From 5878d1557f52ca823a15f54f1b1ff392f5b2b955 Mon Sep 17 00:00:00 2001
From: Derrick Hammer <derrick@derrickhammer.com>
Date: Tue, 27 Feb 2024 11:02:15 -0500
Subject: [PATCH] refactor: switch using hkdf for child key

---
 protocols/s5/s5.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/protocols/s5/s5.go b/protocols/s5/s5.go
index a1bea9e..a644058 100644
--- a/protocols/s5/s5.go
+++ b/protocols/s5/s5.go
@@ -6,10 +6,11 @@ import (
 	"crypto/sha256"
 	"errors"
 	"fmt"
+	"io"
 	"time"
 
 	"git.lumeweb.com/LumeWeb/portal/config"
-	"golang.org/x/crypto/pbkdf2"
+	"golang.org/x/crypto/hkdf"
 
 	"git.lumeweb.com/LumeWeb/portal/metadata"
 
@@ -133,7 +134,13 @@ func configureS5Protocol(proto *S5Protocol) (*s5config.NodeConfig, error) {
 		proto.logger.Fatal("protocol.s5.db_path is required")
 	}
 
-	derivedSeed := pbkdf2.Key(proto.identity, []byte("s5"), 600000, 32, sha256.New)
+	hasher := hkdf.New(sha256.New, proto.identity, nil, []byte("s5"))
+	derivedSeed := make([]byte, 32)
+
+	if _, err := io.ReadFull(hasher, derivedSeed); err != nil {
+		proto.logger.Fatal("Failed to generate child key seed", zap.Error(err))
+		return nil, err
+	}
 
 	p := ed25519.NewKeyFromSeed(derivedSeed)
 	cfg.KeyPair = s5ed.New(p)