full stack: implement HKDF support

...but keep it disabled by default for new filesystems. We are still missing an example filesystem and CLI arguments to explicitely enable and disable it.
author: Jakob Unterwurzacher 2017-03-05 21:59:55 +0100
committer: Jakob Unterwurzacher 2017-03-05 21:59:55 +0100
commit: d0bc7970f721cee607d993406d97d32e2c660abe (patch)
tree: 894b016af6e7785bb707e3d2e0f660608ceeea06 /internal/cryptocore/hkdf.go
parent: 4fadcbaf68ce25dcdc7665059f43226f5f9a4da5 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/internal/cryptocore/hkdf.go b/internal/cryptocore/hkdf.go
new file mode 100644
index 0000000..6944825
--- /dev/null
+++ b/internal/cryptocore/hkdf.go
@@ -0,0 +1,21 @@
+package cryptocore
+
+import (
+	"crypto/sha256"
+	"log"
+
+	"golang.org/x/crypto/hkdf"
+)
+
+// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
+// HKDF-SHA256.
+// It returns the derived bytes or panics.
+func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
+	h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
+	out = make([]byte, outLen)
+	n, err := h.Read(out)
+	if n != outLen || err != nil {
+		log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)
+	}
+	return out
+}
author	Jakob Unterwurzacher	2017-03-05 21:59:55 +0100
committer	Jakob Unterwurzacher	2017-03-05 21:59:55 +0100
commit	d0bc7970f721cee607d993406d97d32e2c660abe (patch)
tree	894b016af6e7785bb707e3d2e0f660608ceeea06 /internal/cryptocore/hkdf.go
parent	4fadcbaf68ce25dcdc7665059f43226f5f9a4da5 (diff)