aboutsummaryrefslogtreecommitdiff
path: root/internal/cryptocore
diff options
context:
space:
mode:
Diffstat (limited to 'internal/cryptocore')
-rw-r--r--internal/cryptocore/cryptocore.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 23dc26e..a65ad39 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -5,6 +5,7 @@ package cryptocore
import (
"crypto/aes"
"crypto/cipher"
+ "crypto/sha512"
"fmt"
"github.com/rfjakob/gocryptfs/internal/siv_aead"
@@ -64,7 +65,11 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
case BackendGoGCM:
gcm, err = goGCMWrapper(blockCipher, IVLen)
case BackendAESSIV:
- gcm = siv_aead.New(key)
+ // AES-SIV uses 1/2 of the key for authentication, 1/2 for
+ // encryption, so we need a 64-bytes key for AES-256. Derive it from
+ // the master key by hashing it with SHA-512.
+ key64 := sha512.Sum512(key)
+ gcm = siv_aead.New(key64[:])
default:
panic("unknown backend cipher")
}