+ /**
+ * Generate key data.
+ */
+ static async _keyFromSecret(deriver, secret, salt, keyBytes) {
+ switch (deriver) {
+ case 'shake256': {
+ const hash = crypto.createHash('shake256', { outputLength: keyBytes });
+ hash.update(salt);
+ hash.update(secret);
+ return hash.digest();
+ }
+
+ case 'blake2b512': {
+ const hash = crypto.createHash('blake2b512');
+ hash.update(salt);
+ hash.update(secret);
+ const digest = hash.digest();
+ // should assert that keyBytes <= 64
+ // but not concerned about that for now
+ // until we have a new algorithm with bigger key size
+ return digest.subarray(0, keyBytes);
+ }
+
+ case 'scrypt':
+ return scryptAsync(secret, salt, keyBytes);
+
+ default:
+ throw new RangeError('unsupported key deriver');
+ }
+ }
+
+