Initial commit: Open sourcing all of the Maple Open Technologies code.
This commit is contained in:
commit
755d54a99d
2010 changed files with 448675 additions and 0 deletions
69
cloud/maplefile-backend/internal/domain/crypto/kdf.go
Normal file
69
cloud/maplefile-backend/internal/domain/crypto/kdf.go
Normal file
|
|
@ -0,0 +1,69 @@
|
|||
// monorepo/cloud/maplefile-backend/internal/domain/crypto/domain/keys/kdf.go
|
||||
package crypto
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"codeberg.org/mapleopentech/monorepo/cloud/maplefile-backend/pkg/security/crypto"
|
||||
)
|
||||
|
||||
// KDFParams stores the key derivation function parameters
|
||||
type KDFParams struct {
|
||||
Algorithm string `json:"algorithm" bson:"algorithm"` // "argon2id", "pbkdf2", "scrypt"
|
||||
Version string `json:"version" bson:"version"` // "1.0", "1.1", etc.
|
||||
Iterations uint32 `json:"iterations" bson:"iterations"` // For PBKDF2 or Argon2 time cost
|
||||
Memory uint32 `json:"memory" bson:"memory"` // For Argon2 memory in KB
|
||||
Parallelism uint8 `json:"parallelism" bson:"parallelism"` // For Argon2 threads
|
||||
SaltLength uint32 `json:"salt_length" bson:"salt_length"` // Salt size in bytes
|
||||
KeyLength uint32 `json:"key_length" bson:"key_length"` // Output key size in bytes
|
||||
}
|
||||
|
||||
// DefaultKDFParams returns the current recommended KDF parameters
|
||||
func DefaultKDFParams() KDFParams {
|
||||
return KDFParams{
|
||||
Algorithm: crypto.Argon2IDAlgorithm,
|
||||
Version: "1.0", // Always starts at 1.0
|
||||
Iterations: crypto.Argon2OpsLimit, // Time cost
|
||||
Memory: crypto.Argon2MemLimit,
|
||||
Parallelism: crypto.Argon2Parallelism,
|
||||
SaltLength: crypto.Argon2SaltSize,
|
||||
KeyLength: crypto.Argon2KeySize,
|
||||
}
|
||||
}
|
||||
|
||||
// Validate checks if KDF parameters are valid
|
||||
func (k KDFParams) Validate() error {
|
||||
switch k.Algorithm {
|
||||
case crypto.Argon2IDAlgorithm:
|
||||
if k.Iterations < 1 {
|
||||
return fmt.Errorf("argon2id time cost must be >= 1")
|
||||
}
|
||||
if k.Memory < 1024 {
|
||||
return fmt.Errorf("argon2id memory must be >= 1024 KB")
|
||||
}
|
||||
if k.Parallelism < 1 {
|
||||
return fmt.Errorf("argon2id parallelism must be >= 1")
|
||||
}
|
||||
default:
|
||||
return fmt.Errorf("unsupported KDF algorithm: %s", k.Algorithm)
|
||||
}
|
||||
|
||||
if k.SaltLength < 8 {
|
||||
return fmt.Errorf("salt length must be >= 8 bytes")
|
||||
}
|
||||
if k.KeyLength < 16 {
|
||||
return fmt.Errorf("key length must be >= 16 bytes")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// KDFUpgradePolicy defines when to upgrade KDF parameters
|
||||
type KDFUpgradePolicy struct {
|
||||
MinimumParams KDFParams `json:"minimum_params" bson:"minimum_params"`
|
||||
RecommendedParams KDFParams `json:"recommended_params" bson:"recommended_params"`
|
||||
MaxPasswordAge time.Duration `json:"max_password_age" bson:"max_password_age"`
|
||||
UpgradeOnNextLogin bool `json:"upgrade_on_next_login" bson:"upgrade_on_next_login"`
|
||||
LastUpgradeCheck time.Time `json:"last_upgrade_check" bson:"last_upgrade_check"`
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue