diff --git a/crypto/crypto.go b/crypto/crypto.go index df3ccaf..5d03567 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -15,7 +15,7 @@ import ( "golang.org/x/text/unicode/norm" ) -const pairingSalt = "Status Hardware Wallet Lite" +const PairingTokenSalt = "Keycard Pairing Password Salt" var ErrInvalidCardCryptogram = errors.New("invalid card cryptogram") @@ -25,7 +25,7 @@ func GenerateECDHSharedSecret(priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey) []by } func VerifyCryptogram(challenge []byte, pairingPass string, cardCryptogram []byte) ([]byte, error) { - secretHash := pbkdf2.Key(norm.NFKD.Bytes([]byte(pairingPass)), norm.NFKD.Bytes([]byte(pairingSalt)), 50000, 32, sha256.New) + secretHash := pbkdf2.Key(norm.NFKD.Bytes([]byte(pairingPass)), norm.NFKD.Bytes([]byte(PairingTokenSalt)), 50000, 32, sha256.New) h := sha256.New() h.Write(secretHash[:]) diff --git a/secrets.go b/secrets.go index 85e06b4..eb30190 100644 --- a/secrets.go +++ b/secrets.go @@ -7,14 +7,14 @@ import ( "fmt" "math/big" + "github.com/status-im/keycard-go/crypto" "golang.org/x/crypto/pbkdf2" "golang.org/x/text/unicode/norm" ) const ( - pairingTokenSalt = "Status Hardware Wallet Lite" - maxPukNumber = int64(999999999999) - maxPinNumber = int64(999999) + maxPukNumber = int64(999999999999) + maxPinNumber = int64(999999) ) // Secrets contains the secret data needed to pair a client with a card. @@ -81,5 +81,5 @@ func generatePairingPass() (string, error) { } func generatePairingToken(pass string) []byte { - return pbkdf2.Key(norm.NFKD.Bytes([]byte(pass)), norm.NFKD.Bytes([]byte(pairingTokenSalt)), 50000, 32, sha256.New) + return pbkdf2.Key(norm.NFKD.Bytes([]byte(pass)), norm.NFKD.Bytes([]byte(crypto.PairingTokenSalt)), 50000, 32, sha256.New) }