aboutsummaryrefslogtreecommitdiff
path: root/internal/cryptocore
diff options
context:
space:
mode:
Diffstat (limited to 'internal/cryptocore')
-rw-r--r--internal/cryptocore/hkdf.go15
-rw-r--r--internal/cryptocore/nonce.go2
2 files changed, 8 insertions, 9 deletions
diff --git a/internal/cryptocore/hkdf.go b/internal/cryptocore/hkdf.go
index b56f507..369616a 100644
--- a/internal/cryptocore/hkdf.go
+++ b/internal/cryptocore/hkdf.go
@@ -1,10 +1,9 @@
package cryptocore
import (
+ "crypto/hkdf"
"crypto/sha256"
"log"
-
- "golang.org/x/crypto/hkdf"
)
const (
@@ -19,12 +18,10 @@ const (
// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
// HKDF-SHA256 (RFC 5869).
// It returns the derived bytes or panics.
-func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
- h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
- out = make([]byte, outLen)
- n, err := h.Read(out)
- if n != outLen || err != nil {
- log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)
+func hkdfDerive(masterkey []byte, info string, outLen int) []byte {
+ key, err := hkdf.Key(sha256.New, masterkey, nil, info, outLen)
+ if err != nil {
+ log.Panicf("hkdfDerive: hkdf failed with error: %v", err)
}
- return out
+ return key
}
diff --git a/internal/cryptocore/nonce.go b/internal/cryptocore/nonce.go
index 9df094c..c800807 100644
--- a/internal/cryptocore/nonce.go
+++ b/internal/cryptocore/nonce.go
@@ -11,6 +11,8 @@ func RandBytes(n int) []byte {
b := make([]byte, n)
_, err := rand.Read(b)
if err != nil {
+ // crypto/rand.Read() is documented to never return an
+ // error, so this should never happen. Still, better safe than sorry.
log.Panic("Failed to read random bytes: " + err.Error())
}
return b