From c3ebb040451204ebbdae224e4faa55d49c41e46f Mon Sep 17 00:00:00 2001
From: Nuno Cruces <ncruces@users.noreply.github.com>
Date: Thu, 18 Sep 2025 18:40:56 +0100
Subject: [PATCH] Use crypto/pbkdf2.

---
 tests/blob_test.go           |  5 +----
 vfs/adiantum/adiantum.go     |  4 ++--
 vfs/adiantum/example_test.go |  4 ++--
 vfs/xts/README.md            |  4 ++--
 vfs/xts/aes.go               | 12 ++++++++----
 5 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/tests/blob_test.go b/tests/blob_test.go
index 9b1b5a3..06d50c6 100644
--- a/tests/blob_test.go
+++ b/tests/blob_test.go
@@ -45,10 +45,7 @@ func TestBlob(t *testing.T) {
 	}
 
 	var data [1280]byte
-	_, err = rand.Read(data[:])
-	if err != nil {
-		t.Fatal(err)
-	}
+	rand.Read(data[:])
 
 	_, err = blob.Write(data[:size/2])
 	if err != nil {
diff --git a/vfs/adiantum/adiantum.go b/vfs/adiantum/adiantum.go
index 659b0e6..cb4c1de 100644
--- a/vfs/adiantum/adiantum.go
+++ b/vfs/adiantum/adiantum.go
@@ -25,8 +25,8 @@ func (adiantumCreator) HBSH(key []byte) *hbsh.HBSH {
 func (adiantumCreator) KDF(text string) []byte {
 	if text == "" {
 		key := make([]byte, 32)
-		n, _ := rand.Read(key)
-		return key[:n]
+		rand.Read(key)
+		return key
 	}
 	return argon2.IDKey([]byte(text), []byte(pepper), 3, 64*1024, 4, 32)
 }
diff --git a/vfs/adiantum/example_test.go b/vfs/adiantum/example_test.go
index 5d10edb..d696aa8 100644
--- a/vfs/adiantum/example_test.go
+++ b/vfs/adiantum/example_test.go
@@ -45,8 +45,8 @@ func (hpolycCreator) KDF(secret string) []byte {
 	if secret == "" {
 		// No secret is given, generate a random key.
 		key := make([]byte, 32)
-		n, _ := rand.Read(key)
-		return key[:n]
+		rand.Read(key)
+		return key
 	}
 	// Hash the secret with a KDF.
 	return argon2.IDKey([]byte(secret), []byte("hpolyc"), 3, 64*1024, 4, 32)
diff --git a/vfs/xts/README.md b/vfs/xts/README.md
index 1e6ed8c..0c3429e 100644
--- a/vfs/xts/README.md
+++ b/vfs/xts/README.md
@@ -9,12 +9,12 @@ In general, any XTS construction can be used to wrap any VFS.
 
 The default AES-XTS construction uses AES-128, AES-192, or AES-256
 for its block cipher.
-Additionally, we use [PBKDF2-HMAC-SHA512](https://pkg.go.dev/golang.org/x/crypto/pbkdf2)
+Additionally, we use [PBKDF2-HMAC-SHA512](https://pkg.go.dev/crypto/pbkdf2)
 to derive AES-128 keys from plain text where needed.
 File contents are encrypted in 512 byte sectors, matching the
 [minimum](https://sqlite.org/fileformat.html#pages) SQLite page size.
 
-This VFS uses _only_ NIST and FIPS 140-2 approved cryptographic primitives,
+This VFS uses _only_ NIST and FIPS 140-3 approved cryptographic primitives,
 which _may_ help you become FIPS compliant.
 
 The VFS encrypts all files _except_
diff --git a/vfs/xts/aes.go b/vfs/xts/aes.go
index b6b4c39..7d48522 100644
--- a/vfs/xts/aes.go
+++ b/vfs/xts/aes.go
@@ -2,10 +2,10 @@ package xts
 
 import (
 	"crypto/aes"
+	"crypto/pbkdf2"
 	"crypto/rand"
 	"crypto/sha512"
 
-	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/crypto/xts"
 )
 
@@ -27,8 +27,12 @@ func (aesCreator) XTS(key []byte) *xts.Cipher {
 func (aesCreator) KDF(text string) []byte {
 	if text == "" {
 		key := make([]byte, 32)
-		n, _ := rand.Read(key)
-		return key[:n]
+		rand.Read(key)
+		return key
 	}
-	return pbkdf2.Key([]byte(text), []byte(pepper), 10_000, 32, sha512.New)
+	key, err := pbkdf2.Key(sha512.New, text, []byte(pepper), 10_000, 32)
+	if err != nil {
+		panic(err)
+	}
+	return key
 }