-GCM 256 23 DefaultKeyLength int = 32 24 ) 25 26 // New creates a new PBKDF2 key provider descriptor. 27 func New() Descriptor { 28 return &descriptor{ 29 randomSource: rand.Reader, 30 } 31 } 32 33 // Descriptor provides TypedConfig on top of keyprovider.Descriptor. 34 type Descriptor interface { 35 keyprovider.Descriptor 36 37 TypedConfig() *Config 38 } 39 40 type descriptor struct { 41 randomSource io.Reader 42 } 43 44 func (f descriptor) ID() keyprovider.ID { 45 return "pbkdf2" 46 } 47 48 func (f descriptor) TypedConfig() *Config { 49 return &Config{ 50 randomSource: f.randomSource, 51 Passphrase: "", 52 KeyLength: DefaultKeyLength, 53 Iterations: DefaultIterations, 54 HashFunction: DefaultHashFunctionName, 55 SaltLength: DefaultSaltLength, 56 } 57 } 58 59 func (f descriptor) ConfigStruct() keyprovider.Config { 60 return f.TypedConfig() 61 }