summaryrefslogtreecommitdiff
path: root/internal
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-10-04 00:12:29 +0200
committerJakob Unterwurzacher2016-10-04 00:16:56 +0200
commitbb52937834e8adb8e746a1951aba633e02dc87f2 (patch)
tree3bf2cc8318ea56467868cadb2f64a8ac5fba2d09 /internal
parent46018785b41cac7cfd79174e7f7ca41443a7231a (diff)
cryptocore: derive 512-bit key for AES-SIV
AES-SIV uses 1/2 of the key for authentication, 1/2 for encryption, so we need a 64-byte key for AES-256. Derive it from the master key by hashing it with SHA-512.
Diffstat (limited to 'internal')
-rw-r--r--internal/cryptocore/cryptocore.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 23dc26e..a65ad39 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -5,6 +5,7 @@ package cryptocore
import (
"crypto/aes"
"crypto/cipher"
+ "crypto/sha512"
"fmt"
"github.com/rfjakob/gocryptfs/internal/siv_aead"
@@ -64,7 +65,11 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
case BackendGoGCM:
gcm, err = goGCMWrapper(blockCipher, IVLen)
case BackendAESSIV:
- gcm = siv_aead.New(key)
+ // AES-SIV uses 1/2 of the key for authentication, 1/2 for
+ // encryption, so we need a 64-bytes key for AES-256. Derive it from
+ // the master key by hashing it with SHA-512.
+ key64 := sha512.Sum512(key)
+ gcm = siv_aead.New(key64[:])
default:
panic("unknown backend cipher")
}