cryptocore: improve comments and add tests for hkdfDerive

These should make it easier to re-implement the key derivation that was enabled with the "HKDF" feature flag.
author: Jakob Unterwurzacher 2017-05-27 14:41:20 +0200
committer: Jakob Unterwurzacher 2017-05-27 14:41:20 +0200
commit: d6ef283c3f076ba45dd873d69e1c7d86ed29b14a (patch)
tree: 2a2d607a0f053395a5d8f7fa71b457c2d06a2c90 /internal/cryptocore/hkdf.go
parent: ce4aaf16d8d696aad2a7b2df7e7f28977d51f6c9 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/internal/cryptocore/hkdf.go b/internal/cryptocore/hkdf.go
index 6944825..87ca1b9 100644
--- a/internal/cryptocore/hkdf.go
+++ b/internal/cryptocore/hkdf.go
@@ -7,8 +7,16 @@ import (
 	"golang.org/x/crypto/hkdf"
 )
 
+const (
+	// "info" data that HKDF mixes into the generated key to make it unique.
+	// For convenience, we use a readable string.
+	hkdfInfoEMENames   = "EME filename encryption"
+	hkdfInfoGCMContent = "AES-GCM file content encryption"
+	hkdfInfoSIVContent = "AES-SIV file content encryption"
+)
+
 // hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
-// HKDF-SHA256.
+// HKDF-SHA256 (RFC 5869).
 // It returns the derived bytes or panics.
 func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
 	h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
author	Jakob Unterwurzacher	2017-05-27 14:41:20 +0200
committer	Jakob Unterwurzacher	2017-05-27 14:41:20 +0200
commit	d6ef283c3f076ba45dd873d69e1c7d86ed29b14a (patch)
tree	2a2d607a0f053395a5d8f7fa71b457c2d06a2c90 /internal/cryptocore/hkdf.go
parent	ce4aaf16d8d696aad2a7b2df7e7f28977d51f6c9 (diff)