summaryrefslogtreecommitdiff
path: root/internal/cryptocore/cryptocore.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2017-05-27 14:41:20 +0200
committerJakob Unterwurzacher2017-05-27 14:41:20 +0200
commitd6ef283c3f076ba45dd873d69e1c7d86ed29b14a (patch)
tree2a2d607a0f053395a5d8f7fa71b457c2d06a2c90 /internal/cryptocore/cryptocore.go
parentce4aaf16d8d696aad2a7b2df7e7f28977d51f6c9 (diff)
cryptocore: improve comments and add tests for hkdfDerive
These should make it easier to re-implement the key derivation that was enabled with the "HKDF" feature flag.
Diffstat (limited to 'internal/cryptocore/cryptocore.go')
-rw-r--r--internal/cryptocore/cryptocore.go9
1 files changed, 3 insertions, 6 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 2e02c3a..1ad928d 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -63,8 +63,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
{
emeKey := key
if useHKDF {
- info := "EME filename encryption"
- emeKey = hkdfDerive(key, info, KeyLen)
+ emeKey = hkdfDerive(key, hkdfInfoEMENames, KeyLen)
}
emeBlockCipher, err := aes.NewCipher(emeKey)
if err != nil {
@@ -78,8 +77,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
if aeadType == BackendOpenSSL || aeadType == BackendGoGCM {
gcmKey := key
if useHKDF {
- info := "AES-GCM file content encryption"
- gcmKey = hkdfDerive(key, info, KeyLen)
+ gcmKey = hkdfDerive(key, hkdfInfoGCMContent, KeyLen)
}
switch aeadType {
case BackendOpenSSL:
@@ -104,8 +102,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
}
var key64 []byte
if useHKDF {
- info := "AES-SIV file content encryption"
- key64 = hkdfDerive(key, info, siv_aead.KeyLen)
+ key64 = hkdfDerive(key, hkdfInfoSIVContent, siv_aead.KeyLen)
} else {
// AES-SIV uses 1/2 of the key for authentication, 1/2 for
// encryption, so we need a 64-bytes key for AES-256. Derive it from