| 588 | } |
| 589 | |
| 590 | func (g *KeyGenerator) FileKey(filename string, folderKey *[keySize]byte) *[keySize]byte { |
| 591 | g.mut.Lock() |
| 592 | defer g.mut.Unlock() |
| 593 | cacheKey := fileKeyCacheKey{filename, *folderKey} |
| 594 | if key, ok := g.fileKeys.Get(cacheKey); ok { |
| 595 | return key |
| 596 | } |
| 597 | kdf := hkdf.New(sha256.New, append(folderKey[:], filename...), hkdfSalt, nil) |
| 598 | var fileKey [keySize]byte |
| 599 | n, err := io.ReadFull(kdf, fileKey[:]) |
| 600 | if err != nil || n != keySize { |
| 601 | panic("hkdf failure") |
| 602 | } |
| 603 | g.fileKeys.Add(cacheKey, &fileKey) |
| 604 | return &fileKey |
| 605 | } |
| 606 | |
| 607 | func PasswordToken(keyGen *KeyGenerator, folderID, password string) []byte { |
| 608 | return encryptDeterministic(knownBytes(folderID), keyGen.KeyFromPassword(folderID, password), nil) |