libgocryptfs/internal/cryptocore/hkdf.go

package cryptocore

import (
	"crypto/sha256"
	"log"

	"golang.org/x/crypto/hkdf"
)

const (
	// "info" data that HKDF mixes into the generated key to make it unique.
	// For convenience, we use a readable string.
	hkdfInfoEMENames   = "EME filename encryption"
	hkdfInfoGCMContent = "AES-GCM file content encryption"
	hkdfInfoSIVContent = "AES-SIV file content encryption"
)

// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
// HKDF-SHA256 (RFC 5869).
// It returns the derived bytes or panics.
func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
	h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
	out = make([]byte, outLen)
	n, err := h.Read(out)
	if n != outLen || err != nil {
		log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)
	}
	return out
}
full stack: implement HKDF support ...but keep it disabled by default for new filesystems. We are still missing an example filesystem and CLI arguments to explicitely enable and disable it. 2017-03-05 21:59:55 +01:00			`package cryptocore`

			`import (`
			`"crypto/sha256"`
			`"log"`

			`"golang.org/x/crypto/hkdf"`
			`)`

cryptocore: improve comments and add tests for hkdfDerive These should make it easier to re-implement the key derivation that was enabled with the "HKDF" feature flag. 2017-05-27 14:41:20 +02:00			`const (`
			`// "info" data that HKDF mixes into the generated key to make it unique.`
			`// For convenience, we use a readable string.`
			`hkdfInfoEMENames = "EME filename encryption"`
			`hkdfInfoGCMContent = "AES-GCM file content encryption"`
			`hkdfInfoSIVContent = "AES-SIV file content encryption"`
			`)`

full stack: implement HKDF support ...but keep it disabled by default for new filesystems. We are still missing an example filesystem and CLI arguments to explicitely enable and disable it. 2017-03-05 21:59:55 +01:00			`// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using`
cryptocore: improve comments and add tests for hkdfDerive These should make it easier to re-implement the key derivation that was enabled with the "HKDF" feature flag. 2017-05-27 14:41:20 +02:00			`// HKDF-SHA256 (RFC 5869).`
full stack: implement HKDF support ...but keep it disabled by default for new filesystems. We are still missing an example filesystem and CLI arguments to explicitely enable and disable it. 2017-03-05 21:59:55 +01:00			`// It returns the derived bytes or panics.`
			`func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {`
			`h := hkdf.New(sha256.New, masterkey, nil, []byte(info))`
			`out = make([]byte, outLen)`
			`n, err := h.Read(out)`
			`if n != outLen \|\| err != nil {`
			`log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)`
			`}`
			`return out`
			`}`