Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-21 05:24:43 -04:00
Code Issues Projects Releases Packages Wiki Activity

Generate random salt for key derivation on init (#309)

Browse source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2022-07-29 09:52:47 +02:00 committed by GitHub
parent e0ce2e8a51
commit 9a3bd38912
25 changed files with 342 additions and 317 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/attestation/attestation.go
View file

@ -13,12 +13,11 @@ const (
)
// DeriveClusterID derives the cluster ID from a salt and secret value.
func DeriveClusterID(salt, secret []byte) ([]byte, error) {
func DeriveClusterID(secret, salt []byte) ([]byte, error) {
return crypto.DeriveKey(secret, salt, []byte(crypto.HKDFInfoPrefix+clusterIDContext), crypto.DerivedKeyLengthDefault)
}
// DeriveMeasurementSecret derives the secret value needed to derive ClusterID.
func DeriveMeasurementSecret(masterSecret []byte) ([]byte, error) {
// TODO: replace hard coded salt
return crypto.DeriveKey(masterSecret, []byte("Constellation"), []byte(crypto.HKDFInfoPrefix+MeasurementSecretContext), crypto.DerivedKeyLengthDefault)
func DeriveMeasurementSecret(masterSecret, salt []byte) ([]byte, error) {
return crypto.DeriveKey(masterSecret, salt, []byte(crypto.HKDFInfoPrefix+MeasurementSecretContext), crypto.DerivedKeyLengthDefault)
}