hardcoresushi/libgocryptfs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

stupidgcm: switch to pointer receivers

Browse Source 
What the key slice does not get copied around
will make it possible to check if the key has been wiped.
This commit is contained in:
Jakob Unterwurzacher 2018-02-17 15:02:01 +01:00
parent a3694e0c07
commit 7e0fefe970
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
internal/stupidgcm/stupidgcm.go
View File

@ -29,6 +29,7 @@ type stupidGCM struct {
forceDecode bool forceDecode bool
} }
// Verify that we satisfy the cipher.AEAD interface
var _ cipher.AEAD = &stupidGCM{} var _ cipher.AEAD = &stupidGCM{}
// New returns a new cipher.AEAD implementation.. // New returns a new cipher.AEAD implementation..
@ -36,19 +37,19 @@ func New(key []byte, forceDecode bool) cipher.AEAD {
if len(key) != keyLen { if len(key) != keyLen {
log.Panicf("Only %d-byte keys are supported", keyLen) log.Panicf("Only %d-byte keys are supported", keyLen)
} }
return stupidGCM{key: key, forceDecode: forceDecode} return &stupidGCM{key: key, forceDecode: forceDecode}
} }
func (g stupidGCM) NonceSize() int { func (g *stupidGCM) NonceSize() int {
return ivLen return ivLen
} }
func (g stupidGCM) Overhead() int { func (g *stupidGCM) Overhead() int {
return tagLen return tagLen
} }
// Seal encrypts "in" using "iv" and "authData" and append the result to "dst" // Seal encrypts "in" using "iv" and "authData" and append the result to "dst"
func (g stupidGCM) Seal(dst, iv, in, authData []byte) []byte { func (g *stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
if len(iv) != ivLen { if len(iv) != ivLen {
log.Panicf("Only %d-byte IVs are supported", ivLen) log.Panicf("Only %d-byte IVs are supported", ivLen)
} }
@ -132,7 +133,7 @@ func (g stupidGCM) Seal(dst, iv, in, authData []byte) []byte {
} }
// Open decrypts "in" using "iv" and "authData" and append the result to "dst" // Open decrypts "in" using "iv" and "authData" and append the result to "dst"
func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { func (g *stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) {
if len(iv) != ivLen { if len(iv) != ivLen {
log.Panicf("Only %d-byte IVs are supported", ivLen) log.Panicf("Only %d-byte IVs are supported", ivLen)
} }

12
internal/stupidgcm/without_openssl.go
View File

@ -21,28 +21,28 @@ func errExit() {
os.Exit(exitcodes.OpenSSL) os.Exit(exitcodes.OpenSSL)
} }
func New(_ []byte, _ bool) stupidGCM { func New(_ []byte, _ bool) *stupidGCM {
errExit() errExit()
// Never reached // Never reached
return stupidGCM{} return &stupidGCM{}
} }
func (g stupidGCM) NonceSize() int { func (g *stupidGCM) NonceSize() int {
errExit() errExit()
return -1 return -1
} }
func (g stupidGCM) Overhead() int { func (g *stupidGCM) Overhead() int {
errExit() errExit()
return -1 return -1
} }
func (g stupidGCM) Seal(_, _, _, _ []byte) []byte { func (g *stupidGCM) Seal(_, _, _, _ []byte) []byte {
errExit() errExit()
return nil return nil
} }
func (g stupidGCM) Open(_, _, _, _ []byte) ([]byte, error) { func (g *stupidGCM) Open(_, _, _, _ []byte) ([]byte, error) {
errExit() errExit()
return nil, nil return nil, nil
} }