From bb52937834e8adb8e746a1951aba633e02dc87f2 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher <jakobunt@gmail.com>
Date: Tue, 4 Oct 2016 00:12:29 +0200
Subject: [PATCH] cryptocore: derive 512-bit key for AES-SIV

AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
---
 internal/cryptocore/cryptocore.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 23dc26e..a65ad39 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -5,6 +5,7 @@ package cryptocore
 import (
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/sha512"
 	"fmt"
 
 	"github.com/rfjakob/gocryptfs/internal/siv_aead"
@@ -64,7 +65,11 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
 	case BackendGoGCM:
 		gcm, err = goGCMWrapper(blockCipher, IVLen)
 	case BackendAESSIV:
-		gcm = siv_aead.New(key)
+		// AES-SIV uses 1/2 of the key for authentication, 1/2 for
+		// encryption, so we need a 64-bytes key for AES-256. Derive it from
+		// the master key by hashing it with SHA-512.
+		key64 := sha512.Sum512(key)
+		gcm = siv_aead.New(key64[:])
 	default:
 		panic("unknown backend cipher")
 	}