vfs/xts/aes.go

package xts

import (
	"crypto/aes"
	"crypto/pbkdf2"
	"crypto/rand"
	"crypto/sha512"

	"golang.org/x/crypto/xts"
)

// This variable can be replaced with -ldflags:
//
//	go build -ldflags="-X github.com/ncruces/go-sqlite3/vfs/xts.pepper=xts"
var pepper = "github.com/ncruces/go-sqlite3/vfs/xts"

type aesCreator struct{}

func (aesCreator) XTS(key []byte) *xts.Cipher {
	c, err := xts.NewCipher(aes.NewCipher, key)
	if err != nil {
		return nil
	}
	return c
}

func (aesCreator) KDF(text string) []byte {
	if text == "" {
		key := make([]byte, 32)
		rand.Read(key)
		return key
	}
	key, err := pbkdf2.Key(sha512.New, text, []byte(pepper), 10_000, 32)
	if err != nil {
		panic(err)
	}
	return key
}
AES-XTS VFS (#171) Co-authored-by: Ben Krieger <ben.krieger@intel.com> 2024-10-17 23:53:39 +01:00			`package xts`

			`import (`
			`"crypto/aes"`
Use crypto/pbkdf2. 2025-09-18 18:40:56 +01:00			`"crypto/pbkdf2"`
AES-XTS VFS (#171) Co-authored-by: Ben Krieger <ben.krieger@intel.com> 2024-10-17 23:53:39 +01:00			`"crypto/rand"`
			`"crypto/sha512"`

			`"golang.org/x/crypto/xts"`
			`)`

			`// This variable can be replaced with -ldflags:`
			`//`
			`// go build -ldflags="-X github.com/ncruces/go-sqlite3/vfs/xts.pepper=xts"`
			`var pepper = "github.com/ncruces/go-sqlite3/vfs/xts"`

			`type aesCreator struct{}`

			`func (aesCreator) XTS(key []byte) *xts.Cipher {`
			`c, err := xts.NewCipher(aes.NewCipher, key)`
			`if err != nil {`
			`return nil`
			`}`
			`return c`
			`}`

			`func (aesCreator) KDF(text string) []byte {`
			`if text == "" {`
			`key := make([]byte, 32)`
Use crypto/pbkdf2. 2025-09-18 18:40:56 +01:00			`rand.Read(key)`
			`return key`
AES-XTS VFS (#171) Co-authored-by: Ben Krieger <ben.krieger@intel.com> 2024-10-17 23:53:39 +01:00			`}`
Use crypto/pbkdf2. 2025-09-18 18:40:56 +01:00			`key, err := pbkdf2.Key(sha512.New, text, []byte(pepper), 10_000, 32)`
			`if err != nil {`
			`panic(err)`
			`}`
			`return key`
AES-XTS VFS (#171) Co-authored-by: Ben Krieger <ben.krieger@intel.com> 2024-10-17 23:53:39 +01:00			`}`