diff options
author | Jakob Unterwurzacher | 2016-10-04 00:12:29 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-10-04 00:16:56 +0200 |
commit | bb52937834e8adb8e746a1951aba633e02dc87f2 (patch) | |
tree | 3bf2cc8318ea56467868cadb2f64a8ac5fba2d09 | |
parent | 46018785b41cac7cfd79174e7f7ca41443a7231a (diff) |
cryptocore: derive 512-bit key for AES-SIV
AES-SIV uses 1/2 of the key for authentication, 1/2 for
encryption, so we need a 64-byte key for AES-256. Derive
it from the master key by hashing it with SHA-512.
-rw-r--r-- | internal/cryptocore/cryptocore.go | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 23dc26e..a65ad39 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -5,6 +5,7 @@ package cryptocore import ( "crypto/aes" "crypto/cipher" + "crypto/sha512" "fmt" "github.com/rfjakob/gocryptfs/internal/siv_aead" @@ -64,7 +65,11 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore { case BackendGoGCM: gcm, err = goGCMWrapper(blockCipher, IVLen) case BackendAESSIV: - gcm = siv_aead.New(key) + // AES-SIV uses 1/2 of the key for authentication, 1/2 for + // encryption, so we need a 64-bytes key for AES-256. Derive it from + // the master key by hashing it with SHA-512. + key64 := sha512.Sum512(key) + gcm = siv_aead.New(key64[:]) default: panic("unknown backend cipher") } |