summaryrefslogtreecommitdiff
path: root/internal/stupidgcm/stupidchacha.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/stupidgcm/stupidchacha.go')
-rw-r--r--internal/stupidgcm/stupidchacha.go23
1 files changed, 15 insertions, 8 deletions
diff --git a/internal/stupidgcm/stupidchacha.go b/internal/stupidgcm/stupidchacha.go
index 2b31e0f..be8accb 100644
--- a/internal/stupidgcm/stupidchacha.go
+++ b/internal/stupidgcm/stupidchacha.go
@@ -16,19 +16,20 @@ import (
)
type stupidChacha20poly1305 struct {
- key []byte
+ key [chacha20poly1305.KeySize]byte
+ wiped bool
}
// Verify that we satisfy the cipher.AEAD interface
var _ cipher.AEAD = &stupidChacha20poly1305{}
-func newChacha20poly1305(keyIn []byte) cipher.AEAD {
- if len(keyIn) != chacha20poly1305.KeySize {
- log.Panicf("Only %d-byte keys are supported, you passed %d bytes", chacha20poly1305.KeySize, len(keyIn))
+func newChacha20poly1305(key []byte) cipher.AEAD {
+ if len(key) != chacha20poly1305.KeySize {
+ log.Panicf("Only %d-byte keys are supported, you passed %d bytes", chacha20poly1305.KeySize, len(key))
}
- // Create a private copy of the key
- key := append([]byte{}, keyIn...)
- return &stupidChacha20poly1305{key: key}
+ ret := new(stupidChacha20poly1305)
+ copy(ret.key[:], key)
+ return ret
}
// NonceSize returns the required size of the nonce / IV.
@@ -43,6 +44,9 @@ func (g *stupidChacha20poly1305) Overhead() int {
// Seal encrypts "in" using "iv" and "authData" and append the result to "dst"
func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
+ if g.wiped {
+ panic("BUG: tried to use wiped stupidChacha20poly1305")
+ }
if len(iv) != g.NonceSize() {
log.Panicf("Only %d-byte IVs are supported, you passed %d bytes", g.NonceSize(), len(iv))
}
@@ -125,6 +129,9 @@ func (g *stupidChacha20poly1305) Seal(dst, iv, in, authData []byte) []byte {
// Open decrypts "in" using "iv" and "authData" and append the result to "dst"
func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, error) {
+ if g.wiped {
+ panic("BUG: tried to use wiped stupidChacha20poly1305")
+ }
if len(iv) != g.NonceSize() {
log.Panicf("Only %d-byte IVs are supported", g.NonceSize())
}
@@ -215,8 +222,8 @@ func (g *stupidChacha20poly1305) Open(dst, iv, in, authData []byte) ([]byte, err
// This is not bulletproof due to possible GC copies, but
// still raises the bar for extracting the key.
func (g *stupidChacha20poly1305) Wipe() {
+ g.wiped = true
for i := range g.key {
g.key[i] = 0
}
- g.key = nil
}