diff options
| author | Jakob Unterwurzacher | 2017-09-17 11:21:48 +0200 | 
|---|---|---|
| committer | Jakob Unterwurzacher | 2017-09-17 11:21:48 +0200 | 
| commit | 885fdcabdacb2d53829e7f96f4c600df0a3e282d (patch) | |
| tree | b676b0c4b0d10d0e65bef2aae5d8edd0287786d2 /internal | |
| parent | 4bd2c6736afbe20d6aa7d94758082d8c8752af4b (diff) | |
contentenc: deduplicate AD packing into new concatAD() func
The encrypt and decrypt path both had a copy that were equivalent
but ordered differently, which was confusing.
Consolidate it in a new dedicated function.
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/contentenc/content.go | 24 | 
1 files changed, 18 insertions, 6 deletions
| diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go index e841ad0..f48080f 100644 --- a/internal/contentenc/content.go +++ b/internal/contentenc/content.go @@ -121,6 +121,22 @@ func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, file  	return pBuf.Bytes(), err  } +// concatAD concatenates the block number and the file ID to a byte blob +// that can be passed to AES-GCM as associated data (AD). +// Result is: aData = blockNo.bigEndian + fileID. +func concatAD(blockNo uint64, fileID []byte) (aData []byte) { +	if fileID != nil && len(fileID) != headerIDLen { +		// fileID is nil when decrypting the master key from the config file +		log.Panicf("wrong fileID length: %d", len(fileID)) +	} +	const lenUint64 = 8 +	// Preallocate space to save an allocation in append() +	aData = make([]byte, lenUint64, lenUint64+headerIDLen) +	binary.BigEndian.PutUint64(aData, blockNo) +	aData = append(aData, fileID...) +	return aData +} +  // DecryptBlock - Verify and decrypt GCM block  //  // Corner case: A full-sized block of all-zero ciphertext bytes is translated @@ -157,9 +173,7 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b  	// Decrypt  	plaintext := be.pBlockPool.Get()  	plaintext = plaintext[:0] -	aData := make([]byte, 8) -	aData = append(aData, fileID...) -	binary.BigEndian.PutUint64(aData, blockNo) +	aData := concatAD(blockNo, fileID)  	plaintext, err := be.cryptoCore.AEADCipher.Open(plaintext, nonce, ciphertext, aData)  	if err != nil { @@ -257,9 +271,7 @@ func (be *ContentEnc) doEncryptBlock(plaintext []byte, blockNo uint64, fileID []  		log.Panic("wrong nonce length")  	}  	// Block is authenticated with block number and file ID -	aData := make([]byte, 8) -	binary.BigEndian.PutUint64(aData, blockNo) -	aData = append(aData, fileID...) +	aData := concatAD(blockNo, fileID)  	// Get a cipherBS-sized block of memory, copy the nonce into it and truncate to  	// nonce length  	cBlock := be.cBlockPool.Get() | 
