2017-03-05 21:59:55 +01:00
|
|
|
package cryptocore
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/sha256"
|
|
|
|
"log"
|
|
|
|
|
|
|
|
"golang.org/x/crypto/hkdf"
|
|
|
|
)
|
|
|
|
|
2017-05-27 14:41:20 +02:00
|
|
|
const (
|
|
|
|
// "info" data that HKDF mixes into the generated key to make it unique.
|
|
|
|
// For convenience, we use a readable string.
|
2021-08-21 12:08:37 +02:00
|
|
|
hkdfInfoEMENames = "EME filename encryption"
|
|
|
|
hkdfInfoGCMContent = "AES-GCM file content encryption"
|
|
|
|
hkdfInfoSIVContent = "AES-SIV file content encryption"
|
|
|
|
hkdfInfoXChaChaPoly1305Content = "XChaCha20-Poly1305 file content encryption"
|
2017-05-27 14:41:20 +02:00
|
|
|
)
|
|
|
|
|
2017-03-05 21:59:55 +01:00
|
|
|
// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
|
2017-05-27 14:41:20 +02:00
|
|
|
// HKDF-SHA256 (RFC 5869).
|
2017-03-05 21:59:55 +01:00
|
|
|
// It returns the derived bytes or panics.
|
|
|
|
func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
|
|
|
|
h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
|
|
|
|
out = make([]byte, outLen)
|
|
|
|
n, err := h.Read(out)
|
|
|
|
if n != outLen || err != nil {
|
|
|
|
log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)
|
|
|
|
}
|
|
|
|
return out
|
|
|
|
}
|