diff options
Diffstat (limited to 'internal/stupidgcm/stupidgcm.go')
| -rw-r--r-- | internal/stupidgcm/stupidgcm.go | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/internal/stupidgcm/stupidgcm.go b/internal/stupidgcm/stupidgcm.go index a1a5a14..133ee1a 100644 --- a/internal/stupidgcm/stupidgcm.go +++ b/internal/stupidgcm/stupidgcm.go @@ -26,17 +26,21 @@ const ( // stupidGCM implements the cipher.AEAD interface type stupidGCM struct { - key []byte + key []byte + forceDecode bool } +//authentication error +var AuthError error = fmt.Errorf("stupidgcm: message authentication failed") + var _ cipher.AEAD = &stupidGCM{} // New returns a new cipher.AEAD implementation.. -func New(key []byte) cipher.AEAD { +func New(key []byte, forceDecode bool) cipher.AEAD { if len(key) != keyLen { log.Panicf("Only %d-byte keys are supported", keyLen) } - return stupidGCM{key: key} + return stupidGCM{key: key, forceDecode: forceDecode} } func (g stupidGCM) NonceSize() int { @@ -186,7 +190,13 @@ func (g stupidGCM) Open(dst, iv, in, authData []byte) ([]byte, error) { C.EVP_CIPHER_CTX_free(ctx) if res != 1 { - return nil, fmt.Errorf("stupidgcm: message authentication failed") + // The error code must always be checked by the calling function, because the decrypted buffer + // may contain corrupted data that we are returning in case the user forced reads + if g.forceDecode == true { + return append(dst, buf...), AuthError + } else { + return nil, AuthError + } } return append(dst, buf...), nil |