aboutsummaryrefslogtreecommitdiff
path: root/internal/cryptocore/hkdf.go
blob: b56f50729d93ca42ae92c85e71a1afe2b9dbf9cf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
package cryptocore

import (
	"crypto/sha256"
	"log"

	"golang.org/x/crypto/hkdf"
)

const (
	// "info" data that HKDF mixes into the generated key to make it unique.
	// For convenience, we use a readable string.
	hkdfInfoEMENames               = "EME filename encryption"
	hkdfInfoGCMContent             = "AES-GCM file content encryption"
	hkdfInfoSIVContent             = "AES-SIV file content encryption"
	hkdfInfoXChaChaPoly1305Content = "XChaCha20-Poly1305 file content encryption"
)

// hkdfDerive derives "outLen" bytes from "masterkey" and "info" using
// HKDF-SHA256 (RFC 5869).
// It returns the derived bytes or panics.
func hkdfDerive(masterkey []byte, info string, outLen int) (out []byte) {
	h := hkdf.New(sha256.New, masterkey, nil, []byte(info))
	out = make([]byte, outLen)
	n, err := h.Read(out)
	if n != outLen || err != nil {
		log.Panicf("hkdfDerive: hkdf read failed, got %d bytes, error: %v", n, err)
	}
	return out
}