How to use the sodium-native.crypto_pwhash_SALTBYTES function in sodium-native
To help you get started, we’ve selected a few sodium-native examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mcollina / fastify-secure-session / index.js View on Github 
if (options.secret) {
if (Buffer.byteLength(options.secret) < 32) {
return next(new Error('secret must be at least 32 bytes'))
}
key = Buffer.allocUnsafe(sodium.crypto_secretbox_KEYBYTES)
// static salt to be used for key derivation, not great for security,
// but better than nothing
var salt = Buffer.from('mq9hDxBVDbspDR6nLfFT1g==', 'base64')
if (options.salt) {
salt = (Buffer.isBuffer(options.salt)) ? options.salt : Buffer.from(options.salt, 'ascii')
}
if (Buffer.byteLength(salt) !== sodium.crypto_pwhash_SALTBYTES) {
return next(new Error('salt must be length ' + sodium.crypto_pwhash_SALTBYTES))
}
sodium.crypto_pwhash(key,
Buffer.from(options.secret),
salt,
sodium.crypto_pwhash_OPSLIMIT_MODERATE,
sodium.crypto_pwhash_MEMLIMIT_MODERATE,
sodium.crypto_pwhash_ALG_DEFAULT)
}
if (options.key) {
key = options.key
if (typeof key === 'string') {
key = Buffer.from(key, 'base64')
} else if (!(key instanceof Buffer)) {if (Buffer.byteLength(options.secret) < 32) {
return next(new Error('secret must be at least 32 bytes'))
}
key = Buffer.allocUnsafe(sodium.crypto_secretbox_KEYBYTES)
// static salt to be used for key derivation, not great for security,
// but better than nothing
var salt = Buffer.from('mq9hDxBVDbspDR6nLfFT1g==', 'base64')
if (options.salt) {
salt = (Buffer.isBuffer(options.salt)) ? options.salt : Buffer.from(options.salt, 'ascii')
}
if (Buffer.byteLength(salt) !== sodium.crypto_pwhash_SALTBYTES) {
return next(new Error('salt must be length ' + sodium.crypto_pwhash_SALTBYTES))
}
sodium.crypto_pwhash(key,
Buffer.from(options.secret),
salt,
sodium.crypto_pwhash_OPSLIMIT_MODERATE,
sodium.crypto_pwhash_MEMLIMIT_MODERATE,
sodium.crypto_pwhash_ALG_DEFAULT)
}
if (options.key) {
key = options.key
if (typeof key === 'string') {
key = Buffer.from(key, 'base64')
} else if (!(key instanceof Buffer)) {
return next(new Error('key must be a string or a Buffer'))function crypto_setup (cb) {
sodium.crypto_pwhash_async(
key,
password,
nonce.slice(MAGIC_BYTES.length, MAGIC_BYTES.length + sodium.crypto_pwhash_SALTBYTES),
sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
sodium.crypto_pwhash_ALG_DEFAULT,
function (err) {
if (err) return cb(err)
instance = sodium.crypto_stream_xor_instance(nonce.slice(MAGIC_BYTES.length + sodium.crypto_passwd_SALTBYTES), key)
cb()
}
)
}
}export function createConfig(config: ISodiumConfigOptional): ISodiumConfig {
const sodiumConfig: ISodiumConfig = {
saltBytes: sodium.crypto_pwhash_SALTBYTES,
hashBytes: sodium.crypto_pwhash_STRBYTES,
opslimit: sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
memlimit: sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
algorithm: sodium.crypto_pwhash_ALG_DEFAULT
};
Object.keys(sodiumConfig).forEach((key) => {
if (config[key] != null && typeof config[key] === typeof sodiumConfig[key]) {
sodiumConfig[key] = config[key];
}
});
return sodiumConfig;
}module.exports = function (password) {
var key = Buffer.allocUnsafe(sodium.crypto_stream_KEYBYTES)
var nonce = Buffer.allocUnsafe(MAGIC_BYTES.length + sodium.crypto_pwhash_SALTBYTES + sodium.crypto_stream_NONCEBYTES)
var instance
var cipher = transform({
transform: function (chunk, enc, next) {
instance.update(chunk, chunk)
next(null, chunk)
},
flush: function (done) {
instance.final()
done()
}
})
return readBytes(nonce.length, function (header, swap) {
if (header.length === nonce.length && Buffer.compare(MAGIC_BYTES, header.slice(0, MAGIC_BYTES.length)) === 0) {
cipher.mode = 'decrypt'exports.OPSLIMIT_MODERATE =
sodium.crypto_pwhash_OPSLIMIT_MODERATE
exports.MEMLIMIT_MODERATE =
sodium.crypto_pwhash_MEMLIMIT_MODERATE
const OPSLIMIT_SENSITIVE = exports.OPSLIMIT_SENSITIVE =
sodium.crypto_pwhash_OPSLIMIT_SENSITIVE
const MEMLIMIT_SENSITIVE = exports.MEMLIMIT_SENSITIVE =
sodium.crypto_pwhash_MEMLIMIT_SENSITIVE
exports.ALG_ARGON2I13 =
sodium.crypto_pwhash_ALG_ARGON2I13
const ALG_ARGON2ID13 = exports.ALG_ARGON2ID13 =
sodium.crypto_pwhash_ALG_ARGON2ID13
const HASHBYTES = 32
const SALTBYTES = sodium.crypto_pwhash_SALTBYTES
function _fixOpts (opts) {
opts || (opts = {})
opts.opslimit || (opts.opslimit = OPSLIMIT_SENSITIVE)
opts.memlimit || (opts.memlimit = MEMLIMIT_SENSITIVE)
opts.algorithm || (opts.algorithm = ALG_ARGON2ID13)
return opts
}
/**
* Calculate a password hash
* @example
* const { salt, hash } = mosodium.pwhash.hash(passphrase)
* @example
* const { salt, hash } = mosodium.pwhash.hash(passphrase, {
* opslimit: mosodium.pwhash.OPSLIMIT_MODERATE,function createConfig(config) {
const c = {
saltBytes: sodium.crypto_pwhash_SALTBYTES,
hashBytes: sodium.crypto_pwhash_STRBYTES,
opslimit: sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
memlimit: sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
algorithm: sodium.crypto_pwhash_ALG_DEFAULT
};
Object.keys(c).forEach((key) => {
if (config[key] != null && typeof config[key] === typeof c[key]) {
c[key] = config[key];
}
});
return c;
}
exports.createConfig = createConfig;
Popular sodium-native functions
- sodium-native.crypto_box_SEALBYTES
- sodium-native.crypto_generichash
- sodium-native.crypto_hash_sha256
- sodium-native.crypto_pwhash_async
- sodium-native.crypto_pwhash_SALTBYTES
- sodium-native.crypto_secretbox_easy
- sodium-native.crypto_secretbox_KEYBYTES
- sodium-native.crypto_secretbox_MACBYTES
- sodium-native.crypto_secretbox_NONCEBYTES
- sodium-native.crypto_secretbox_open_easy
- sodium-native.crypto_sign_BYTES
- sodium-native.crypto_sign_detached
- sodium-native.crypto_sign_keypair
- sodium-native.crypto_sign_PUBLICKEYBYTES
- sodium-native.crypto_sign_SECRETKEYBYTES
- sodium-native.crypto_sign_seed_keypair
- sodium-native.crypto_sign_verify_detached
- sodium-native.randombytes_buf
- sodium-native.sodium_malloc
- sodium-native.sodium_mprotect_noaccess