stupidgcm: stupidChacha20poly1305: use byte array for key
Follow what golang.org/x/crypto/chacha20poly1305 does for easier integration in the next commit.
This commit is contained in:
Jakob Unterwurzacher
parent
3ba74ac4fc
commit
5df7ee815d
|
|
@ -167,20 +167,25 @@ type Wiper interface {
|
|||
}
|
||||
|
||||
func testWipe(t *testing.T, c cipher.AEAD) {
|
||||
var key []byte
|
||||
switch c2 := c.(type) {
|
||||
case *StupidGCM:
|
||||
c2.Wipe()
|
||||
key = c2.key
|
||||
if c2.key != nil {
|
||||
t.Fatal("key is not nil")
|
||||
}
|
||||
case *stupidChacha20poly1305:
|
||||
c2.Wipe()
|
||||
key = c2.key
|
||||
if !c2.wiped {
|
||||
t.Error("c2.wiped is not set")
|
||||
}
|
||||
for _, v := range c2.key {
|
||||
if v != 0 {
|
||||
t.Fatal("c2.key is not zeroed")
|
||||
}
|
||||
}
|
||||
default:
|
||||
t.Fatalf("BUG: unhandled type %t", c2)
|
||||
}
|
||||
if key != nil {
|
||||
t.Fatal("key is not nil")
|
||||
}
|
||||
}
|
||||
|
||||
// Get "n" random bytes from /dev/urandom or panic
|
||||
|
|
|
|||
|
|
@ -16,19 +16,20 @@ import (
|
|||
)
|
||||
|
||||
type stupidChacha20poly1305 struct {
|
||||
key []byte
|
||||
key [chacha20poly1305.KeySize]byte
|
||||
wiped bool
|
||||
}
|
||||
|
||||
// Verify that we satisfy the cipher.AEAD interface
|
||||
var _ cipher.AEAD = &stupidChacha20poly1305{}
|
||||
|
||||
func newChacha20poly1305(keyIn []byte) cipher.AEAD {
|
||||
if len(keyIn) != chacha20poly1305.KeySize {
|
||||
log.Panicf("Only %d-byte keys are supported, you passed %d bytes", chacha20poly1305.KeySize, len(keyIn))
|
||||
func newChacha20poly1305(key []byte) cipher.AEAD {
|
||||
if len(key) != chacha20poly1305.KeySize {
|
||||
log.Panicf("Only %d-byte keys are supported, you passed %d bytes", chacha20poly1305.KeySize, len(key))
|
||||
}
|
||||
// Create a private copy of the key
|
||||
key := append([]byte{}, keyIn...)
|
||||
return &stupidChacha20poly1305{key: key}
|
||||
ret := new(stupidChacha20poly1305)
|
||||
copy(ret.key[:], key)
|
||||
return ret
|
||||
}
|
||||
|
||||
// NonceSize returns the required size of the nonce / IV.
|
||||
|
|
@ -43,6 +44,9 @@ func (g *stupidChacha20poly1305) Overhead() int {
|
|||
|
||||
// Seal encrypts "in" using "iv" and "authData" and append the result to "dst"
|
||||
func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
|
||||
if g.wiped {
|
||||
panic("BUG: tried to use wiped stupidChacha20poly1305")
|
||||
}
|
||||
if len(iv) != g.NonceSize() {
|
||||
log.Panicf("Only %d-byte IVs are supported, you passed %d bytes", g.NonceSize(), len(iv))
|
||||
}
|
||||
|
|
@ -125,6 +129,9 @@ func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
|
|||
|
||||
// Open decrypts "in" using "iv" and "authData" and append the result to "dst"
|
||||
func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, error) {
|
||||
if g.wiped {
|
||||
panic("BUG: tried to use wiped stupidChacha20poly1305")
|
||||
}
|
||||
if len(iv) != g.NonceSize() {
|
||||
log.Panicf("Only %d-byte IVs are supported", g.NonceSize())
|
||||
}
|
||||
|
|
@ -215,8 +222,8 @@ func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, err
|
|||
// This is not bulletproof due to possible GC copies, but
|
||||
// still raises the bar for extracting the key.
|
||||
func (g *stupidChacha20poly1305) Wipe() {
|
||||
g.wiped = true
|
||||
for i := range g.key {
|
||||
g.key[i] = 0
|
||||
}
|
||||
g.key = nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue