PBKDF2算法

PBKDF2(Password-Based Key Derivation Function)的介绍
PBKDF2算法概述
PBKDF2算法
go-ethereum中，whisper协议使用AES-GCM进行对称加密时，密钥的生成使用的就是PBKDF2算法，根据输入的密码，生成密钥。

// Key derives(源自) a key from the password, salt and iteration count(迭代次数), returning a
// []byte of length keylen that can be used as cryptographic key(密钥). The key is
// derived based on the method described as PBKDF2 with the HMAC variant using
// the supplied hash function.
//
// For example, to use a HMAC-SHA-1 based PBKDF2 key derivation function, you
// can get a derived key for e.g. AES-256 (which needs a 32-byte key) by
// doing:
//
//  dk := pbkdf2.Key([]byte("some password"), salt, 4096, 32, sha1.New)
//
// Remember to get a good random salt. At least 8 bytes is recommended by the
// RFC.
//
// Using a higher iteration count will increase the cost of an exhaustive
// search but will also make derivation proportionally slower.
func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
    prf := hmac.New(h, password)
    hashLen := prf.Size()
    numBlocks := (keyLen + hashLen - 1) / hashLen

    var buf [4]byte
    dk := make([]byte, 0, numBlocks*hashLen)
    U := make([]byte, hashLen)
    for block := 1; block <= numBlocks; block++ {
        // N.B.: || means concatenation, ^ means XOR
        // for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter
        // U_1 = PRF(password, salt || uint(i))
        prf.Reset()
        prf.Write(salt)
        buf[0] = byte(block >> 24)
        buf[1] = byte(block >> 16)
        buf[2] = byte(block >> 8)
        buf[3] = byte(block)
        prf.Write(buf[:4])
        dk = prf.Sum(dk)
        T := dk[len(dk)-hashLen:]
        copy(U, T)

        // U_n = PRF(password, U_(n-1))
        for n := 2; n <= iter; n++ {
            prf.Reset()
            prf.Write(U)
            U = U[:0]
            U = prf.Sum(U)
            for x := range U {
                T[x] ^= U[x]
            }
        }
    }
    return dk[:keyLen]
}

其中没有加盐，即salt是nil，迭代次数是65356，生成的密钥长度是aesKeyLength为32byte。