aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakob Unterwurzacher2015-10-04 23:55:58 +0200
committerJakob Unterwurzacher2015-10-04 23:58:22 +0200
commit53ecebc71ec132fc8e5fab486c63e13c0925d142 (patch)
treed0fe316e107cbf9393ea8a3affd944f3d8574de3
parente6b7353f4e9516a712d7cd9dab7d73c6c79ae7d0 (diff)
openssl AEAD wrapper: handle authenticated data
-rw-r--r--cryptfs/openssl_aead.go10
1 files changed, 8 insertions, 2 deletions
diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go
index b743a3e..f73924d 100644
--- a/cryptfs/openssl_aead.go
+++ b/cryptfs/openssl_aead.go
@@ -23,8 +23,6 @@ func (be opensslGCM) NonceSize() int {
// additional data and appends the result to dst, returning the updated
// slice. The nonce must be NonceSize() bytes long and unique for all
// time, for a given key.
-//
-// The plaintext and dst may alias exactly or not at all.
func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
cipherBuf := bytes.NewBuffer(dst)
@@ -33,6 +31,10 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
if err != nil {
panic(err)
}
+ err = ectx.ExtraData(data)
+ if err != nil {
+ panic(err)
+ }
part, err := ectx.EncryptUpdate(plaintext)
if err != nil {
panic(err)
@@ -88,6 +90,10 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
return nil, err
}
plainBuf.Write(part)
+ err = dctx.ExtraData(data)
+ if err != nil {
+ return nil, err
+ }
return plainBuf.Bytes(), nil
}