diff options
| author | Jakob Unterwurzacher | 2015-10-04 23:55:58 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2015-10-04 23:58:22 +0200 |
| commit | 53ecebc71ec132fc8e5fab486c63e13c0925d142 (patch) | |
| tree | d0fe316e107cbf9393ea8a3affd944f3d8574de3 | |
| parent | e6b7353f4e9516a712d7cd9dab7d73c6c79ae7d0 (diff) | |
openssl AEAD wrapper: handle authenticated data
| -rw-r--r-- | cryptfs/openssl_aead.go | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go index b743a3e..f73924d 100644 --- a/cryptfs/openssl_aead.go +++ b/cryptfs/openssl_aead.go @@ -23,8 +23,6 @@ func (be opensslGCM) NonceSize() int { // additional data and appends the result to dst, returning the updated // slice. The nonce must be NonceSize() bytes long and unique for all // time, for a given key. -// -// The plaintext and dst may alias exactly or not at all. func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte { cipherBuf := bytes.NewBuffer(dst) @@ -33,6 +31,10 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte { if err != nil { panic(err) } + err = ectx.ExtraData(data) + if err != nil { + panic(err) + } part, err := ectx.EncryptUpdate(plaintext) if err != nil { panic(err) @@ -88,6 +90,10 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { return nil, err } plainBuf.Write(part) + err = dctx.ExtraData(data) + if err != nil { + return nil, err + } return plainBuf.Bytes(), nil } |