cryptocore: improve comments and add tests for hkdfDerive

These should make it easier to re-implement the key derivation
that was enabled with the "HKDF" feature flag.
This commit is contained in:
Jakob Unterwurzacher 2017-05-27 14:41:20 +02:00
parent ce4aaf16d8
commit d6ef283c3f
3 changed files with 58 additions and 7 deletions

View File

@ -63,8 +63,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
{
emeKey := key
if useHKDF {
info := "EME filename encryption"
emeKey = hkdfDerive(key, info, KeyLen)
emeKey = hkdfDerive(key, hkdfInfoEMENames, KeyLen)
}
emeBlockCipher, err := aes.NewCipher(emeKey)
if err != nil {
@ -78,8 +77,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
if aeadType == BackendOpenSSL || aeadType == BackendGoGCM {
gcmKey := key
if useHKDF {
info := "AES-GCM file content encryption"
gcmKey = hkdfDerive(key, info, KeyLen)
gcmKey = hkdfDerive(key, hkdfInfoGCMContent, KeyLen)
}
switch aeadType {
case BackendOpenSSL:
@ -104,8 +102,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
}
var key64 []byte
if useHKDF {
info := "AES-SIV file content encryption"
key64 = hkdfDerive(key, info, siv_aead.KeyLen)
key64 = hkdfDerive(key, hkdfInfoSIVContent, siv_aead.KeyLen)
} else {
// AES-SIV uses 1/2 of the key for authentication, 1/2 for
// encryption, so we need a 64-bytes key for AES-256. Derive it from

View File

@ -7,8 +7,16 @@ import (
"golang.org/x/crypto/hkdf"
)
const (
// "info" data that HKDF mixes into the generated key to make it unique.
// For convenience, we use a readable string.
hkdfInfoEMENames = "EME filename encryption"
hkdfInfoGCMContent = "AES-GCM file content encryption"
hkdfInfoSIVContent = "AES-SIV file content encryption"
)
// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
// HKDF-SHA256.
// HKDF-SHA256 (RFC 5869).
// It returns the derived bytes or panics.
func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
h := hkdf.New(sha256.New, masterkey, nil, []byte(info))

View File

@ -0,0 +1,46 @@
package cryptocore
import (
"bytes"
"encoding/hex"
"testing"
)
type hkdfTestCase struct {
masterkey []byte
info string
out []byte
}
// TestHkdfDerive verifies that we get the expected values from hkdfDerive. They
// must not change because this would change the on-disk format.
func TestHkdfDerive(t *testing.T) {
master0 := bytes.Repeat([]byte{0x00}, 32)
master1 := bytes.Repeat([]byte{0x01}, 32)
out1, _ := hex.DecodeString("9ba3cddd48c6339c6e56ebe85f0281d6e9051be4104176e65cb0f8a6f77ae6b4")
out2, _ := hex.DecodeString("e8a2499f48700b954f31de732efd04abce822f5c948e7fbc0896607be0d36d12")
out3, _ := hex.DecodeString("9137f2e67a842484137f3c458f357f204c30d7458f94f432fa989be96854a649")
out4, _ := hex.DecodeString("0bfa5da7d9724d4753269940d36898e2c0f3717c0fee86ada58b5fd6c08cc26c")
testCases := []hkdfTestCase{
{master0, "EME filename encryption", out1},
{master0, hkdfInfoEMENames, out1},
{master1, "EME filename encryption", out2},
{master1, hkdfInfoEMENames, out2},
{master1, "AES-GCM file content encryption", out3},
{master1, hkdfInfoGCMContent, out3},
{master1, "AES-SIV file content encryption", out4},
{master1, hkdfInfoSIVContent, out4},
}
for i, v := range testCases {
out := hkdfDerive(v.masterkey, v.info, 32)
if !bytes.Equal(out, v.out) {
want := hex.EncodeToString(v.out)
have := hex.EncodeToString(out)
t.Errorf("testcase %d error:\n"+
"want=%s\n"+
"have=%s", i, want, have)
}
}
}