aboutsummaryrefslogtreecommitdiff
path: root/internal/cryptocore/hkdf.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/cryptocore/hkdf.go')
-rw-r--r--internal/cryptocore/hkdf.go10
1 files changed, 9 insertions, 1 deletions
diff --git a/internal/cryptocore/hkdf.go b/internal/cryptocore/hkdf.go
index 6944825..87ca1b9 100644
--- a/internal/cryptocore/hkdf.go
+++ b/internal/cryptocore/hkdf.go
@@ -7,8 +7,16 @@ import (
"golang.org/x/crypto/hkdf"
)
+const (
+ // "info" data that HKDF mixes into the generated key to make it unique.
+ // For convenience, we use a readable string.
+ hkdfInfoEMENames = "EME filename encryption"
+ hkdfInfoGCMContent = "AES-GCM file content encryption"
+ hkdfInfoSIVContent = "AES-SIV file content encryption"
+)
+
// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
-// HKDF-SHA256.
+// HKDF-SHA256 (RFC 5869).
// It returns the derived bytes or panics.
func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
h := hkdf.New(sha256.New, masterkey, nil, []byte(info))