diff options
Diffstat (limited to 'internal/cryptocore/hkdf.go')
-rw-r--r-- | internal/cryptocore/hkdf.go | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/internal/cryptocore/hkdf.go b/internal/cryptocore/hkdf.go index 6944825..87ca1b9 100644 --- a/internal/cryptocore/hkdf.go +++ b/internal/cryptocore/hkdf.go @@ -7,8 +7,16 @@ import ( "golang.org/x/crypto/hkdf" ) +const ( + // "info" data that HKDF mixes into the generated key to make it unique. + // For convenience, we use a readable string. + hkdfInfoEMENames = "EME filename encryption" + hkdfInfoGCMContent = "AES-GCM file content encryption" + hkdfInfoSIVContent = "AES-SIV file content encryption" +) + // hkdfDerive derives "outLen" bytes from "masterkey" and "info" using -// HKDF-SHA256. +// HKDF-SHA256 (RFC 5869). // It returns the derived bytes or panics. func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) { h := hkdf.New(sha256.New, masterkey, nil, []byte(info)) |