full stack: implement HKDF support

...but keep it disabled by default for new filesystems. We are still missing an example filesystem and CLI arguments to explicitely enable and disable it.
author: Jakob Unterwurzacher 2017-03-05 21:59:55 +0100
committer: Jakob Unterwurzacher 2017-03-05 21:59:55 +0100
commit: d0bc7970f721cee607d993406d97d32e2c660abe (patch)
tree: 894b016af6e7785bb707e3d2e0f660608ceeea06 /internal/siv_aead/siv_aead.go
parent: 4fadcbaf68ce25dcdc7665059f43226f5f9a4da5 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/internal/siv_aead/siv_aead.go b/internal/siv_aead/siv_aead.go
index 6cfa937..d5df4ac 100644
--- a/internal/siv_aead/siv_aead.go
+++ b/internal/siv_aead/siv_aead.go
@@ -15,8 +15,22 @@ type sivAead struct {
 
 var _ cipher.AEAD = &sivAead{}
 
+const (
+	KeyLen = 64
+)
+
 // New returns a new cipher.AEAD implementation.
 func New(key []byte) cipher.AEAD {
+	if len(key) != KeyLen {
+		// SIV supports more 32, 48 or 64-byte keys, but in gocryptfs we
+		// exclusively use 64.
+		log.Panicf("Key must be %d byte long (you passed %d)", KeyLen, len(key))
+	}
+	return new2(key)
+}
+
+// Same as "New" without the 64-byte restriction.
+func new2(key []byte) cipher.AEAD {
 	return &sivAead{
 		key: key,
 	}
author	Jakob Unterwurzacher	2017-03-05 21:59:55 +0100
committer	Jakob Unterwurzacher	2017-03-05 21:59:55 +0100
commit	d0bc7970f721cee607d993406d97d32e2c660abe (patch)
tree	894b016af6e7785bb707e3d2e0f660608ceeea06 /internal/siv_aead/siv_aead.go
parent	4fadcbaf68ce25dcdc7665059f43226f5f9a4da5 (diff)