cryptocore: derive 512-bit key for AES-SIV
AES-SIV uses 1/2 of the key for authentication, 1/2 for encryption, so we need a 64-byte key for AES-256. Derive it from the master key by hashing it with SHA-512.
This commit is contained in:
parent
46018785b4
commit
bb52937834
|
@ -5,6 +5,7 @@ package cryptocore
|
||||||
import (
|
import (
|
||||||
"crypto/aes"
|
"crypto/aes"
|
||||||
"crypto/cipher"
|
"crypto/cipher"
|
||||||
|
"crypto/sha512"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/rfjakob/gocryptfs/internal/siv_aead"
|
"github.com/rfjakob/gocryptfs/internal/siv_aead"
|
||||||
|
@ -64,7 +65,11 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
|
||||||
case BackendGoGCM:
|
case BackendGoGCM:
|
||||||
gcm, err = goGCMWrapper(blockCipher, IVLen)
|
gcm, err = goGCMWrapper(blockCipher, IVLen)
|
||||||
case BackendAESSIV:
|
case BackendAESSIV:
|
||||||
gcm = siv_aead.New(key)
|
// AES-SIV uses 1/2 of the key for authentication, 1/2 for
|
||||||
|
// encryption, so we need a 64-bytes key for AES-256. Derive it from
|
||||||
|
// the master key by hashing it with SHA-512.
|
||||||
|
key64 := sha512.Sum512(key)
|
||||||
|
gcm = siv_aead.New(key64[:])
|
||||||
default:
|
default:
|
||||||
panic("unknown backend cipher")
|
panic("unknown backend cipher")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue