cryptocore: improve comments and add tests for hkdfDerive
These should make it easier to re-implement the key derivation that was enabled with the "HKDF" feature flag.
This commit is contained in:
parent
ce4aaf16d8
commit
d6ef283c3f
@ -63,8 +63,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
|
|||||||
{
|
{
|
||||||
emeKey := key
|
emeKey := key
|
||||||
if useHKDF {
|
if useHKDF {
|
||||||
info := "EME filename encryption"
|
emeKey = hkdfDerive(key, hkdfInfoEMENames, KeyLen)
|
||||||
emeKey = hkdfDerive(key, info, KeyLen)
|
|
||||||
}
|
}
|
||||||
emeBlockCipher, err := aes.NewCipher(emeKey)
|
emeBlockCipher, err := aes.NewCipher(emeKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -78,8 +77,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
|
|||||||
if aeadType == BackendOpenSSL || aeadType == BackendGoGCM {
|
if aeadType == BackendOpenSSL || aeadType == BackendGoGCM {
|
||||||
gcmKey := key
|
gcmKey := key
|
||||||
if useHKDF {
|
if useHKDF {
|
||||||
info := "AES-GCM file content encryption"
|
gcmKey = hkdfDerive(key, hkdfInfoGCMContent, KeyLen)
|
||||||
gcmKey = hkdfDerive(key, info, KeyLen)
|
|
||||||
}
|
}
|
||||||
switch aeadType {
|
switch aeadType {
|
||||||
case BackendOpenSSL:
|
case BackendOpenSSL:
|
||||||
@ -104,8 +102,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
|
|||||||
}
|
}
|
||||||
var key64 []byte
|
var key64 []byte
|
||||||
if useHKDF {
|
if useHKDF {
|
||||||
info := "AES-SIV file content encryption"
|
key64 = hkdfDerive(key, hkdfInfoSIVContent, siv_aead.KeyLen)
|
||||||
key64 = hkdfDerive(key, info, siv_aead.KeyLen)
|
|
||||||
} else {
|
} else {
|
||||||
// AES-SIV uses 1/2 of the key for authentication, 1/2 for
|
// AES-SIV uses 1/2 of the key for authentication, 1/2 for
|
||||||
// encryption, so we need a 64-bytes key for AES-256. Derive it from
|
// encryption, so we need a 64-bytes key for AES-256. Derive it from
|
||||||
|
@ -7,8 +7,16 @@ import (
|
|||||||
"golang.org/x/crypto/hkdf"
|
"golang.org/x/crypto/hkdf"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
// "info" data that HKDF mixes into the generated key to make it unique.
|
||||||
|
// For convenience, we use a readable string.
|
||||||
|
hkdfInfoEMENames = "EME filename encryption"
|
||||||
|
hkdfInfoGCMContent = "AES-GCM file content encryption"
|
||||||
|
hkdfInfoSIVContent = "AES-SIV file content encryption"
|
||||||
|
)
|
||||||
|
|
||||||
// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
|
// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
|
||||||
// HKDF-SHA256.
|
// HKDF-SHA256 (RFC 5869).
|
||||||
// It returns the derived bytes or panics.
|
// It returns the derived bytes or panics.
|
||||||
func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
|
func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
|
||||||
h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
|
h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
|
||||||
|
46
internal/cryptocore/hkdf_test.go
Normal file
46
internal/cryptocore/hkdf_test.go
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
package cryptocore
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/hex"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
type hkdfTestCase struct {
|
||||||
|
masterkey []byte
|
||||||
|
info string
|
||||||
|
out []byte
|
||||||
|
}
|
||||||
|
|
||||||
|
// TestHkdfDerive verifies that we get the expected values from hkdfDerive. They
|
||||||
|
// must not change because this would change the on-disk format.
|
||||||
|
func TestHkdfDerive(t *testing.T) {
|
||||||
|
master0 := bytes.Repeat([]byte{0x00}, 32)
|
||||||
|
master1 := bytes.Repeat([]byte{0x01}, 32)
|
||||||
|
out1, _ := hex.DecodeString("9ba3cddd48c6339c6e56ebe85f0281d6e9051be4104176e65cb0f8a6f77ae6b4")
|
||||||
|
out2, _ := hex.DecodeString("e8a2499f48700b954f31de732efd04abce822f5c948e7fbc0896607be0d36d12")
|
||||||
|
out3, _ := hex.DecodeString("9137f2e67a842484137f3c458f357f204c30d7458f94f432fa989be96854a649")
|
||||||
|
out4, _ := hex.DecodeString("0bfa5da7d9724d4753269940d36898e2c0f3717c0fee86ada58b5fd6c08cc26c")
|
||||||
|
|
||||||
|
testCases := []hkdfTestCase{
|
||||||
|
{master0, "EME filename encryption", out1},
|
||||||
|
{master0, hkdfInfoEMENames, out1},
|
||||||
|
{master1, "EME filename encryption", out2},
|
||||||
|
{master1, hkdfInfoEMENames, out2},
|
||||||
|
{master1, "AES-GCM file content encryption", out3},
|
||||||
|
{master1, hkdfInfoGCMContent, out3},
|
||||||
|
{master1, "AES-SIV file content encryption", out4},
|
||||||
|
{master1, hkdfInfoSIVContent, out4},
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, v := range testCases {
|
||||||
|
out := hkdfDerive(v.masterkey, v.info, 32)
|
||||||
|
if !bytes.Equal(out, v.out) {
|
||||||
|
want := hex.EncodeToString(v.out)
|
||||||
|
have := hex.EncodeToString(out)
|
||||||
|
t.Errorf("testcase %d error:\n"+
|
||||||
|
"want=%s\n"+
|
||||||
|
"have=%s", i, want, have)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user