diff options
| author | Jakob Unterwurzacher | 2018-02-18 12:33:48 +0100 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2018-02-18 12:35:51 +0100 |
| commit | 72ddbae1e60470943aaae0bfce74ebdc88c07cd2 (patch) | |
| tree | 7a420ca2e534e18e8d869ef6e5c3ac6a6aab2906 /internal/cryptocore/cryptocore.go | |
| parent | 18f6c6106c66ba1fe6e7b48aaa5dd444ba0f9b09 (diff) | |
stupidgcm: create private copy of the key
Relieves the caller from worrying about whether they
can overwrite the key.
Diffstat (limited to 'internal/cryptocore/cryptocore.go')
| -rw-r--r-- | internal/cryptocore/cryptocore.go | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index a355342..43cfdbc 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -86,13 +86,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec if IVLen != 16 { log.Panic("stupidgcm only supports 128-bit IVs") } - // stupidgcm does not create a private copy of the key, so things - // break when initFuseFrontend() overwrites it with zeros. Create - // a copy here. This is unnecessary when useHKDF == true, but - // does no harm. - var stupidgcmKey []byte - stupidgcmKey = append(stupidgcmKey, gcmKey...) - aeadCipher = stupidgcm.New(stupidgcmKey, forceDecode) + aeadCipher = stupidgcm.New(gcmKey, forceDecode) case BackendGoGCM: goGcmBlockCipher, err := aes.NewCipher(gcmKey) if err != nil { |